Document READINESS CHECK
Section SECTION 1 OF 5
Category FOUNDATION AND POLICIES
Status AUTOSAVING

Foundation and policies

Answers save as you choose them.

1.1 Do you have written security policies that employees can find - e.g. information security, acceptable use, data handling?

We mean actually written down in a doc or wiki, not just understood by the team.

1.2 Have all current employees and contractors signed off on those policies in the last 12 months?

A documented acknowledgment - email confirmation, signed PDF, or a tool that tracks it - is what we mean.

1.3 Is there one named person responsible for security at the company?

At small teams this is usually the CTO or a technical founder. It just needs to be someone, on paper.