Help Center
Go back to application
Help Center
Go back to application
Platform Terms GlossaryContacting Support and Reporting Bugs
Task Management
Task Management explained Creating Tasks Setting up Task NotificationsGiving permissions to team members
Organization
Working together in KertosInviting UsersCreating rolesAssigning System AccessCreating Departments and Assigning Users
Integrations
Discovery
Tasks
Device Management
Human Resource Information Systems
Inventory
Inventorization of vendorsInventorization of systemsInventorization of assetsEU AI Act: Inventorization of AI use cases
Risks
Managing risks
Trust Center
Setting up your trust center
Incidents
Reporting incidents
KAIA
KAIA explainedPrinciples of AI at Kertos
Interacting with KAIA
Compliance
Frameworks explainedManaging & implementing controlsCreating & managing policiesCompleting & assigning trainingsGuidance
Privacy Management
Creating a RoPACreating TOMsCreating DPIAs
Data Subject Requests
API Reference
Ingress API Docs for DSRs Webhook API Docs for DSRs
Auto Checks
Auto Checks explainedAuto Checks: AWS Auto Checks: GCPAuto Checks: AzureEnabling Auto Checks by Reconfiguring the Azure IntegrationEnabling Auto Checks by Reconfiguring the GCP IntegrationEnabling Auto Checks by Reconfiguring the AWS Integration
AWS Auto Checks Detailed Explanations
Azure Auto Checks Detailed Explanations

Creating & managing policies

Kertos simplifies the process of creating, customizing, and managing company-wide policies through its flexible Policy Management module. Whether you want to generate policies using guided workflows or import your own, Kertos ensures your policies remain structured, compliant, and actionable across your organization.

Purpose
 

Policy creation and maintenance can be time-consuming and complex, especially when dealing with legal and regulatory language. Kertos addresses these challenges by providing guided, flexible options for creating compliant policies and assigning them to the right users at the right time.

Capabilities
 

  • Policy Maker: provides a step-by-step questionnaire to easily generate customized, regulation-compliant policies.
  • Multiple Creation Methods: allow users to create policies from a template, from scratch, or by uploading existing documents.
  • Real-Time Preview: shows how your policy evolves as you complete the Policy Maker questionnaire.
  • Collaborative Drafting: lets multiple admins contribute to policy creation with shared progress tracking.
  • Automatic Assignment Toggle: automatically assigns new department members to relevant policies.
  • Progress & Status Tracking: helps you monitor policy drafts, approvals, and acceptance rates across your organization.

How It Works
 

Creating a New Policy


Click “Add Policy” in the Policies section. You will see four creation options:
 

1. Policy Maker (Recommended & Default)

The simplest and most efficient way to create a policy.

  1. Choose a framework on the left-hand side, then select the policy you want to create.

  2. Fill out the guided questionnaire on the left. The right side shows a live policy preview.

  3. Answer the questions using single choice (circle-shaped buttons) or multiple choice (checkboxes) options, with custom input available for each.

  4. Track your progress via the progress bar in the top-right.

  5. Required questions, marked with a red asterisk (* ), must be answered to complete the policy. Optional questions, indicated by "optional " next to them, can be skipped if not applicable. If you miss any required questions, a notification will guide you back.

    Tip: Use “Save Progress” at any point to pause the policy creation and resume it later. Progress is saved across all admin users in your organization.
    You can monitor the progress of all Maker drafts by pressing Add Policy → Policy Maker again.


     
  6. Once finished, press Submit to enter the Policy Draft View. Here, you’ll need to fill in:
  • Description (optional)
  • Classification level
  • Owner and Approver (must be two different people)
  • Review period
  • Departments/Users to assign the policy to. Use "Automatically assign new members" toggle to ensure that the new department members will be automatically assigned this policy upon joining.
     

7.  If all required fields are filled in, the Review button will become active, allowing the user to review the policy before saving it, or approving it right away if the current user is chosen as the Approver for this policy. 
Alternatively, if you don't want to assign users/departments to this policy just yet, you can press Save to keep this policy as a draft.
 

2. Create from Catalog

Use this option to import a policy template draft from our template library.

  • After choosing the policy template, you will be redirected to the Policy Draft View.
  • Click “Edit” to customize the policy.
  • Templates include yellow placeholders that you must replace with relevant company-specific information.
     

3. Create by Import

Use this option to upload or link to an existing document file.

4. Create from Scratch

Use this option to start with a blank policy and write or paste the content manually using the in-app editor.

Policy Overview
 

The Policy Overview displays all policies that the user is permitted to view.

Accepting policies as an employee

By accessing Compliance → Policies tab, you can view the list of policies, assigned to you.

To accept a policy:

  • Click on a policy to open its Detail View

  • Click on the eye icon next to Policy Document to open the policy file preview in a new tab
  • Carefully read the policy. When you’re ready to accept it, close the preview tab and press the Accept button at the bottom of the page.
     

Managing Policies as an Administrator

Switch to the Admin View tab at the top of the page to access the Policy Overview. You will see different tabs and buttons:

  • Draft – policies in progress that need to be approved.
  • Active – approved and distributed policies.
  • Catalog - view and import policy templates from the Catalog.
  • Archive – view previously active policies no longer in use.

Each policy entry displays:

  • ID: auto-generated unique identifier
  • Policy Title
  • Standard (framework the policy belongs to)
  • Status (e.g. “Unassigned”, “Needs approval” or “Valid”)
  • Owner/Approver
  • Drafted/Approved On
  • Accepted By: how many assigned users have accepted the policy

By clicking on the “All” dropdown on the left side, the user can apply a filter for policies, depending on which tab they are on:

  • Draft tab filters: “Owned by you” and “Needs your approval”
  • Active tab filter: “Needs review”

Select multiple policies from the overview to view the available bulk actions at the bottom of the screen:

  • Delete – permanently removes the selected policies
  • Archive – moves selected policies to the Archive tab
  • Assign – lets you bulk-assign selected policies to users/departments

FAQs
 

How do I know which policies I actually need?

The policies you need depend on the compliance framework(s) your organization is working with (e.g., GDPR, ISO 27001, EU AI Act, etc.).

If I use the Policy Maker, is the policy ready to be used immediately?

Not always. While the Policy Maker helps generate compliant content, some sections may not be applicable to your organization. After completing the questionnaire, it's recommended to review and edit the draft to remove or adjust anything that doesn’t apply before submitting it for approval.

What should I customize in a policy created from the catalog?

Catalog-based policies come with predefined content and highlighted placeholders that must be replaced with your organization’s specific information. These fields often include roles, system details, and internal processes.

Do I need to assign all policies to all employees?

No. Policies should be assigned based on relevance and need-to-know. For example, a Remote Work Policy should only be assigned to employees eligible for remote work, whereas an Information Security Policy may apply to all staff.

Who should be listed as Owner and Approver for a policy?

The Owner is typically the person responsible for drafting or maintaining the policy. The Approver should be a separate individual with the authority to formally approve it - this separation supports compliance and internal governance best practices.

Was this article helpful?

Powered by Product Fruits