Creating & managing policies

The Policy Maker is a tool designed to simplify the creation and customization of policies for compliance needs. We recognize that many users face challenges, such as difficulty customizing policies due to complex regulatory language and the time-consuming nature of manual policy creation.

Creating a new policy

Choosing how you want to add a new policy

 

 

By pressing the button “Add Policy” in the policy overview, you will have four different options to choose from.

 

 

1. Select “Policy Maker” allows you to choose from our extensive collection of frameworks, standards, and regulations, providing a solid foundation for customizing your policy template.

 

 

2. Choose the framework, standard, or regulation you wish to follow, and then select the category of policy you want to customize.

 

 

3. Once you select a policy, you will enter the questionnaire flow. On the left side of the split screen, you'll find questions to answer and required fields to complete. On the right, the policy preview screen will display real-time changes as you input your responses.

4. After completing the required fields on the left side of the screen, click “Next” to proceed and fill out the rest of the questionnaire.

 

 

5. As you begin answering the questions, a progress bar in the top right corner of the left screen will allow you to track how many questions you’ve answered compared to the total number of questions.

 

 

6. Certain questions will require you to select a single answer, ensuring clarity and precision in your responses while providing an option to add a customized field to tailor responses to your organization's specific needs.

 

 

7. Some questions will be multiple choice, allowing you to add as many options as needed by clicking the plus sign.

 

 

8. If you miss answering any questions, you will be notified that the questionnaire is incomplete. A link button will direct you to the specific question that needs your attention.

 

 

9. Once you have completed the entire questionnaire, you are ready to submit your policy for draft review.

Saving your progress

 

 

The “Save Progress” button can be used to exit the policy maker so that you can return to it later and continue where you left off. The progress will be saved across admin accounts in your organization, meaning that admins can can collaborate when creating policies.

View your progress

 

To view your policy progress, go to your policy catalog by clicking "Add Policy" in the Policies section. There, you can see which policies are completed and which are still in progress.

 

Managing Policies 

The policy overview shows you all policies and enables you to perform bulk action across all or several policies.

 

 

The table has two tabs:

  • “Draft”, which contains all policies that are still in draft mode,
  • “Active”, which shows the policies that have been approved. On the right side there is an archive button which leads you to all the policies that have been archived.

In the table itself, you can see the following information:

  • ID: this is auto assigned and is a unique ID
  • Policy title: title of the policy you chose
  • Standard: which standard or framework this belongs to
  • Approved by: who approved the policy
  • Approved on: when was the policy approved
  • Accepted by: shows you how many out of all assigned employees have accepted the policy

 

 

Bulk Actions 

When selecting one or many policies, you can see a small menu popping up in the bottom of the screen.

 

You can perform 3 different actions:

  • Delete selected: which deletes the policy
  • Archive selected: which moves the policies to the archive section
  • Assign selected: which lets you bulk assign the policies to users (described in the section below)

 

Assigning policies

Assigning multiple policies at once

 

 

1. Select the policies you want to bulk-assign in the policy overview.

2. Click "Assign Selected".

3. Select the users you want to assign all these policies to.

4. Click "Assign".

 


Assigning individual policies

 

 

1. Open the policy you want to assign.

2. In the detail view, scroll down to "Select Departments/ Users"

3. Select the departments or individual users you want to assign the policy to.

4. Recommended: Enable auto-assign in order to invite users that will join a department in the future automatically to the policy that is assigned to this department.

5. Click "Review" and then "Save".

 

FAQs

What do I need to do in the ‘Policies’ section?

In the policies section, you can create, assign, and manage all the policies you need in order to ensure compliance for your whole organization.

Which policies are relevant / required for me?

This depends on the legal framework you want to be compliant with. Generally, policies are the result of the controls you implement within that framework but there are some trainings that are always required.

What do I need to change or personalize in the policies (I added from the catalogue)?

You can use our policy maker to receive specific, step-by-step guidance on what you have to add and individualize when creating a policy. It is as easy as filling out a simple questionnaire, Kertos then generates the policy in real time.

Do I really need all of the policies?

While not all policies may be necessary for every organization, it's important to have a comprehensive set of policies that take into account all important factors. In particular, these are your organization's size, industry, regulatory requirements, and risk assessment.

If I create a policy with the policy maker, are the policies then fine for me or is there something else I have to do?

All policies that you create with our policy maker are regulation-proof. The two things that you need to do after the creation is getting them approved by somebody else within the company and then assigning them to the right people.

Do I have to assign all policies to everyone?

No, you don't have to assign all policies to everyone. The distribution of policies should be based on relevance and need-to-know principles. For example, a remote work policy is not relevant for members of your organization who only work from a physical location, while the information security policy should be communicated to everyone.

Was this article helpful?