This is a beta feature that needs to be flagged on by your customer success rep. Reach out to them if this is something that would be beneficial for you to have enabled in your account.
Policies are the instructions that help you implement your controls. A control is an instruction that will tell you what needs to be done, while the policy tells you how to do the thing.
A policy can be instructions for many controls, and apply to many frameworks. To help you test once, and use everywhere policies are easily mapped to controls and automatically apply to the frameworks the control is mapped to.
Policies are provided for you when you use Comply's baseline ISMS. If you use your own ISMS or want to create a new policy it's simple.
- Navigate to the ISMS and click on the sub-navigation for Policies
- Click on Create Policy
- Give your policy a Name
- Give your Policy an Owner
- Put your Policy content in via the policy library or copy/paste with markdown
Policies in Comply can be quickly mapped to controls and edited.
To quickly map a policy to a control, from the Policies view, click the pencil in the controls column and type in the name of the control(s) to add them.
Alternatively you can click on "Controls" from within a policy to map there.
To edit a policy, click into the policy and click the pencil next to the "Policy Content"
Once you have reviewed all of the policies within the ISMS that map to your selected controls and frameworks, you are ready to approve the ISMS so that you have record and version control of the content.
- Click on the ISMS tab
- Select the Updated option in yellow on the far left hand navigation
- Select the policies that you wish to approve just adding/removing the check box beside each
- Include a version number and a description of the change
- Select Approve Selected Policies
Versioning your ISMS
Versioning your ISMS helps prove to your auditor that your organization knows what the effective version of the ISMS is at any point in time. We recommend using a familiar schema such as v1.0, v2.0, etc. You can keep track of minor changes to ISMS content in the form of v1.1, v1.2, etc.
Updated 8 months ago