Compliance Policies
What Is A Policy?
Dash Compliance Policies are administrative policies mapped to established compliance and regulatory standards and are built to help your team accomplish the following:
Meet administrative safeguard requirements for compliance standards including SOC 2 and HIPAA
Set realistic standard operating procedures (SOPs) for how your team manages compliance within your organization and the cloud.
Provide a guide for how your team manages compliance going forward.
Provide Dash ComplyOps application with info to better monitor your infrastructure (ie. detect specific encryption or user standards based on policy standards).
When getting starting with Dash, Compliance Policies are a great first place to start managing your security program and gaining an understanding of compliance standards and what is required from your organization.
Getting Started With Policies
The first time, your team enters the Policy Center and navigate to Policy Center > Policy Configuration, you will be prompted to select the security programs (policy sets) you would like to adopt.
Select the Security Programs at the top of the page
Click the “Create Policy Set” button
You will be taken to the Initial Policy Questionnaire page:
Answer the questions to the best of your ability, as they will help define further policy standards.
You are be able to change these answers later.
Context for each question is provided on the right when you select the question input.
Go to the bottom of the page and click the “Save Button”
You will be taken to the following Policy List page:
Creating Policies
The Policy Center provides teams with over 15 different compliance policies to build your security program. It is recommended that your team adopts all Dash policies. If your team has existing external policies, it is still recommended that your team answers and generates policies and then upload your custom policies.
Answering all policy questions helps to inform the Dash application of your company’s security program standards, and will enable Dash ComplyOps to monitor and use your security program settings across the Dash application.
Policies can be created in any order, but are typically most straightforward working top to bottom. To create policies, your team should take the following steps:
Go to the Policy Center > Compliance Policies
For each policy, click the “Start Policy” button.
Any Initial Policy Questionnaire answers will be prefilled for the selected policy.
Select the appropriate answer for all questions in the policy.
Some questions will have dropdowns with recommended answers, others will require text from your team.
Answers for questions are automatically saved, so your team can answer questions and come back to policies later.
You will be unable to create a new version of the policy, without all questions being answered.
After answering all questions, scroll to the bottom and click the “Go to Policy Document” button
Dash will create version of this policy based on your answers and take you to the Policy Editor
Changing answers for a policy and generating the policy again will create a newly versioned policy using your latest answers/changes.
In the Policy Editor page provides the following navigation:
Policy History/Versions - View a list of all policy saves/versions. Dash automatically saves policy versions periodically.
View Policy - View the full policy version, complete with all variables and edited text.
Policies can be exported as PDFs in this area as well.
Save - Save changes to your current policy document.
You can edit the administrative policy in the text editor:
You can add or remove relevant segments to the policy
Answers from policy questions are formatted as variables
IE. Company Name = {{company_name}}
Changing answers for a policy and saving policy again will update the variables using your latest answers/changes.
Click the “Save” button to save changes.
You can see the view the full policy by clicking the “View Policy” button.
After creating and editing a policy, you. On this page you can take the following options:
Edit Policy - Takes you back to the Policy Editor page.
Share Policy - Copy the URL of this policy to share with another user of Dash.
Export Policy - Download the Word document of the policy (with compliance annotations).
Updating Policies
Editing Answers & Policies
At any point after answering policy questions or editing policy text, you may make changes to policeis.
1. Navigate to to the policies list at Policy Center → Compliance Policies
2. Click the “Edit Policy” button next to the individual policy to edit.
3. The latest standards/answers of your current policy will be shown on the next page.
You may modify or update any answers to your policy and then click the “Go to Policy Document” button.
You will be taken to the Policy Editor with the latest version of your policy.
You can make any edits to the policy text and save them by clicking the “Save” button
After saving, you can view your latest policy by clicking the “View Policy” button
Exporting Policies
At any point, you can download Dash ComplyOps policies to share with clients, employees, etc.
Navigate to Policy Center → Compliance Policies.
For the policy you want to export → Click the “View Policy” button
Click the “Export Policy” button in the top navigation
Dash ComplyOps will generate a PDF and start downloading the file in your browser.
The export function may take 10 seconds or so to generate the file.
If you do not see the PDF download, check your browser search bar for any alerts or restricted downloads, and allow the site to download files.
Uploading Custom Policies
Navigate to Policy Center → Compliance Policies
Click the “View/Upload Legacy Polices” button at the top of the page
In this page you can manage any legacy security policies, documents, and all other security materials.
Click the “Upload Document” button.
Enter a name for the document being uploaded.
Select the document to upload with the “Click to upload” button.
Click the “Upload” button
You will now see the new file in the document list
