Getting Started Last updated: 14 March 2026 · 5 min read

Creating Your First Policy

PolicySuite gives you two ways to create a policy: write one from scratch using the markdown editor, or start from one of 990+ professionally drafted templates. For most teams, templates are the faster path — you can have a publish-ready draft in minutes rather than hours.

1. Two ways to start a policy

From the main navigation, click Policies in the left sidebar. You'll see two options at the top of the page:

New Policy (blank) — opens the editor with an empty document; best when you have an existing policy to migrate or a highly specific internal procedure to write
Browse Templates — opens the 990+ template library filtered to your industry and country; best for standard compliance policies

If you're creating your first policy, browse the template library first. Even if you end up writing from scratch, reviewing comparable templates will help you understand the expected structure and scope.

2. Creating a policy from scratch

Click Policies > New Policy and complete the policy details form:

Title — use a clear, unambiguous name (e.g. "Acceptable Use Policy" not "AUP")
Category — select from IT Security, HR, Finance, Operations, Compliance, or Legal
Framework tags — tag relevant compliance frameworks your policy addresses: ISO 27001, SOC 2, GDPR, NIST CSF, HIPAA, PCI-DSS, and others are available. Tagging helps compliance_admins filter policies by framework during audits.

Click Create Policy to open the editor.

3. Writing in the editor

The PolicySuite editor uses Markdown with a live preview panel. Supported formatting includes:

Headings (#, ##, ###)
Bullet and numbered lists
Bold and italic text
Tables (for role matrices, scope tables, etc.)
Horizontal rules for section breaks

Your draft is saved automatically every 30 seconds. You can also press Save Draft at any time. Drafts are never visible to employees — only published versions are distributable.

Use the toggle at the top of the editor to switch between Edit and Preview mode. Preview renders your Markdown exactly as employees will see it during acknowledgement.

Tip: Keep policies under 2,000 words. Employees are far more likely to read and acknowledge shorter, plain-English policies. If a policy is growing long, consider splitting it into two focused documents — for example, separate "Password Policy" and "Multi-Factor Authentication Policy" rather than one large "Authentication & Access Control Policy".

4. Setting policy metadata

In the right-hand panel, fill in the metadata fields before submitting for review:

Review date — when this policy should next be reviewed and potentially updated; PolicySuite will remind the policy owner when this date approaches
Policy owner — the team member responsible for keeping this policy current; defaults to the author but can be reassigned
Applicable roles — which employee roles this policy applies to; used to suggest distribution targets when you create a distribution

5. The approval workflow

If your organisation has enabled approval workflows (configured in Settings > Policies > Workflow), you cannot publish directly. Instead:

Click Submit for Review when your draft is ready
The assigned reviewer receives an email notification with a link to the draft
The reviewer can Approve the draft (moving it to ready-to-publish) or Request Changes with inline comments
If changes are requested, you'll be notified and can edit the draft before resubmitting

If your organisation does not require approval workflows, policy_authors and compliance_admins can publish directly.

6. Publishing your policy

Once approved (or if no approval workflow is configured), click Publish. This:

Creates version 1.0 of the policy
Makes the policy available to include in distributions
Locks the published version — employees who have already acknowledged it will always be able to view the exact version they signed

Published policies appear in your Policies list with a green "Published" badge and a version number.

7. Version control

Every time you edit a published policy, PolicySuite creates a new draft alongside the existing published version. Employees continue to see the published version until you publish the new draft. When you publish the updated draft, the version number increments (1.0 → 2.0 for major changes, or 1.1 for minor amendments).

Employees who acknowledged version 1.0 may need to re-acknowledge version 2.0, depending on your distribution settings. All previous version acknowledgements are retained in the audit log permanently.

Still need help?

Email our support team at support@policy-suite.com — we typically respond within 24 hours.