Creating & managing policies
Purpose
Policy creation and maintenance can be time-consuming and complex, especially when dealing with legal and regulatory language. Kertos addresses these challenges by providing guided, flexible options for creating compliant policies and assigning them to the right users at the right time.
Capabilities
- Policy Maker: provides a step-by-step questionnaire to easily generate customized, regulation-compliant policies.
- Multiple Creation Methods: allow users to create policies from a template, from scratch, or by uploading existing documents.
- Real-Time Preview: shows how your policy evolves as you complete the Policy Maker questionnaire.
- Collaborative Drafting: lets multiple admins contribute to policy creation with shared progress tracking.
- Automatic Assignment Toggle: automatically assigns new department members to relevant policies.
- Progress & Status Tracking: helps you monitor policy drafts, approvals, and acceptance rates across your organization.
How It Works
Creating a New Policy

Click “Add Policy” in the Policies section. You will see four creation options:
1. Policy Maker (Recommended & Default)
The simplest and most efficient way to create a policy.
- Choose a framework on the left-hand side, then select the policy you want to create.
- Fill out the guided questionnaire on the left. The right side shows a live policy preview.
- Answer the questions using single choice (circle-shaped buttons) or multiple choice (checkboxes) options, with custom input available for each.
- Track your progress via the progress bar in the top-right.
- Required questions, marked with a red asterisk (* ), must be answered to complete the policy. Optional questions, indicated by "optional " next to them, can be skipped if not applicable. If you miss any required questions, a notification will guide you back.
Tip: Use “Save Progress” at any point to pause the policy creation and resume it later. Progress is saved across all admin users in your organization.
You can monitor the progress of all Maker drafts by pressing Add Policy → Policy Maker again.
- Once finished, press Submit to enter the Policy Draft View. Here, you’ll need to fill in:
- Description (optional)
- Classification level
- Owner and Approver (must be two different people)
- Review period
- Departments/Users to assign the policy to. Use "Automatically assign new members" toggle to ensure that the new department members will be automatically assigned this policy upon joining.
7. If all required fields are filled in, the Review button will become active, allowing the user to review the policy before saving it, or approving it right away if the current user is chosen as the Approver for this policy.
Alternatively, if you don't want to assign users/departments to this policy just yet, you can press Save to keep this policy as a draft.
2. Create from Catalog
Use this option to import a policy template draft from our template library.
- After choosing the policy template, you will be redirected to the Policy Draft View.
- Click “Edit” to customize the policy.
- Templates include yellow placeholders that you must replace with relevant company-specific information.
3. Create by Import
Use this option to upload or link to an existing document file.
4. Create from Scratch
Use this option to start with a blank policy and write or paste the content manually using the in-app editor.
Policy Overview
The Policy Overview displays all policies that the user is permitted to view.
Accepting policies as an employee
By accessing Compliance → Policies tab, you can view the list of policies, assigned to you.
To accept a policy:
- Click on a policy to open its Detail View
- Click on the eye icon next to Policy Document to open the policy file preview in a new tab
- Carefully read the policy. When you’re ready to accept it, close the preview tab and press the Accept button at the bottom of the page.
Managing Policies as an Administrator
Switch to the Admin View tab at the top of the page to access the Policy Overview. You will see different tabs and buttons:
- Draft – policies in progress that need to be approved.
- Active – approved and distributed policies.
- Catalog - view and import policy templates from the Catalog.
- Archive – view previously active policies no longer in use.
Each policy entry displays:
- ID: auto-generated unique identifier
- Policy Title
- Standard (framework the policy belongs to)
- Status (e.g. “Unassigned”, “Needs approval” or “Valid”)
- Owner/Approver
- Drafted/Approved On
- Accepted By: how many assigned users have accepted the policy
By clicking on the “All” dropdown on the left side, the user can apply a filter for policies, depending on which tab they are on:
- Draft tab filters: “Owned by you” and “Needs your approval”
- Active tab filter: “Needs review”
Select multiple policies from the overview to view the available bulk actions at the bottom of the screen:
- Delete – permanently removes the selected policies
- Archive – moves selected policies to the Archive tab
- Assign – lets you bulk-assign selected policies to users/departments
FAQs
How do I know which policies I actually need?
The policies you need depend on the compliance framework(s) your organization is working with (e.g., GDPR, ISO 27001, EU AI Act, etc.).
If I use the Policy Maker, is the policy ready to be used immediately?
Not always. While the Policy Maker helps generate compliant content, some sections may not be applicable to your organization. After completing the questionnaire, it's recommended to review and edit the draft to remove or adjust anything that doesn’t apply before submitting it for approval.
What should I customize in a policy created from the catalog?
Catalog-based policies come with predefined content and highlighted placeholders that must be replaced with your organization’s specific information. These fields often include roles, system details, and internal processes.
Do I need to assign all policies to all employees?
No. Policies should be assigned based on relevance and need-to-know. For example, a Remote Work Policy should only be assigned to employees eligible for remote work, whereas an Information Security Policy may apply to all staff.
Who should be listed as Owner and Approver for a policy?
The Owner is typically the person responsible for drafting or maintaining the policy. The Approver should be a separate individual with the authority to formally approve it - this separation supports compliance and internal governance best practices.