Steering Committee
Control & DirectionThe Information Security Steering Committee is a governance body responsible for providing strategic direction, oversight, and decision-making authority for information security initiatives across your organization. It ensures that security investments align with business objectives, receive proper executive sponsorship, and have the resources needed for success.
Steering Committees integrate with Security Charter (approval authority), Strategy (strategic oversight), and Workflows (approval processes). Configure committee classifications under Settings.
Managing committees
Navigate to Control Model → Steering Committee to view all committees. The list view shows each committee’s name, status (active or inactive), scope, domain, region, member count, and next meeting date.
Creating a committee
Click New Committee to open the creation form. Provide a name, optional description, and classify the committee using the three classification dimensions:
Scope — Defines the committee’s operational scope: General, Regional, Domain Specific, Business Unit, or Temporary.
Domain — Indicates the cybersecurity domain the committee focuses on (e.g., Cloud Security, Data Protection, Identity & Access, Incident Response). Choose from 21 predefined domains or create custom ones in Settings.
Region — Specifies the geographic region: North America, EMEA, Asia Pacific, Latin America, or Global. Custom regions can be added in Settings.
One committee can be designated as the primary committee for your organization. The primary committee serves as the default governance body for charter and strategy approvals.
Committee status
Committees can be set to Active or Inactive. Inactive committees are retained for historical records but do not appear in approval workflows or governance selections.
Members
Each committee has members with defined roles and terms. Navigate to a committee’s detail view and open the Members tab to manage membership.
Member roles
| Role | Responsibilities |
|---|---|
| Chair | Leads meetings, sets agendas, approves decisions, serves as primary governance authority |
| Secretary | Records meeting minutes, manages documentation, distributes agendas and notes |
| Member | Participates in discussions, votes on decisions, provides domain expertise |
Adding members
Click Add Member to assign a user from your organization. Select their role (Chair, Member, or Secretary), set a start date, and optionally set an end date for term-limited assignments. Each user can only hold one role per committee — the combination of committee and user must be unique.
Tracking membership
The members list shows each person’s name, role, start date, end date, and active status. When a member’s end date passes, they remain in the historical record but are no longer counted as active participants.
Meeting notes
Track governance meetings with the Meeting Notes tab on each committee’s detail page. Meeting notes provide a searchable history of committee activities, decisions, and action items.
Creating meeting notes
Click Add Meeting Note and fill in the title, meeting date, and content. The content field supports rich text (Markdown) for structured minutes. The author is automatically recorded, and you can list attendee IDs to track participation.
Meeting notes can also store structured metadata (JSON) for additional context like action items, decisions made, or agenda topics discussed.
Meeting schedule
Each committee tracks a Last Meeting Date and Next Meeting Date on the overview tab. These dates help you maintain your governance cadence and are visible in the committee list view for quick reference.
Governance approvals
Steering Committees serve as the approval authority for two key governance artifacts:
Charter approvals
When a Security Charter is submitted for approval, it routes to the linked Steering Committee. Committee members review the charter, provide feedback, and record a formal decision — Approved, Rejected, or Pending. Each approval records the approver, decision date, comments, and linked workflow instance.
Strategy approvals
Strategic plans also require committee approval before activation. The approval process mirrors charter approvals: committee members assess alignment with organizational goals, review resource requirements, and record their decision with supporting comments.
All approval decisions are permanently recorded for audit trail purposes.
Use cases
Establishing governance — Create your primary Information Security Steering Committee with key stakeholders (CISO, executives, department heads). Assign member roles, establish a regular meeting cadence, and link the committee to Security Charters and Strategies for governance oversight.
Regional or domain committees — Create specialized committees for specific regions, business units, or security domains (e.g., a Cloud Security committee or an APAC regional committee). Each committee maintains its own membership, meeting schedule, and governance scope while aligning with the primary committee.
Charter approval workflow — Route new Security Charters through the Steering Committee approval workflow. Committee members review proposals, provide feedback, and vote on approval. The decision is recorded and linked to the charter for audit purposes.
Meeting documentation — Record meeting notes, decisions, and action items after each committee meeting. Link notes to charters, strategies, or risk discussions for full traceability.
Permissions
Managing Steering Committees requires the steering-committee:manage permission. Members with this permission can create committees, manage membership, record meeting notes, and process approvals. Users without this permission can view committee information but cannot make changes.