Skip to content

Acme Corp Platform - Policy Index

This directory contains all organizational policies for Acme Corp Platform, organized by category.

Policy Status Legend

  • Active ? - Policy is currently in effect and must be followed
  • Draft ?? - Policy pending review and approval
  • Archived ??? - Policy no longer in effect but retained for historical purposes

Core Policies (Active) ?

These policies form the foundation of Acme Corp's IT governance and are currently active.

Security Policies

Policy ID Title Owner Last Review Next Review
SEC-001 Acceptable Use Policy (AUP) IT Team 2025-11-08 2026-11-08
SEC-003 Password and Authentication Policy IT Team 2025-11-08 2026-11-08
SEC-004 Incident Response and Reporting Policy IT Security Team 2025-11-08 2026-11-08
SEC-005 Remote Work and Mobile Device Management Policy IT Security Team 2025-11-08 2026-11-08

Privacy Policies

Policy ID Title Owner Last Review Next Review
PRIV-001 Data Privacy and Security Policy IT Team / Compliance Team 2025-11-08 2026-11-08

Operations Policies

Policy ID Title Owner Last Review Next Review
OPS-001 Backup and Disaster Recovery Policy IT Operations Team 2025-11-08 2026-11-08
OPS-003 Technology Use for Learning and Support Policy IT Operations Team 2025-11-08 2026-11-08

Compliance Policies

Policy ID Title Owner Last Review Next Review
COMP-001 IT Governance and Compliance Policy Chief Technology Officer 2025-11-08 2026-11-08
COMP-003 Vendor Management Policy IT Team / Procurement 2025-11-08 2026-11-08

Follow-Up Policies (Draft - Pending Review) ??

These policies are in draft status and pending review and approval before becoming active.

Security Policies

Policy ID Title Owner Status
SEC-002 Access Control and Authorization Policy IT Security Team Draft

HR Policies

Policy ID Title Owner Status
HR-001 Employee IT Training and Awareness Policy IT Team / HR Team Draft
HR-002 Employee Onboarding and Offboarding IT Policy IT Team / HR Team Draft

Operations Policies

Policy ID Title Owner Status
OPS-002 Business Continuity and Disaster Recovery Policy IT Operations Team Draft
OPS-004 Change Management Policy IT Operations Team Draft
OPS-005 IT Asset Management Policy IT Operations Team Draft
OPS-006 Error Capture and Monitoring Policy IT Operations Team Draft
OPS-007 Service Level Agreement and Support Policy IT Operations Team Draft
OPS-008 IT Maintenance Policy IT Operations Team Draft
OPS-009 Software and Hardware Procurement Policy IT Team / Procurement Draft
OPS-010 System Monitoring and Performance Management Policy IT Operations Team Draft

Compliance Policies

Policy ID Title Owner Status
COMP-002 Data Retention and Archiving Policy IT Team / Compliance Officer Draft

Policy Categories

?? Security (/security)

Policies related to information security, access control, authentication, and incident response.

?? Privacy (/privacy)

Policies governing data privacy, protection of sensitive information, and regulatory compliance (HIPAA, etc.).

?? Operations (/operations)

Policies for IT operations, system management, maintenance, and service delivery.

?? Clinical (/clinical)

Policies specific to clinical operations and healthcare delivery (currently empty - to be populated as needed).

? Compliance (/compliance)

Policies ensuring regulatory compliance, governance, vendor management, and audit requirements.

?? HR (/hr)

Policies related to employee onboarding/offboarding, training, and HR-related IT processes.

Quick Reference by Framework

All policies tagged with HIPAA framework:

All policies tagged with SOC2 framework:

Policy Workflow

Creating a New Policy

  1. Copy ../templates/policy-template.md
  2. Place in appropriate category folder
  3. Fill in all metadata and content
  4. Set status to draft
  5. Create Pull Request for review
  6. After approval, update status to active

Reviewing an Existing Policy

  1. Create branch: review/policy-name-YYYY-MM
  2. Update policy content as needed
  3. Update metadata:
  4. Increment version if changes made
  5. Update last_review date
  6. Set new next_review date
  7. Add entry to Revision History
  8. Create Pull Request
  9. Obtain required approvals
  10. Merge to main

Archiving a Policy

  1. Update status field to archived
  2. Add archive date and reason to Revision History
  3. Create Pull Request documenting reason for archival
  4. Policy remains in repository for historical reference

Compliance Framework Mapping

Framework Applicable Policies Primary Contact
HIPAA 12 policies (see above) Compliance Team
SOC 2 Type II 13 policies (see above) CTO / Compliance Team
Section 508 (Accessibility) OPS-003 IT Operations Team

Policy Review Schedule

Annual Reviews (Due November 2026)

  • All Core Policies
  • All Follow-Up Policies (once active)

Semi-Annual Reviews

  • Critical security policies (SEC-003, SEC-004)

Quarterly Reviews

  • Vendor list (COMP-003)
  • Access permissions (SEC-002)

Getting Help

Policy Questions

  • IT Policies: IT Team (it@acmecorp.com)
  • Compliance: Compliance Team (it@acmecorp.com)
  • HR Policies: HR Team (help@acmecorp.com)

Reporting Policy Violations

  • Security Incidents: security@acmecorp.com
  • Privacy Concerns: security@acmecorp.com
  • General Violations: it@acmecorp.com

Last Updated: 2025-11-08 Maintained By: Compliance Team & IT Leadership Repository: github.com/acmecorp/policy-repository