A cybersecurity steering committee must be established by the Authorizing Official to ensure the support and implementation of the cybersecurity programs and initiatives within the organization. Committee members, roles and responsibilities, and governance framework must be defined, documented and approved. The committee must include the head of the cybersecurity function as one of its members. It is highly recommended that the committee reports directly to the head of the organization or his/her delegate while ensuring that this does not result in a conflict of interest.

• Establish the cybersecurity supervisory committee as a committee specialized in directing and leading cybersecurity affairs, processes, programs, and initiatives in the organization. The committee must be directly reporting to the organization's head or his/her deputy, taking into account non-conflict of interests
• Identify the members of the supervisory committee, where the cybersecurity supervisory committee includes members who influence or are influenced by the cybersecurity of the organization. Such members include but are not limited to, the head of the organization or his/her deputy, the head of the cybersecurity function, the head of the IT department, the head of the Compliance Department, the Head of the Human Resources Department. In addition, define the duties and responsibilities of the supervisory committee and its business governance framework, and formally document them in the Committee's Charter. The Committee's charter must be approved by the organization's representative (head of organization or his/her deputy)
• Include the head of cybersecurity function as a permanent member of the committee
• Conduct periodic meetings (based on the intervals specified in the committee's charter document). The periodic meetings cover ensuring follow-up on the implementation of cybersecurity programs and regulations in the organization, managing cybersecurity risks, and submitting meeting minutes to the organization head
• Review the implementation of all cybersecurity policies and procedures
• Update cybersecurity strategy initiatives and objectives
• Ensure that the cybersecurity strategy is aligned with the organization's strategy on a regular basis

• Cybersecurity supervisory committee governance document template

• Supervisory committee charter in the organization. The charter clarifies the date of establishment of the committee and its reference and its approval by the organization's representative
• A documented and approved list showing the names of the organization's cybersecurity supervisory committee members
• Cybersecurity supervisory committee's agenda in the organization
• Minutes of meetings held for the cybersecurity supervisory committee at the organization