Policy

Overview

The Policy page is the cornerstone of your cybersecurity program. It is where you manage and create cybersecurity policies and assign people to review and sign them.

Accessing the Policy Page

Go to app.maplegrc.com.
Log in with your account credentials.
From the homepage, navigate to the Policy Page section.

Before you begin

Ensure that you add all the organization’s context, users, and assets, as MapleGRC AI uses them to auto-generate cybersecurity policies

Page Details

There are nine pages — one page for each required policy (Cyber Code of Conduct, Risk Management, Information Security Management, Supply Chain Risk Management, Baseline Security, Computer Security Log Management, Secure Mobility/Cloud/Outsourced IT Services, Security Incident Response, Training and Awareness).

Organization's Policies - Edit Mode

Click a policy type to open its details and start creating the policy.

2. Click Edit Policy to open the editor and create a draft policy.

Policy header fields

When you click Edit Policy, the first section contains:

Policy title
Validity dates (Valid from, Valid to)
- By default, policies are valid for one year starting from drafting day.
Reviewer
- Typically the person responsible for creating and managing the policy content.
Approver
- Usually someone at the executive level, for example the CEO or the Chief Information Security Officer, who has the authority to activate the policy.
Classification
- Options mentioned: internal, restricted, or public.
Intended audience
- Defines who the policy applies to. Selecting All makes it applicable to all employees.

After assigning reviewer and approver, click Save.

Steps to Create Organization's Policies

1. Click Run Analyzer. The MapleGRC Assistant will analyze the organization’s information and produce a tailored draft policy.

2. When the analysis finishes, MapleGRC will prompt you to refresh the page.

Press Ctrl+R (Cmd+R on Mac) or click your browser’s Reload icon ⟳ to refresh the page.

3. After refreshing the page:

Click Autofill All to apply all available suggestions across every section.

A confirmation tab will appear. Click Yes to proceed.
The page will refresh, and data will be generated for all sections.

Note: Autofill All overwrites existing content. Any manual edits will be replaced — review or save your draft before using this option.

If you just need to update a specific section

Fields with AI suggestions are marked with a ★ icon — click the star to autofill only a section.
Then click save

Review all the generated draft carefully and make any necessary edits, if needed.

Policy body and content model

Each policy includes the following sections:

Summary
Introduction
Scope
Objectives
Principles
Rules and responsibilities
Key outcomes
Related policies
Policy requirements
These are the actionable parts.

The policy is modular. You can edit any section. If you make changes, click Save.

Generating The Policy Document

When you are satisfied with the draft, click Generate Policy Document. This returns you to the Policy Manager page where you can:

Preview the policy as a downloadable PDF.

Click generate policy document.
Choose Go to Policy Manager if want to end edit mode
Then click, Download.

A PDF version will be downloaded to your PC.

Managing Review - Approve

1. Assign a reviewer and send a notification email requesting review

Typically, the reviewer you assign here should be the same person listed inside the policy.

2. The reviewer receives an email requesting a policy review.

Open the email and click Review policy.
The policy will open for review.
If everything is acceptable, click Accept at the bottom-left of the page.

3. After the reviewer accepts the policy, a green status message will appear showing 'Reviewed by Reviewer’s Email'

4. Then proceed to approval

Select the approver, optionally send a notification, then click Save.
The approver can review and activate the policy.
Typically, the approver you assign here should be the same person listed inside the policy.

5. The approver receives an email requesting a policy approve.

Open the email and click Review Policy.
The policy will open for approve.
If everything is acceptable, click Accept at the bottom-left of the page.
Then a pop-up tab will appear asking you to set activation dates. By default, the duration is one year from the date of signing.
Finally, click Save to confirm.

6. Once the approver accepts the policy, the Policy Manager will display:

Policy status [Approved]
Generated by: [user who created the policy]
Approved by: [approver’s email]
Validity period: From [date] to [date]

Circulation and signatures

You can circulate the policy to all employees to review and sign, Click Circulate; you will notified policy circulated successfully.
Signature expectations:
1. Cyber Code of Conduct is the only policy that must be signed by all staff.
2. Other policies, for example Risk Management Policy or Supply Chain Risk Management Policy, only require approval by your organization’s top authority such as the CEO or CISO.
At any time, you can preview the policy and open the circulation report to see who has signed.

4. Organization members will receive an email asking them to review and sign the policy.

Steps:

Open the email and click Sign Document.
Read the policy. Check the box I have read the document.
Enter your name to create your electronic signature — the system will generate an electronic signature for you.
Click Submit. A PDF containing your signature and the signing date will be downloaded automatically.

Note: By signing you confirm you have read and accepted the policy. The signature and timestamp are recorded for audit purposes.

Generate AI Policy Training

After you finish a policy in the Policy Manager, open that policy’s page and click Generate Training to create a customized training module (a short video followed by a quiz) based on the policy.

Generate training for each completed policy by visiting its policy page and clicking Generate Training.

Be patient — generating the training may take some time. Once ready, it will appear under the Policy Training tab.

Why policies matter

Policies form the foundation of the cybersecurity management system.
They guide every action in your cybersecurity program.
They support many requirements in the CyberSecure Canada standard.
Without policies, there are no formal controls.

Page updated

Report abuse