Getting Started with Policies

Policies are a core part of demonstrating compliance. In Uproot, policies are pre-configured and aligned to support compliance frameworks. This guide explains what policies are in Uproot and how to manage them through editing, approval, and employee acceptance.

During onboarding, the account owner should assign ownership of policies to the appropriate admins. This ensures admins are responsible for reviewing and updating policy content, including adding any required variables, so policies accurately reflect the organization’s business setup and operational practices.

What Are Policies?

In Uproot, policies serve as formal evidence that compliance expectations are clearly documented, approved, and acknowledged. They are a required component for audits such as SOC 2.

1. Manage Existing Policies in Uproot

All policies in Uproot are pre-configured and aligned to supported compliance frameworks, providing organizations with a consistent and audit-ready policy foundation.

Policies are managed directly within the platform which can be reviewed, submitted for admin approval, and published within Uproot.

Policies can be accessed from the Uproot platform by navigating through the organization settings, as shown in the screenshot below.

From the Policies page, users can view the full list of existing policies along with their current status.

2. Policy Editing Permissions and Ownership

Each policy in Uproot has a designated policy owner who is responsible for maintaining the policy content.

• Only the policy owner can edit the policy
• Policy ownership can be shared with other users
• Shared owners can collaborate on policy updates
• Users without ownership can view policies but cannot make changes

Policy owners can update policy content to reflect how the organization operates while maintaining alignment with compliance requirements. AI assistance helps create policy content based on the changes made by the policy owner, reducing manual effort.

3. Review, Approve, and Publish Policies

After updates are made, policies go through a formal review and approval workflow.

The workflow in Uproot is as follows:

• The policy owner submits the updated policy for review
• An admin reviews the changes
• If approved, the admin publishes the policy
• If changes are requested, the policy is sent back to the policy owner for review and changes are requested
• Once the changes are approved the owner can now publish the policy

4. Employee Acceptance

Once published, policies are made available to employees for acknowledgement.

Uproot automatically:

• Tracks acceptance status in real time
• Stores acceptance records as audit evidence (compliance tests)

This removes the need for spreadsheets, email confirmations, or manual follow-ups.

Steps for Employees to Accept Policies

1. Employees click on their profile icon in the Uproot platform.
2. From the profile menu, they navigate to My Uproot (their organization workspace).
   
3. In My Uproot, they open the Policies tab.

4. Any policies requiring acceptance are listed.
5. The employee opens a policy to review the full, published policy text.

6. After reviewing, the employee accepts the policy.
   

After acceptance, Uproot automatically updates the policy status and records a timestamp, making it immediately available for audit review.