What is a Policy?
A policy is a governing document describing what an organization does to ensure security and compliance. It outlines responsibilities and general procedures meant to implement and maintain specific security and compliance controls. An organization will generally outline specific procedures in separate procedure documents.
How to Create a new Policy
- In the Secureframe dashboard, select Policies in the left side bar menu
- then click Create Policy at the top right
- Add Policy Name and Policy Owner
-
Paste in your policy text or Upload policy directly as a PDF. (Note: If you upload a PDF and leave the existing Text, personnel will have a tab and be able to see both Text and PDF.)
- If pasting in a policy: Use the built-in toolbar to adjust formatting, and the provided tokens from the menu on the side to auto-fill information such as Company Name, Date Modified, etc
- If uploading a policy directly as a PDF: Click the "Upload Policy" box from within a policy and select a PDF file. You may upload multiple PDF files if needed. To remove an uploaded PDF, click on the X next to the PDF file you previously uploaded. You may add additional free text along with the PDF file if desired, but also have the option to leave it blank.
- Click Save if it needs to be reviewed, or click Save and publish if it's completed and ready for acknowledgement.
Note: Only policy owners can publish the policy. Click here to learn how.
How to edit an existing Policy
- Locate the policy you'd like to edit from the list and click the three-dots icon to the right of that policy.
- Click Edit Policy in the top right corner.
- From here make any updates to the Title, Body, or features located on the right side panel.
-
Policy Groups - located in the bottom right corner, select any Groups that may apply. This will allow you to assign specific policies to a set group of people. Ex, A Change Management policy may only go to your Development Group rather than All Employees. (note: If you have not created any groups yet, please our Groups article here for step by step instructions.)
- If applicable, you can also Upload a PDF directly to the existing policy. (Note: If you upload a PDF and leave the existing Text, personnel will have a tab and be able to see both Text and PDF.)
- Click Save if it needs to be reviewed, or click Save and publish if it's completed and ready for acknowledgement.
- Note: Only policy owners can publish the policy. Click here to learn how.
Additional Policy Features
- Pre-built Tokens to autofill your company's information such as company name, date modified, policy owner, and security email, etc.
- PDF Upload feature if you already have your own policies created.
- Require employee Acceptance for those important documents related to your compliance obligations
- Policy Groups will allow you to assign specific policies to a set group of people. Ex, A Change Management policy may only go to your Development Group rather than All Employees.
- Additional Policy features include options like Backup Frequency, Minimum Retention Period and more
Frequently Asked Questions
What happens if I upload a PDF to an existing Policy that already has text?
- If you upload a PDF and leave the existing Text, personnel will have a tab and be able to see both Text and PDF. If you prefer the user to only see the PDF in this scenario, then delete all the text and leave only the PDF.
If I were to make policy changes half way through the year, Is there a way to force users re-read and accept policies?
- No, not at this time, but this is an active Feature Request.
- Currently, employees are only required to read and accept policies on an annual basis. If you make additional changes those users will not be forced to review and acknowledge until the next year.
How can I update the values of the tokens in policies?
- The token values are automatically pulled from the Company Settings > Company Details page. To update them, navigate to this page and modify the relevant fields, such as company name, security email, and other company details. The changes will be reflected in the policies where these tokens are used.
How can I edit the groups of policies?
- Groups can be edited by going to the Policies Page > select relevant policy > Edit policy > Group dropdown menu in the right side panel > Select applicable groups.
- This can also be done from the Personnel Settings > Groups tab. You may read more about the Groups tab here.
Related to
Comments
0 comments
Article is closed for comments.