How Policies Are Organised
Policies are grouped by department, with each section listing the objectives, scope, and enforcement model. Every policy page includes:
- Audience — who must comply.
- Enforcement — how compliance is monitored.
- Linked SOPs — the procedural steps that underpin the rule.
- Review cadence — when the policy is next due for validation.
Current Policy Catalogue
HR Policies
Hiring, onboarding, leave management, and workplace conduct.
IT Policies
Access control, security standards, incident response, and tooling.
Commercial Policies
Sales engagement rules, customer data handling, and contract governance.
Governance Workflow
| Stage | Description | Owner |
|---|---|---|
| Drafting | Policy author prepares proposal with supporting data | Department Lead |
| Review | Legal & Compliance and relevant managers provide feedback | Compliance Council |
| Approval | Final sign-off recorded and effective date published | COO |
| Publication | Page merged to main and deployed via Cloudflare Pages | Platform Ops |
| Monitoring | Metrics gathered and escalations logged quarterly | Department Lead |
Review Cadence
- HR — bi-annual review each May and November.
- IT — quarterly review led by the CISO guild.
- Commercial — quarterly review aligned with revenue planning cycles.
Policies with legal or regulatory impact may require immediate updates outside the standard cadence. Coordinate with Legal for those exceptions.