1 · Purpose
This policy establishes the requirements for corporate governance policy within the CAO-100 Governance. It gives effect, in a single harmonised instrument, to the control objectives upon which recognised standards converge for this area.
2 · Scope
This policy applies to all information, systems, services, personnel and third parties within the scope of the management system.
3 · Policy statements
3.x · CAO-140 Policy Controls
The organisation shall establish, implement and maintain a coherent and effective approach to corporate governance, giving effect to the organisational control objectives set out below.
3.1 · CAO-141 Board Leadership and Accountability
The organisation shall establish, implement and maintain effective Board Leadership and Accountability, giving effect to the organisational controls set out below.
3.1.x · CAO-141 Organisational Controls
Essential taster — a preview of the Professional depth for this high-density control area.
3.2 · CAO-142 Governance Roles and Responsibilities
The organisation shall establish, implement and maintain effective Governance Roles and Responsibilities, giving effect to the organisational controls set out below.
3.2.x · CAO-142 Organisational Controls
Essential taster — a preview of the Professional depth for this high-density control area.
3.3 · CAO-143 Board Committees
The organisation shall establish, implement and maintain effective Board Committees, giving effect to the organisational controls set out below.
3.3.x · CAO-143 Organisational Controls
3.4 · CAO-144 Stakeholder and Shareholder Engagement
The organisation shall establish, implement and maintain effective Stakeholder and Shareholder Engagement, giving effect to the organisational controls set out below.
3.4.x · CAO-144 Organisational Controls
3.5 · CAO-145 Transparency and Disclosure
The organisation shall establish, implement and maintain effective Transparency and Disclosure, giving effect to the organisational controls set out below.
3.5.x · CAO-145 Organisational Controls
Essential taster — a preview of the Professional depth for this high-density control area.
4 · Roles & responsibilities
- Governing body — approves this policy and oversees its effectiveness.
- Executive management — allocates resources and assigns control ownership.
- Control owners — implement, operate and evidence the controls in their area.
- All personnel & third parties — comply with this policy within their role.
5 · Compliance, monitoring & review
Compliance with this policy is mandatory. This policy is reviewed at least annually, or upon significant change to the threat, regulatory or technological environment. Exceptions require documented risk acceptance by the accountable owner.
