Note: You must be an administrator of Policy Packs to carry out these actions.

An introduction to Policy Packs

Policy Packs allow you to elegantly publish relevant parts of your ISMS in an easy to read way. It also allows those reading to demonstrate their compliance with the pack.

This could include policies, controls, processes and procedures, or other guidance (for ease we'll refer to all that content as ‘policies’ for the remainder of this guide). Your audience simply demonstrates they have read their relevant policies and, if you have asked them to, indicates their formal compliance by completing a To-Do set for them.

With fast-moving threats and changes to business regulation, dynamically updating your policies and ensuring compliance to amendments quickly is essential – Policy Packs makes that very easy!

Navigating to Policy Packs

Find ‘Policy Packs’ in the Work menu on your main navigation bar. This will bring you to the ‘Policy Packs Administration Dashboard’.

How to create a new policy pack

From the Policy Packs Dashboard, click on the Policy Packs tab.

This screen will show you all your existing packs, with a green column for each pack. To the right of all existing packs you'll find the ‘New Policy Pack’ button, click this.

You'll be asked to give your policy pack an appropriate name, once done click ‘Create Policy Pack’.

To edit a Policy Pack’s name later, click ‘Edit Pack name’ in the ‘Actions’ dropdown menu. Give your Policy Pack an appropriate name and then click ‘Save’.

Add Policies to a Policy Pack

    Policy Packs come pre-configured with all the policies and controls from your ISO 27001 Policies and Controls Project available to include. Simply tick those that are relevant to each pack you have. For example, we include all the policies around secure development for our Development and Production teams but we don't add those to the packs we have for Sales and Marketing.


If you have other Projects in your ISMS that you'd like to include with polices packs, e.g. documented operating procedures or other standards you are following like ISO 22301 or NIST then this guide will show you how to add more Projects to the pack.

Note: Please ensure that activity areas have contents in notes when creating new policies as only activities with a note can be marked as read when you roll out policy packs to your audience.

Select Policies that are ‘default’ to all Policy Packs

    You may have some policies you want all staff to read (e.g. A.6.2.1 Mobile Device Policy), rather than add that policy into each pack tick the box in the grey column headed ‘Select Policies everyone needs to know'.

Add or remove Policies to a specific Policy Pack

    On the ‘Policy Packs Administration’ page, identify the column for the Project that you would like to edit.

Click the boxes, to enable or disable the policies that you would like to the individual policy pack.

Note: Disabling a policy in the policy pack list would automatically remove it from the policy pack and as a result, all progress and history that occurred in that policy would be wiped out.