Skip to content

πŸ“œ Policy Management (MVP)

What It Does

Central repository for all cybersecurity policies with version control and acknowledgment tracking.

Core Features

1. Policy Storage

  • Upload existing PDF/Word policies
  • Organize by category (Access, Data, Incident, etc.)
  • Search across all policies
  • Download anytime

2. Version Control

  • Simple version numbers (1.0, 1.1, 2.0)
  • Track what changed
  • Keep previous versions
  • Show approval history

3. Acknowledgment Tracking

  • Send policies for acknowledgment
  • Track who has read/acknowledged
  • Automatic reminders
  • Compliance reporting

4. Review Cycles

  • Set annual review dates
  • Automated reminders to policy owners
  • Track review completion
  • Update version after review

How It Works

  1. Upload Policy

  2. Add PDF or create from template

  3. Set category and owner

  4. Add to policy register

  5. Get Acknowledgments

  6. Select staff who need to read

  7. System sends notification
  8. Track completion

  9. Export acknowledgment report

  10. Annual Review

  11. Owner gets reminder
  12. Updates policy if needed
  13. Board approves changes
  14. New version distributed

Policy Templates (MVP)

Basic templates for:

  • Acceptable Use Policy
  • Password Policy
  • Incident Response Policy
  • Data Protection Policy
  • Access Control Policy

5. Control-Level Implementation Tracking

The Core Distinction

Important: A policy is a governance standard (what you SHALL do), not a statement of current reality (what you ARE doing).

GetCimple separates:

  • Policy Status: Is the policy approved by the board?
  • Implementation Status: Are you actually doing what the policy requires?
  • Gap Status: What's the difference?

How It Works

Complex Policies (50+ requirements):

  • Track implementation at the control level
  • Each control has individual status: Not Started, In Progress, Implemented, N/A
  • Overall compliance percentage calculated automatically
  • Gap analysis identifies what's missing

Example: Secure Software Development Lifecycle (SDLC) Policy

  • Policy: Approved βœ…
  • Implementation: 23% ⚠️
  • Controls Tracked: 52
  • Implemented: 10 (19%)
  • In Progress: 16 (31%)
  • Not Started: 24 (46%)
  • Not Applicable: 2 (4%)

Control Tracking Features

  1. Individual Control Assessment

  2. Status tracking per requirement

  3. Evidence upload per control
  4. Owner assignment

  5. Target implementation dates

  6. Gap Analysis

  7. Automatic gap identification

  8. Risk level assessment (Critical, High, Medium, Low)
  9. Prioritized remediation list

  10. Timeline estimates

  11. Remediation Planning

  12. Assign owners to gaps

  13. Set target dates
  14. Track progress

  15. Generate board-ready roadmap

  16. Progress Dashboards

  17. Policy: Active βœ…
  18. Implementation: 23% β†’ 45% β†’ 62% β†’ 80% βœ…
  19. Board sees progress over time

Board Approval Process

When adopting a policy with low implementation, the board approves THREE things:

  1. βœ… The Policy: "This is our security standard"
  2. βœ… The Gap Analysis: "We're only 23% compliant today"
  3. βœ… The Remediation Plan: "Here's our plan to reach 80% by year-end"

This provides honest governance and clear accountability.

Business Value

  • All policies in one place
  • Prove staff have read policies
  • Never miss policy reviews
  • Ready for audits
  • Honest tracking: Policy standard vs. implementation reality
  • Clear gaps: Know exactly what needs to be done
  • Accountability: Owners and dates for closing gaps
  • Board confidence: Honest oversight, not fantasy compliance

Keep it simple. Get policies under control.

For more details: See Policy Implementation Tracking Model