The three-layer governance model
Layer 1 — Global policy: signed by the CEO or board, states the organisation's non-negotiable position (e.g. 'we comply with all applicable environmental regulations in every jurisdiction we operate in'). Short, unambiguous, revised rarely.
Layer 2 — Regional or functional standards: translate policy into measurable requirements at a level of specificity that still applies across sites (e.g. 'incident reporting within 24 hours to the regional compliance officer'). Owned by function heads.
Layer 3 — Site procedures: execute the standards using local systems, roles and regulatory citations. Owned by the site quality or compliance lead.
