Skip to content
TruthVouch Docs

Policy Review Reminders

Policies must be reviewed and renewed periodically. Set up reminders to review, attest, and renew policies. When reminder triggers, staff review and confirm policy is still valid or request updates. Attestations create compliance evidence.

Setting Review Cycles

  1. Go to CompliancePolicies → [Policy]
  2. Click Review Cycle
  3. Configure:
    • Frequency: Annual, semi-annual, quarterly, monthly, custom
    • Remind Before: 30 days, 14 days, 7 days before due date
    • Reviewers: Select who must attest (manager, compliance officer, etc.)
    • Require Changes: If policy must be updated before approval
  4. Click Save

Reviewers automatically notified via email and in-app. When approved, attestation logged as compliance evidence.

Review Workflow

Initial Setup

  1. Policy published with review cycle
  2. Review due date calculated (e.g., 1 year from publication)
  3. Review reminders sent 30/14/7 days before

Review Period

  1. Reviewer gets notification: “Policy ‘Data Protection’ review due in 30 days”
  2. Reviewer opens policy
  3. Reviews content: Is it still accurate? Still being followed?
  4. Options:
    • Approve As-Is: Policy still valid, no changes needed
    • Approve With Updates: Update policy language, then approve
    • Request Changes: Flag specific issues for policy owner to fix

Approval

If approved:

Attestation recorded:
  Reviewer: john.doe@company.com
  Policy: Data Protection v2.1
  Date Approved: Mar 15, 2025
  Status: "Approved as-is"
  Valid Until: Mar 15, 2026
  Signed: Yes (user confirmation)


Counts as compliance evidence automatically

Overdue Management

If deadline passes without approval:

  1. Escalation Email: “Policy review overdue - requires immediate approval”
  2. Compliance Dashboard: Shows overdue items in red
  3. Audit Flag: Overdue review recorded in audit trail
  4. Remediation Task: Create ticket to get approval

Attestation Types

Policy Attestation

“I have reviewed this policy and confirm it is still accurate and being followed.”

Frequency: Annual Reviewers: Policy owner + department head Evidence Value: Proves policy is current and enforced

Awareness Attestation

“I understand and will comply with this policy.”

Frequency: Upon hire, annually Reviewers: All employees Evidence Value: Proves training/awareness

Effectiveness Attestation

“We have tested and verified this control is working correctly.”

Frequency: Quarterly/annually Reviewers: Quality assurance, compliance team Evidence Value: Proves control works (SOC 2, ISO requirement)

Reminder Configuration

Email Reminders

  1. SettingsComplianceNotifications
  2. Configure:
    • Email address to send reminders
    • Escalation recipients (if overdue)
    • Reminder frequency (30, 14, 7 days before)
  3. Optional: Include policy document in email

In-App Notifications

Reviewers see notifications in TruthVouch dashboard:

  • Badge on Compliance → Policies
  • List of due/overdue policies
  • Direct link to review

Calendar Integration

Export review schedule to calendar:

  1. CompliancePoliciesExport Calendar
  2. Choose format (iCal, Google Calendar, Outlook)
  3. Sync with team calendar

Tracking & Reports

Review Status Dashboard

See all policy reviews at a glance:

Policy Reviews (Q1 2025)
├── On Time (12/15)
│   ✓ Data Protection
│   ✓ Access Control
│   ...
├── Due Soon (2/15)
│   ⚠ Incident Response (due in 5 days)
│   ⚠ Training Policy (due in 10 days)
└── Overdue (1/15)
   ✗ PII Handling (overdue 15 days)

Review History

See review decisions over time:

Policy: Data Protection
├── v2.1 - Approved Mar 2025 by John Doe
├── v2.0 - Approved Mar 2024 by Jane Smith
│       Changes: Updated data retention
└── v1.9 - Approved Mar 2023 by Bob Johnson

Compliance Evidence

All attestations automatically appear in compliance records:

Control: ISO 42001 4.3 (AI Governance)
Evidence:
  ✓ Data Protection Policy Attestation (Mar 2025)
  ✓ Access Control Policy Attestation (Mar 2025)
  ✓ Training Attestation (Mar 2025)


Status: 100% Attested

Best Practices

  1. Annual Reviews: Minimum once per year
  2. Escalate Early: Send reminders 30 days in advance
  3. Document Changes: Update policies based on review feedback
  4. Track Evidence: Keep signed attestations for audits
  5. Accountability: Assign specific reviewers, not just “team”
  6. Escalation Process: Define who approves if primary reviewer unavailable