Data Governance Policy Writer

---

1. Overview Internet Society is seeking a Data Governance Policy Writer to develop key data governance policies and associated Standard Operating Procedures (SOPs) in alignment with ISO 27001 standards. These policies will establish clear guidelines for data ownership, classification, and access control, ensuring compliance with best practices for information security and governance. 2. Scope of Work The consultant will be responsible for drafting and finalizing the following policies and their corresponding SOPs: a. Ownership and Stewardship Policy i. Defines the roles and responsibilities for data owners and stewards. ii. Establishes accountability for data quality, and lifecycle management. iii. SOP: Step-by-step guidelines for staff on how to assign, track, and fulfill data ownership responsibilities. b. Classification Policy i. Establishes a structured framework for categorizing data based on sensitivity, criticality, and regulatory requirements. ii. Defines labeling, handling, and retention requirements. iii. SOP: Instructions for staff on how to classify, store, and manage data according to policy guidelines. c. Access and Usage Policy i. Sets criteria for granting, reviewing, and revoking data access. ii. Defines user roles, responsibilities, and permitted usage in compliance with ISO 27001. iii. SOP: Clear procedures for staff on how to request, review, and manage access permissions in alignment with security protocols. For each policy, the consultant will: Research and incorporate ISO 27001 best practices. Draft policies and ensure alignment with existing governance frameworks. Develop corresponding SOPs that provide clear, actionable steps for staff to function within the policy. Revise and finalize documents based on stakeholder feedback. 3. Deliverables Draft versions of each policy and SOP for review. Finalize policies and SOPs incorporating stakeholder input. Implementation guidelines to assist in operationalizing the policies 4. Timeline Project Start Date: TBD First Draft Submission: 3 Weeks Final Deliverables: 2 weeks after draft 5. Required Skills and Experience Proven experience in data governance, policy writing, and compliance. Strong understanding of ISO 27001 and information security principles. Ability to create clear, actionable, and organization-specific policies. 6. Reporting and Communication The consultant will provide at least weekly status updates and coordinate with Morgan Steinlin for feedback and revisions.

Keyword: Project Consultant

English Writing Policy Writing ISO 27001 Compliance