Compliance Policies
What Is A Policy?
Dash Compliance Policies are mapped to established compliance and regulatory standards and are built to help your team accomplish the following:
Meet administrative safeguard requirements for compliance standards including SOC 2 and HIPAA
Set realistic standard operating procedures (SOPs) for how your team manages compliance within your organization and the cloud.
Provide a guide for how your team manages compliance going forward.
Provide Dash ComplyOps application with info to better monitor your infrastructure (ie. detect specific encryption or user standards based on policy standards).
When getting starting with Dash, Compliance Policies are a great first place to start managing your security program and gaining an understanding of compliance standards and what is required from your organization.
Getting Started With Policies
The first time, your team enters the Policy Center and navigate to Compliance Policies, you will be prompted to answer the Initial Policy Questionnaire.
The initial questionnaire asks basic questions about your team's overall security practices and solutions you may have implemented.
1. Click “Start Initial Policy Questionnaire” button to start the compliance policy process.
2. Answer all questions to the best of your knowledge.
3. These answers will be available as options for further policy creation.
4. If you are unsure on answer, enter your best answer since these answers can be changed later.
5. Once you have answered all questions, scroll to the bottom and click the “Save” button.
6. You will then be presented with a list of all policies.
Refresh the page, if you do not see this page after saving.
Creating Policies
The Policy Center provides teams with over 15 different compliance policies to build your security program. It is recommended that your team adopts all Dash policies. If your team has existing external policies, it is still recommended that your team answers and generates policies and then upload your custom policies.
Answering all policy questions helps to inform the Dash application of your company’s security program standards, and will enable Dash ComplyOps to monitor and use your security program settings across the Dash application.
Policies can be created in any order, but are typically most straightforward working top to bottom. To create policies, your team should take the following steps:
1. For each policy, click the “Start Policy” button.
You may be shown several answers from the initial questionnaire that can be automatically adopted in the policy process. You can select to “Adopt” any relevant answers and then click “Continue Policy”.
2. Select the appropriate answer for all questions in the policy.
Some questions will have dropdowns with recommended answers, others will require input from your team.
Answers for questions are automatically saved, so your team can answer questions and come back to policies later.
You will be unable to generate a new version of the policy, without all questions being answered.
You can schedule Compliance Tasks (compliance program todos) for policy standards as you create policies, by clicking the “Add Task” button next to any questions/standards.
3. After answering all questions, scroll to the bottom and click the “Generate Policy” button
4. Dash will automatically create version of this policy based on your answers.
Changing answers for a policy and generating the policy again will create a newly versioned policy using your latest answers/changes.
5. After generating a policy, you will be taken to the Policy Documents page for the individual policy you were working on. On this page you can take the following options:
Preview - See a preview for all answers used to generate the policy.
PDF - Download the PDF policy (without annotations).
Word - Download the Word document of the policy (with compliance annotations).
View (For uploaded policies) - Download the uploaded policy file.
Updating Policies
Editing Answers & Policies
At any point after answering policy questions or generating policies, you may make changes and create new versions of policies. It is recommended that changes be immediately made in these questions/answers in order to keep all data up-to-date for Dash monitoring, etc.
1. Navigate to to the policies list at Policy Center → Compliance Policies
2. Click the “Edit Policy” button next to the individual policy to edit.
3. The latest standards/answers of your current policy will be shown on the next page.
4. You may edit all answers to update your policy. Click “Generate Policy” to create a new version of your policy.
Standards/answers will automatically be saved as you make changes to fields, but new policy files will NOT be created until you click the “Generate Policy” button.
5. You will now see a new version of your policy in the Policy Documents page for the individual policy.
Inline Editing
Generating policies gives your organization a great start on developing your security program and creating administrative policies. We recommend always starting with policy questions/answers to build policies, but sometimes your team may need may need to make manual edits to policy documents.
In this case, your team can edit policies “in-line” by following these steps:
1. Navigate to to the policies list at Policy Center → Compliance Policies
2. Click the “Policy Documents” button next to the individual policy.
3. Click the “Doc” button to download the word document for the policy
4. Open the downloaded policy document in your text editor
5. You may add/delete/modify sections of the word document to fit your organization’s needs
6. Once complete, navigate once again to the “Policy Documents” for the individual policy.
7. Click the “Upload Policy Manually” button and upload the modified word document for your policy.
The latest policy will now be saved in your policy versioning.
Downloading Policies
At any point, you can download a set of your Dash ComplyOps policies to share with clients, employees, etc.
Navigate to Policy Center → Compliance Policies.
Scroll to the bottom of the page.
Click the “Download Full Policy Set (PDF)” or “Download Full Policy Set (Word)” to download a zip file of all current compliance policies.