Governance & Leadership · GL-Q07

Question: Does leadership communicate a “tone at the top” emphasizing ethics, compliance, and trust in digital operations?

Objective — Why This Matters

People mirror leaders. Regular, plain-language messages normalize secure behavior and speed culture change.

Maturity Levels (0–5)

0 — Unaware
No visible leadership messages.
1 — Ad Hoc
Occasional mails without follow-through.
2 — Defined
Quarterly notes in plan; simple themes.
3 — Managed
Town-halls; stories from incidents; Q&A.
4 — Integrated
Leaders review KPIs publicly; celebrate improvements.
5 — Optimized
Two-way feedback loop; survey-driven themes.

How to Level Up

From → To Actions
0 → 1 CEO sends a short note endorsing policy and reporting channels.
1 → 2 Publish quarterly calendar of leadership comms.
2 → 3 Add live town-hall slot with simple demos (MFA, phishing report).
3 → 4 Share metrics; recognize champions/teams.
4 → 5 Run pulse surveys; adjust messages to address gaps.

People / Process / Technology Enablers

Evidence Required

Metrics / KPIs

Low-Cost / Open-Source Options (MSME)

Purpose Tool Notes
Newsletters Buttondown / MailerLite Track opens/clicks.
Surveys Google Forms 5-question pulse.
Town-halls Meet/Zoom Recordings archived.

Common Pitfalls

Compliance Mapping

Standard Clauses / Notes
ISO/IEC 27001:2022 5.1 leadership
NIRMATA Scoring GL-Q07 needs evidence of regular, two-way comms.