Skip to content

Policies

Path: /policies

Policies

Manage administrative policy documents required for ISO 27001, SOC 2, and other frameworks. Track review cycles and approval workflows.

Key Elements

  • Stats bar — Total policies, active count, overdue reviews, and ISO 27001 compliance percentage.
  • Policy table — Code, name, version, status (Draft/Active/Archived), review due date, and last reviewed date.
  • New Policy button — Create a new policy document.
  • Actions — Details, Edit, Delete for each policy.

Policy Lifecycle

  1. Create — Click New Policy. Enter name, code (e.g., ISP-001), category, and content.
  2. Draft — Policy starts in draft status. Edit and refine the content.
  3. Submit for Review — Click Details, then Submit for Review.
  4. Complete Review — A reviewer marks the review as complete.
  5. Approve — An approver activates the policy.
  6. Archive — When a policy is retired, archive it.

Review Tracking

  • Policies show "Never" in Last Reviewed if they haven't been reviewed yet.
  • Review Due dates in red indicate overdue reviews.
  • ISO 27001 requires annual policy reviews — the compliance percentage tracks this.