Skip to content

Quick Start Guide

Common Tasks

Create a New Policy

# 1. Create branch
git checkout -b add/policy-name

# 2. Copy template to appropriate folder
cp templates/policy-template.md policies/security/new-policy.md

# 3. Edit the policy
code policies/security/new-policy.md

# 4. Fill in all YAML fields and policy content

# 5. Commit and push
git add policies/security/new-policy.md
git commit -m "Add new security policy: [policy name]"
git push -u origin add/policy-name

# 6. Create Pull Request on GitHub

Review an Existing Policy

# 1. Create review branch
git checkout -b review/policy-name-2025-11

# 2. Open and review the policy
code policies/security/password-policy.md

# 3. Make any necessary updates

# 4. Update these YAML fields:
#    - version: Increment (e.g., 1.0 ? 1.1 or 2.0)
#    - last_review: Today's date (YYYY-MM-DD)
#    - next_review: Next review date (typically +1 year)
#    - Add row to Revision History table

# 5. Commit changes
git add policies/security/password-policy.md
git commit -m "Review password policy - no changes needed"
git push -u origin review/policy-name-2025-11

# 6. Create Pull Request

Update a Policy (Content Changes)

# 1. Create update branch
git checkout -b update/policy-name

# 2. Make content changes
code policies/privacy/hipaa-policy.md

# 3. Update YAML frontmatter:
#    - version: Increment appropriately
#      - Minor changes (clarifications): 1.0 ? 1.1
#      - Major changes (new requirements): 1.x ? 2.0
#    - last_review: Today's date
#    - next_review: Appropriate next review date
#    - Add Revision History entry describing changes

# 4. Commit with descriptive message
git add policies/privacy/hipaa-policy.md
git commit -m "Update HIPAA policy: Add new data retention requirements"
git push -u origin update/policy-name

# 5. Create Pull Request with impact assessment

Policy Naming Conventions

Policy IDs

  • Security: SEC-001, SEC-002, etc.
  • Privacy: PRIV-001, PRIV-002, etc.
  • Operations: OPS-001, OPS-002, etc.
  • Clinical: CLIN-001, CLIN-002, etc.
  • Compliance: COMP-001, COMP-002, etc.
  • HR: HR-001, HR-002, etc.

File Names

Use lowercase with hyphens: - password-policy.md - data-retention-policy.md - incident-response-plan.md

YAML Frontmatter Reference

---
title: Full Policy Title
policy_id: CAT-###
version: 1.0  # Semantic versioning
status: draft | active | archived
category: security | privacy | operations | clinical | compliance | hr
owner: Team Name or Role
approvers:
  - Approver Name/Role
  - Another Approver
effective_date: 2025-11-08  # When policy takes effect
last_review: 2025-11-08     # Last time reviewed
next_review: 2026-11-08     # When next review is due
frameworks:
  - HIPAA
  - SOC2
related_policies:
  - POL-ID  # Link to related policies
---

Review Date Guidelines

Policy Type Review Frequency Example
Security policies Annually Password, Access Control
Privacy policies Annually HIPAA, Data Privacy
Clinical policies Annually or as regulations change Clinical Documentation
Compliance policies Annually or as required SOC2, Regulatory
HR policies Every 2 years Employee Handbook
Emergency procedures Every 6 months Incident Response

Version Number Guidelines

When to increment:

Major Version (X.0)

  • Significant policy changes
  • New requirements or restrictions
  • Affects multiple teams or processes
  • Example: 1.9 ? 2.0

Minor Version (X.Y)

  • Clarifications or corrections
  • Adding examples
  • Updating contact info
  • Minor wording improvements
  • Example: 1.0 ? 1.1

Compliance Framework Tags

Always tag policies with relevant frameworks:

  • HIPAA - Health Insurance Portability and Accountability Act
  • SOC2 - Service Organization Control 2
  • GDPR - General Data Protection Regulation
  • PCI-DSS - Payment Card Industry Data Security Standard
  • ISO27001 - Information security management
  • NIST - National Institute of Standards and Technology

Getting Help

  • Policy questions: Contact policy owner listed in YAML
  • Compliance questions: it@acmecorp.com
  • Git/GitHub help: IT team or create issue in this repo
  • Emergency policy updates: security@acmecorp.com

Useful Git Commands

# See what policies have changed
git status

# See what's different in a policy
git diff policies/security/password-policy.md

# List all policies
find policies -name "*.md" -type f

# Search policies for a term
grep -r "password" policies/

# See policy history
git log policies/security/password-policy.md

# See who last changed a policy
git log -1 --format="%an <%ae>" policies/security/password-policy.md

Keep this guide handy - Bookmark in your browser or pin in Slack!