Policies

This section contains mandatory policies that all team members must follow.

What Goes Here

Policies are "Must Do" requirements that define: - Security requirements - Compliance obligations - Data handling rules - Access control requirements - Incident response procedures

Creating New Policies

When creating a new policy: 1. Use kebab-case filenames (e.g., data-retention-policy.md) 2. Include frontmatter with: title, effective date, owner, status 3. Clearly state what is required vs. recommended 4. Link to related standards or procedures

Policy vs. Standard

• Policy (this section): "You must encrypt all customer data"
• Standard (../standards/): "We recommend using AES-256 for encryption"