Help Center
Go back to application
Help Center
Go back to application
Platform Terms GlossaryContacting Support and Reporting Bugs
Task Management
Task Management explained Creating Tasks Setting up Task NotificationsGiving permissions to team members
Organization
Working together in KertosInviting UsersCreating rolesAssigning System AccessCreating Departments and Assigning Users
Integrations
Discovery
Tasks
Device Management
Human Resource Information Systems
Inventory
Inventorization of vendorsInventorization of systemsInventorization of assetsEU AI Act: Inventorization of AI use cases
Risks
Managing risks
Trust Center
Setting up your trust center
Incidents
Reporting incidents
KAIA
KAIA explainedPrinciples of AI at Kertos
Interacting with KAIA
Interacting with KAIAKAIA AutofillKAIA Chat AssistantContext AwarenessPolicy Co-Pilot
Compliance
Frameworks explainedManaging & implementing controlsCreating & managing policiesCompleting & assigning trainingsGuidanceDetermining Control Applicability
Privacy Management
Creating a RoPACreating TOMsCreating DPIAs
Data Subject Requests
API Reference
Ingress API Docs for DSRs Webhook API Docs for DSRs
Auto Checks
Auto Checks explainedAuto Checks: AWS Auto Checks: AzureAuto Checks: GCPAuto Checks: GitHubEnabling Auto Checks by Reconfiguring the Azure IntegrationEnabling Auto Checks by Reconfiguring the GCP IntegrationEnabling Auto Checks by Reconfiguring the AWS Integration
AWS Auto Checks Detailed Explanations
Azure Auto Checks Detailed Explanations
GitHub Auto Checks Detailed Explanations
Settings
Authentication and 2FA settingsProfile settingsCompany settingsLegal Entities settingsPlatform settingsOutbound E-Mail settings

Policy Co-Pilot

Policy Co-Pilot is KAIA’s AI-powered drafting assistant that helps you build your information security and privacy documentation effortlessly. It analyzes your company context, aligns with ISO 27001 and GDPR frameworks, and creates editable, version-controlled policies in one central place. With built-in guidance and smart updates, staying compliant has never been easier.

Problem Statement

Many admin users struggle when drafting or updating policies for frameworks like ISO 27001 and GDPR. Writing policies from scratch, ensuring compliance with standards, and keeping them consistent across frameworks can be confusing and time-consuming. Without clear guidance or context, users often hesitate to finalize drafts, fearing their content may be inaccurate or non-compliant, leading to bottlenecks and heavy reliance on experts or Customer Success support. 

Overview

KAIA’s Policy Co-Pilot helps you create, edit, and maintain compliant policies directly within the Kertos platform.
By using your company context (size, industry, tech stack, roles, etc.), KAIA automatically generates tailored policy drafts that align with ISO 27001 or GDPR requirements, saving you time and giving you confidence that your documentation meets compliance expectations.

Key Features of Policy Co-Pilot

  • AI-Generated Drafts: KAIA generates complete policy drafts based on your company context and selected framework. Each draft provides a compliant baseline that you can review, edit, and approve.
  • Embedded Policy Editor: You can adjust anything directly inside the built-in editor: no downloads or re-uploads needed.
  • Smart Framework Mapping: Each policy is linked to its framework (e.g., ISO 27001 or GDPR). 
  • Context-Aware Updates: When your company context changes (e.g., new systems, new DPO), Co-Pilot will prompt you to review and update the affected policies to stay consistent.
  • Version Control and Ownership: Policies include metadata such as owner, reviewer, and last updated date: ensuring accountability and audit readiness.

Benefits of Policy Co-Pilot

  • Faster Policy Creation: Generate complete drafts in minutes rather than days.
  • Reduced Expert Dependency: Clear baselines and prompts reduce the need for manual reviews.
  • Consistency Across Frameworks: Shared policies stay synchronized and traceable.
  • Tailored to Your Company: Drafts reflect your context and adapt as it changes.

How Policy Co-Pilot Works
 

Setting Up Your Company Context

  1. Go to Settings → Company Context.
  2. Fill in details like company size, industry, and tech stack.
  3. Assign unique roles — DPO (for GDPR) and CISO (for ISO 27001).
  4. Save changes.

The more complete your context, the more precise your policies.

Creating Policies

  1. Navigate to the Policies section.
  2. Click Create with KAIA.
  3. Select your framework (ISO 27001 or GDPR).
  4. Choose to generate all policies or specific ones.
  5. Click Create

KAIA will use your context to produce policy drafts aligned with the framework’s requirements.

Reviewing and Editing

  1. Open any created policy.
  2. Use the embedded editor to refine the text, add references.
  3. Set a status (Draft / Review / Approved) and assign owners or reviewers.

Updating When Context Changes

If you update your company context, KAIA will notify you of affected policies and offer to re-generate or update them to stay compliant.

 

FAQs

1. How does KAIA generate policies?
KAIA uses your company context and the selected framework to produce compliant first drafts. It relies on expert-trained prompts aligned with ISO 27001 and GDPR requirements.

2. Can I edit or override KAIA’s drafts?
Yes. All policies are fully editable through the embedded editor. Change is tracked in version history.

3. What if a policy belongs to both GDPR and ISO 27001?
The ISO 27001 version takes precedence as the baseline, and GDPR clauses are added automatically.

4. Can multiple people review or approve a policy?
No, can assign one reviewer and one owner per policy. Roles like DPO and CISO remain unique (one user each).

5. What happens when I update company information?
KAIA will identify affected policies and prompt you to update them.

6. Can I disable Policy Co-Pilot?
Yes, you can toggle it off anytime under Settings → AI Features if you prefer manual drafting.

7. Does Policy Co-Pilot replace expert review?
No, it accelerates drafting, but final validation should still be done by the user.

Was this article helpful?

Powered by Product Fruits