Policies in a folder don't count as evidence.
Most businesses have security policies somewhere. They were written two years ago, saved to a shared drive, and acknowledged by exactly one person who no longer works there. When an auditor asks for evidence that staff are aware of your password policy, "it's in the folder" is not an answer.
The CyberGrape policy module changes the relationship between your policies and your certification. Every policy is published from the platform, acknowledged by your team with a tracked timestamp, and automatically mapped to the SMB1001 controls it supports. Your evidence is built as you go.
What the policy module does.
Policy library
A central library for every security policy your business operates. Acceptable use, password management, data handling, incident response, AI use: each version controlled, each linked to the SMB1001 controls it satisfies.
Platform policy templates
Starting from scratch is the hardest part. The CyberGrape Platform includes pre-built policy templates aligned to SMB1001 requirements. Edit them to match your business: the structure and the compliance mapping are already done.
Staff acknowledgement and sign-off
Every policy can be sent to your team for acknowledgement directly from the platform. Tracked per employee, timestamped, and automatically included in your SMB1001 evidence pack. No chasing people for email confirmations.
Version control and history
Every policy change is versioned. You can see who edited a policy, what changed, and when. Your auditor can see the full history. Your team always has the current version in front of them.
SMB1001 control mapping
Each policy automatically mapped to the SMB1001 controls it supports. Publish a password policy and the relevant controls update. The platform connects the documentation to the certification evidence without manual work.
Evidence pack integration
Policy documents, version history and staff sign-off records all flow directly into your SMB1001 evidence pack. By the time you are ready to certify, your policy evidence is already compiled.
Inside the policy module
Policies, versions, sign-offs: all in one place.
Every policy your team has published is tracked here. You can see at a glance who has acknowledged each one, which version is current, and when the next review is due. Your evidence pack builds itself as you go.
- Sign-off progress tracked per employee
- Version history retained for auditors
- SMB1001 control mapping auto-applied
Templates for every policy SMB1001 requires.
The platform includes pre-built templates for every policy type required across the five SMB1001 tiers. Customise them for your business: the SMB1001 control mapping is already done.
Policies that work as evidence, not just documents.
Get started and have your first policies published and acknowledged in your first week.