Policy Engine
The One Compliance includes a policy management engine for creating, versioning, approving, and distributing organizational policies. Policies are linked to framework controls as evidence.
Built-in Policy Templates
The One Compliance provides ready-to-use policy templates that you can customize for your organization:
| Template | Description |
|---|---|
| Acceptable Use Policy (AUP) | Rules for acceptable use of company systems and data |
| Incident Response Plan | Procedures for detecting, responding to, and recovering from security incidents |
| Data Classification Policy | Definitions for data sensitivity levels and handling requirements |
| Access Control Policy | Rules for granting, reviewing, and revoking user access |
| Password Policy | Password complexity, rotation, and storage requirements |
| Change Management Policy | Procedures for requesting, approving, and implementing changes |
| Business Continuity Plan | Procedures for maintaining operations during disruptions |
| Disaster Recovery Plan | Procedures for recovering IT systems after a disaster |
| Vendor Management Policy | Requirements for evaluating and managing third-party vendors |
| Data Retention Policy | Rules for how long data is stored and when it is destroyed |
| Remote Work Policy | Security requirements for employees working remotely |
| Encryption Policy | Standards for data encryption at rest and in transit |
Using a Template
- Navigate to Compliance → Policies
- Click New Policy → From Template
- Select a template
- Customize the content for your organization (company name, specific requirements, etc.)
- Click Save Draft
Creating Custom Policies
To create a policy from scratch:
- Navigate to Compliance → Policies
- Click New Policy → Blank
- Enter the policy title, description, and category
- Write the policy content using the rich text editor
- Link the policy to one or more framework controls
- Click Save Draft
Policy Versioning
Every policy change creates a new version:
- Draft — Policy is being edited and is not yet published
- Pending Approval — Policy has been submitted for review
- Published — Policy is active and visible to employees
- Archived — Policy has been superseded by a newer version
The full version history is preserved. You can view and compare any two versions side-by-side from the Version History tab on any policy.
Approval Workflows
Policies can require approval before publication:
- Author creates or updates a policy and submits it for approval
- Reviewer receives a notification and reviews the policy
- Reviewer approves or rejects the policy with comments
- If approved, the policy is published automatically
- If rejected, the author is notified and can revise the draft
Configure approval workflows in Settings → Compliance → Policy Approval. You can set required approvers by policy category or require multiple approvers for critical policies.
Employee Acknowledgment Tracking
After a policy is published, you can require employees to read and acknowledge it:
Setting Up Acknowledgment
- Open the published policy
- Click Require Acknowledgment
- Select the target audience (all employees, specific departments, or specific roles)
- Set an acknowledgment deadline
- Click Send
Employees receive an email notification with a link to read and acknowledge the policy.
Tracking Acknowledgments
The Acknowledgments tab on each policy shows:
- Total employees who need to acknowledge
- Number who have acknowledged
- Number who have not yet acknowledged (with names)
- Acknowledgment timestamps
Overdue acknowledgments are highlighted and can trigger automated reminder emails.
Acknowledgments as Evidence
Employee acknowledgment records automatically serve as compliance evidence for workforce training and policy awareness controls. The acknowledgment data is linked to the relevant framework controls.