Policies

Policies are your organisation's security reference documents. QuantAssure uses them as context for AI triage and compliance mapping.

What Policies Are Used For

  • AI reads policies during finding triage for organisational context
  • Policies provide evidence for compliance controls
  • Review tracking ensures policies stay current
  • Linked to compliance frameworks for audit traceability

Adding Policies

Manual Creation

  1. Navigate to Policies → Add Policy
  2. Enter title, description, and content
  3. Set category (security, compliance, operational, hr, legal)
  4. Assign an owner
  5. Configure review cycle (frequency and next due date)

Automatic Sync

  • Policies can be synced from Google Drive via the Policy Sync expander
  • Configure a Google Drive folder in your system settings
  • Documents are imported and kept in sync

Learn more: Google Workspace Integration

Policy Management

Review Cycles

  • Set a review frequency (e.g., annually, quarterly)
  • Policies show review status: current, due for review, overdue
  • Overdue policies are flagged in the dashboard

Linking to Compliance

  • Link policies to compliance frameworks (e.g., IRAP)
  • Linked policies appear as evidence for related ISM controls
  • AI references linked policies during compliance assessment

Status Lifecycle

  • Draft → Active → Under Review → Archived
  • Only active policies are used for AI context

Policies and AI

  • Policies are synced to the vector database for AI retrieval
  • During finding triage, AI searches for relevant policies
  • This provides organisational context that improves severity assessment

Keep policies current and well-tagged. The more context AI has about your organisation's security stance, the better its assessments.