Security and Compliance Committee Charter

Introduction

Executive management has created the Security and Compliance Committee (SCC) to advise on security and compliance related issues involved with audits.

Scope

The committee will advise on subjects related to information technology, security, and issues around compliance for Catalyst. Additionally, the committee will play a role in identifying and evaluating presented information technology risks, and the SCC will make recommendations to Business Owners and to the Business Operations and Strategy Committee about those risks (BOS). The SCC only advises on all subjects, and does not assume any responsibility in place of Business Owners.

Purpose

The purpose of the SCC is to help the business conform to already existing expectations. The committee will develop policies and other initiatives as they relate to designated audits. The committee is a representation of Catalyst’s commitment to passing audits.

Duties

Membership

The SCC shall have an executive sponsor, and be comprised of members of Catalyst’s information technology team and an HR representative.

Committee membership is dependent upon an individual’s role in the delivery of IT services and security. Potential new members must be an employee nominated by a member of the SCC or the BOS. The nominee must then be approved by the existing committee via a majority vote.

Members may be removed from the committee if their role in the organization changes, if the focus of the committee changes, or if they exit the organization. Additionally, members may be removed by a unanimous SCC vote or a majority vote of the BOS committee. Membership will be evaluated annually.

The Committee should have technical advisors attend meetings to weigh in on compliance topics related to certain roles.

Meetings

The SCC will meet regularly to discuss compliance initiatives as they relate to audits. Special meetings will be held annually for risk evaluation and to review policies and controls.

Voting

Items for official votes will be recorded. If a subordinate/supervisor relationship exists between committee members, subordinates must vote prior to or independently of supervisors. Non-Vice President level committee members will have 1 vote each while Vice Presidents will retain 2 votes.

SCC members must be present at the meeting or vote via email - absences as well as email non-responses will be noted. Members may choose to abstain from voting should they not feel they are adding value. Votes may not be delegated or made by any proxy. Votes can be submitted confidentially if desired. To pass or be rejected, votes must have a quorum of eligible votes, or the vote must be postponed. If a quorum cannot be reached, the committee will abstain from involvement in the proposed issue.

Policies

The SCC will play a key role in policy development and review as they relate to audit. The SCC will be responsible for ensuring all SCC owned policies are reviewed, at minimum, on an annual basis. Policies changes will be purposed in writing and ratified with a majority vote. Policies will then go to the BOS for ratification and implementation via written notice to personnel.

SCC decisions may be subject to the BOS committee’s approval.

Official Decisions

Items for official decisions must be submitted in writing to the specifications of the SCC. Decisions will be made democratically. Appeals can be made to the SCC for a revote or taken to the BOS Committee for override.

Decisions made by the SCC will be made clear to affected personnel through the company’s policies. Should direct communications be necessary, they will be released as official SCC emails from a member of the SCC.

Confidentiality

The SCC content may be considered confidential. Items should be noted in meeting agendas or on emails as "confidential" to ensure committee members are informed.

Colophon

$Owner: Security and Compliance Committee$

$Date: 2019-01-15 14:55:30 -0700 (Tue, 15 Jan 2019) $

$Revision: 473376 $

results matching ""

    No results matching ""