The Policy Manual is essentially your operating manual for the framework your company is targeting such as SOC 2, HIPAA, ISO 27001, GDPR, etc. It consists of policies that outline the various domains or functions that are required to operate such as what needs to be done for asset management, incident response or a privacy management.
One way to think of your policies is that policies are the what of your security management operation. Controls are the why of your operation and procedures are the how.
The Policy Manual is linked to your controls and procedures so you can see your entire security management program in one view and filter to see more specific details.
What if Comply says "No approved ISMS"?
When you click the ISMS tab, you're always shown the latest approved version of your ISMS. If you've never approved any control, this page will be blank. Head over to the "Controls" tab to review your controls and approve them to start building up your policy manual.
Updated about a month ago
Dive into your Controls to edit and approve the content of your ISMS.