Policy Management

Create, manage, and track security and compliance policies.

Overview

Policy Management helps you:

• Create and maintain security policies
• Track policy versions and approvals
• Distribute policies to employees
• Monitor policy acknowledgments
• Map policies to compliance controls

Navigate to Policies in the sidebar.

Policy Structure

Policy Components

Each policy includes:

Field	Description
Title	Policy name
Version	Current version number
Status	Draft, Published, Archived
Owner	Policy owner
Approver	Required approver
Effective Date	When policy takes effect
Review Date	Next scheduled review
Content	Full policy text

Policy Categories

Organize policies by category:

• Information Security: Data protection, access control
• Acceptable Use: System and network usage
• Privacy: Data privacy, GDPR compliance
• Incident Response: Security incident handling
• Business Continuity: DR, backup procedures
• HR Security: Employee security requirements
• Physical Security: Facility access, equipment
• Vendor Management: Third-party requirements

Creating Policies

From Template

Use built-in policy templates:

1. Go to Policies → Create
2. Click Use Template
3. Select template:
   • Information Security Policy
   • Acceptable Use Policy
   • Data Classification Policy
   • Password Policy
   • Remote Work Policy
   • Incident Response Plan
   • And more...
4. Customize for your organization
5. Click Create Draft

From Scratch

Create a custom policy:

1. Click Create → Blank Policy
2. Enter policy details:
   • Title
   • Category
   • Owner
   • Approver
3. Write policy content
4. Click Create Draft

Import Policy

Import existing policies:

1. Click Import
2. Upload document (PDF, DOCX, TXT)
3. Enter metadata
4. Click Import

Policy Lifecycle

Status Flow

Draft → Under Review → Approved → Published → Archived
           ↓
        Rejected → Draft (revision)

Draft

Initial policy creation:

• Edit content freely
• Add reviewers
• Request feedback
• No employee visibility

Review

Submit for review:

1. Click Submit for Review
2. Select reviewers
3. Set review deadline
4. Reviewers provide feedback
5. Make revisions as needed

Approval

Request formal approval:

1. Click Request Approval
2. Select approver
3. Approver reviews and:
   • Approves: Policy moves to Published
   • Rejects: Returns to Draft with comments

Publishing

Publish approved policies:

1. Set effective date
2. Set review date (typically annual)
3. Click Publish
4. Policy visible to employees

Archival

Archive outdated policies:

1. Open policy
2. Click Archive
3. Policy retained for records but hidden from active list

Version Control

Version History

Track all policy versions:

Version	Date	Author	Changes
3.0	Jan 1, 2026	John	Annual review, added remote work section
2.1	Jul 15, 2025	Jane	Updated password requirements
2.0	Jan 1, 2025	John	Major revision
1.0	Jan 1, 2024	John	Initial release

Compare Versions

Compare any two versions:

1. Open policy
2. Click Version History
3. Select two versions
4. Click Compare
5. View side-by-side diff

Restore Version

Restore a previous version:

1. Open Version History
2. Select version
3. Click Restore
4. Creates new draft from old version

Policy Distribution

Employee Access

Professional Feature

Policy acknowledgment tracking requires Professional or Enterprise plan.

Employees can view policies via:

• Employee Portal: Web-based access
• Email Distribution: Direct email with PDF
• Integration: Slack/Teams announcements

Acknowledgment Tracking

Track who has read policies:

1. Open policy
2. Click Acknowledgments tab
3. View:
   • Total employees
   • Acknowledged count
   • Pending acknowledgments
   • Acknowledgment dates

Require Acknowledgment

Make acknowledgment mandatory:

1. Edit policy settings
2. Enable Require Acknowledgment
3. Set deadline
4. System sends reminders

Acknowledgment Report

Information Security Policy v3.0

Acknowledgment Status:
Total Employees: 50
Acknowledged: 45 (90%)
Pending: 5 (10%)

████████████████████████████████████░░░░ 90%

Pending:
- John Smith (reminded 2x)
- Jane Doe (reminded 1x)
- Mike Johnson (new employee)
- Sarah Wilson (on leave)
- Tom Brown (reminded 2x)

Control Mapping

Link to Controls

Map policies to compliance controls:

1. Open policy
2. Click Controls tab
3. Click Link Controls
4. Select relevant controls
5. Click Link

Control Coverage

View which controls reference a policy:

Information Security Policy

Linked Controls:
- SOC 2 CC1.1 - COSO Principle 1
- SOC 2 CC1.4 - COSO Principle 4
- ISO 27001 A.5.1.1 - Policies for InfoSec
- ISO 27001 A.5.1.2 - Review of policies
- PCI-DSS 12.1 - Security policy

Gap Analysis

Identify controls without policy coverage:

1. Go to Reports → Policy Gap Analysis
2. Select framework
3. View controls missing policy mappings
4. Create or link policies

Policy Reviews

Scheduled Reviews

Set up automatic review reminders:

1. Open policy
2. Set Review Date
3. System notifies owner before due date
4. Track review completion

Review Process

When review is due:

1. Owner receives notification
2. Review policy content
3. Make updates if needed
4. Submit for approval if changed
5. Mark review complete

Overdue Policies

View policies past review date:

Policy	Review Due	Days Overdue	Owner
Password Policy	Dec 1	32	John
Remote Work Policy	Dec 15	18	Jane

Reporting

Policy Dashboard

View policy status at a glance:

Policy Dashboard

Total Policies: 15
├── Published: 12
├── Draft: 2
└── Under Review: 1

Upcoming Reviews (30 days): 3
Overdue Reviews: 1

Acknowledgment Rate: 94%

Compliance Report

Show policies for each framework:

1. Go to Reports → Policy Compliance
2. Select framework
3. View required policies and status
4. Export for auditors

Audit Package

Generate policy package for audits:

1. Click Export → Audit Package
2. Select policies to include
3. Include version history
4. Generate PDF bundle

API Access

# List policies
GET /api/v1/policies?status=published

# Get policy details
GET /api/v1/policies/{policy_id}

# Create policy
POST /api/v1/policies
{
  "title": "Data Retention Policy",
  "category": "information_security",
  "owner_id": "user_123",
  "content": "Policy content here..."
}

# Update policy
PATCH /api/v1/policies/{policy_id}
{
  "status": "under_review",
  "reviewers": ["user_456", "user_789"]
}

# Get acknowledgments
GET /api/v1/policies/{policy_id}/acknowledgments

See API Reference for full documentation.

Best Practices

1. Use Templates: Start with templates for consistency
2. Annual Reviews: Review all policies at least yearly
3. Clear Ownership: Assign owners to every policy
4. Track Acknowledgments: Ensure employees read policies
5. Map to Controls: Link policies to compliance requirements
6. Version Everything: Maintain complete version history
7. Keep Current: Archive outdated policies promptly