Click here to go back to OCC
OneClickComply Support
  • English
Go to website
Back
Articles on:Policies
Guidance on the policy aspect of compliance

Categories

  • Releases
  • Onboarding
  • Navigation
  • Platform Features
  • Compliance
  • Policies
  • Access & Permissions
  • FAQs
  • Troubleshooting
  • Legal & Policies
  • What are compliance policies?
    Compliance policies form the core foundations of many well-known standards and regulations such as SOC 2 and ISO 27001. These policies set out clear rules on how data, security, and business practices should be managed to maintain compliance and protect sensitive information. Every policy has a defined purpose, outlining the specific requirements an organisation must follow. The scope of a policy helps to determine which areas of a business (employees, systems, etc.) it applies to. ComplianceSome readers
  • What’s the difference between a policy, a process, and a procedure?
    It's very common for businesses to use the terms policy, process, and procedure interchangeably. However, in the world of cyber security and compliance, they each serve a distinct purpose. Organisations need to make sure they understand these differences, especially they want to comply with a security standard or framework. Policy A policy is a high-level statement of intent. It essentially outlines specifically what your organisation is committed to doing, and the reasons why. ThisFew readers
  • Why are policies important for compliance?
    Policies are incredibly important for compliance because they provide formal documentation of how your business addresses risk, manages security controls, and meets the requirements outlined by specific standards. We've collated a list of the reasons policies are important below: Documented intent - Policies show that your organisation has made intentional decisions about how to manage security, and the processes in place to ensure security. For example, an Access Control Policy outlineFew readers
  • How often should policies be reviewed or updated?
    It is considered general best practice to review your internal compliance policies at least annually. However, this should be conducted more frequently if there have been significant changes within your organisation, infrastructure, or compliance obligations. For example, the creation of new departments, leadership changes, updates to compliance regulations, or tooling/infrastructure changes should all be followed by a review of internal documentation, which should include the following: ConFew readers

Not finding what you are looking for?

Chat with us or send us an email.

  • Chat with us
  • Send us an email
© 2025 OneClickComply Support