Control Model

Define and manage your security control model — steering committees, security charter, charter workflows, and governance settings. The Control Model establishes the foundation for how your organization structures and governs its security program, providing executive authorization, strategic alignment, and a clear governance hierarchy.

What’s included

Steering Committee — Create and manage governance bodies responsible for strategic direction and oversight. Define committee membership with roles (Chair, Secretary, Member), track meeting notes, and manage charter and strategy approvals.

Security Charter — Author the foundational governance document that establishes your security program’s purpose, authority, and scope. Manage the full charter lifecycle from Draft through Active to Archived, with version control, enriched content, and strategy alignment.

Charter Workflows — Configure the automated approval process for charters. Define review stages (Legal, CISO, Steering Committee), assign approvers, and track approval progress with a complete audit trail.

Settings — Configure charter approval workflow defaults and manage committee classification systems — scopes (General, Regional, Domain Specific, Business Unit, Temporary), domains (21 predefined cybersecurity domains), and regions (geographic classifications).

Getting started

The typical setup flow is to first configure your committee classifications under Settings (scope, domain, and region types), then create your primary Steering Committee with key stakeholders, and finally author your first Security Charter and submit it through the approval workflow.

Once the charter is active, link strategies from Security Direction to establish a complete governance hierarchy: Charter → Strategy → Objectives → Execution.