Information Governance Policy

CIAO ESSENTIAL — POLICY
C-AO/POL/CAO-110:2026 PUBLIC
Information Governance Policy
CAO-900 Sustainability sub-policy (CAO-110) – auto-drafted, pending panel review
Date Issued  10 July 2026
Review Date  10 July 2027
Cite as: CIAO Standard. (2026). Information Governance Policy. v1.1.3.7. C-AO/POL/CAO-110:2026. www.c-ao.com

1 · Purpose

This policy establishes the requirements for information governance policy within the CAO-100 Governance. It gives effect, in a single harmonised instrument, to the control objectives upon which recognised standards converge for this area.

2 · Scope

This policy applies to all information, systems, services, personnel and third parties within the scope of the management system.

3 · Policy statements

3.x · CAO-110 Policy Controls

outlinesatisfies·solidpartial·greyinforms

The organisation shall establish, implement and maintain a coherent and effective approach to information governance, giving effect to the organisational control objectives set out below.

DAMA DMBOKISO 24143King V

3.1 · CAO-111 Information Governance Framework and Strategy

The organisation shall establish, implement and maintain effective Information Governance Framework and Strategy, giving effect to the organisational controls set out below.

DAMA DMBOKISO 24143King V

3.1.x · CAO-111 Organisational Controls

Professional tier required. The organisational control objectives that decompose this area, and the technical controls beneath them, are revealed at Professional tier and above. Log in or view options ↗

3.2 · CAO-112 Information Lifecycle, Access and Culture

The organisation shall establish, implement and maintain effective Information Lifecycle, Access and Culture, giving effect to the organisational controls set out below.

ISO 24143

3.2.x · CAO-112 Organisational Controls

Professional tier required. The organisational control objectives that decompose this area, and the technical controls beneath them, are revealed at Professional tier and above. Log in or view options ↗

4 · Roles & responsibilities

5 · Compliance, monitoring & review

Compliance with this policy is mandatory. This policy is reviewed at least annually, or upon significant change to the threat, regulatory or technological environment. Exceptions require documented risk acceptance by the accountable owner.

● LIVE CONTENT  ·  Verified 11 July 2026 at 17:37 UTC  ·  Version 1.1.3.7  ·  Always current at c-ao.com  ·  © CIAO Standard Secretariat 2026

Cite this page (APA)