KR2.1: Launch Cybersecurity Governance Council with charter and first meeting completed by Day 45
KR2.2: Define and socialize 6–8 SPI-aligned OKRs with functional security and risk leaders
KR2.3: Publish and review SPI 360 dashboard V1 with leadership by Day 60