Information Security Committee Charter Procedure (SEC-PROC-001)
1. Purpose
To define the operating rules, membership, authority, and responsibilities of the Information Security Committee.
2. Scope
This procedure applies to the Information Security Committee and all personnel involved in the governance of the Information Security Management System (ISMS).
3. Overview
This procedure outlines the process for scheduling and conducting Information Security Committee meetings, setting agendas, documenting minutes, and managing policy changes to ensure effective oversight of the company’s security posture.
4. Procedure
| Step | Who | What |
|---|---|---|
| 1 | Committee Chair | Schedules quarterly meetings and distributes the agenda to all committee members at least one week prior. |
| 2 | Committee Members | Attend scheduled meetings, participate in discussions, and vote on proposed policy changes. |
| 3 | Committee Secretary | Records detailed meeting minutes, including key decisions, action items, and voting results. |
| 4 | Committee Secretary | Distributes the signed and dated meeting minutes to all members within five business days of the meeting. |
| 5 | Policy/Procedure Owner | Submits proposed changes to policies or procedures to the Committee Chair for agenda inclusion. |
5. Standards Compliance
| Procedure Step(s) | Standard/Framework | Control Reference |
|---|---|---|
| 1-5 | SOC 2 | CC2.1 |
| 1-5 | HIPAA/HITECH | 45 CFR § 164.308(a)(2) |
6. Artifact(s)
Signed and dated meeting minutes are stored in the company’s document management system.
7. Definitions
ISMS: Information Security Management System.
8. Responsibilities
| Role | Responsibility |
|---|---|
| Committee Chair | Presides over meetings, sets the agenda, and ensures procedures are followed. |
| Committee Members | Attend meetings, provide input, and vote on security-related matters. |
| Committee Secretary | Documents and distributes meeting minutes and maintains committee records. |