All Services

Policy & Documentation

IT governance that protects your business

When things go wrong, you need a plan. When auditors come knocking, you need proof. We write the documentation that keeps your organisation compliant, secure, and prepared for anything, tailored to your business rather than pulled from a generic template.

Why Documentation Matters

No plan survives first contact with reality. Documentation makes the difference.

Risk Reduction

Documented procedures mean fewer mistakes. When everyone knows the process, you reduce human error and dramatically improve response times during incidents.

Compliance Ready

POPIA, ISO 27001, and industry audit standards all require formal IT governance documentation. We make sure you can prove compliance at any time.

Staff Clarity

Clear policies set expectations. Your team knows what is allowed, what is not, and exactly what to do when problems crop up, ideally before they ever do.

Business Continuity

When disaster strikes, organisations with documented recovery plans are back on their feet in hours. The ones without them can take weeks, and some never fully recover.

Documentation Suite

What We Create For You

Every document is written around your organisation, never a generic template. Here's what's in our portfolio.

Disaster Recovery Plan (DRP)

Get back online fast after any incident

A step-by-step guide for recovering your IT systems after a major incident, whether that is ransomware, hardware failure, or a natural disaster. We document your critical systems, recovery priorities, RTO/RPO targets, and communication protocols.

  • Business impact analysis (BIA)
  • Recovery time & recovery point objectives
  • Vendor and supplier contact lists
  • System restoration runbooks
  • Tabletop exercise scenarios
  • Annual testing and review schedule

IT Policy Framework

The rules that govern your technology

A comprehensive set of enforceable policies covering how your organisation uses technology. Clear, practical, and tailored to your size and industry, never generic templates.

  • Acceptable use policy (AUP)
  • Data classification and handling standards
  • Access control and privilege management
  • Password and authentication requirements
  • BYOD and remote work guidelines
  • Software and hardware procurement rules

Incident Response Plan (IRP)

Know exactly what to do when it counts

When a security breach or IT incident occurs, every minute counts. We create detailed response procedures so your team acts decisively, minimising damage, preserving evidence, and meeting your notification obligations.

  • Incident severity classification matrix
  • Escalation paths and responsibilities
  • Evidence preservation procedures
  • Regulatory notification timelines (POPIA)
  • Communication templates for stakeholders
  • Post-incident review and lessons learned

AI Acceptable Use Policy

Govern AI before it governs you

As AI tools become standard in the workplace, clear guidelines are non-negotiable. We help you define which tools are approved, what data can be shared with them, and how to maintain quality and legal compliance.

  • Approved AI tools and platforms list
  • Data sensitivity and privacy rules
  • Intellectual property considerations
  • Quality control and review obligations
  • AI output disclosure requirements
  • Staff training and acknowledgement process

POPIA Compliance Framework

Meet South Africa's data protection law

The Protection of Personal Information Act (POPIA) requires organisations to formalise how they collect, store, and process personal data. We create the full documentation package your Information Officer needs.

  • PAIA/POPIA manual
  • Data processing register
  • Consent management procedures
  • Data breach notification protocol
  • Supplier and third-party data agreements
  • Annual compliance review checklist

Password & Access Policy

Protect your systems at the front door

Weak credentials are the number-one attack vector. We create enforceable password and access management policies aligned with NIST best practices and your specific technology environment.

  • Password complexity and rotation standards
  • Multi-factor authentication requirements
  • Privileged access management rules
  • Joiner / mover / leaver procedures
  • Service account governance
  • Third-party and contractor access rules

Our Documentation Process

Every policy is built around your organisation, never copy-pasted from a template

01

Discovery

We learn your systems, processes, and business priorities through structured interviews and a technical environment review.

02

Gap Analysis

We compare your current documentation against compliance requirements and security best practices to identify exactly what is missing.

03

Drafting

We write clear, practical, business-specific documentation, with no copy-paste templates. Every document is tailored to your organisation and signed off by you.

04

Review & Refine

Your team reviews the drafts. We refine until the documentation is accurate, actionable, and fits the way your business actually works.

05

Implementation

We help you roll out policies, train staff, and establish review schedules so documentation stays current and effective.

Standards & Frameworks

Aligned to Industry Standards

All documentation is written to align with recognised frameworks

POPIA

Protection of Personal Information Act

ISO 27001

Information Security Management

NIST CSF

Cybersecurity Framework

CIS Controls

Center for Internet Security

PAIA

Promotion of Access to Information

GDPR

EU Data Protection (where applicable)

Not sure what you're missing?

We'll run a free policy gap analysis to identify exactly what documentation your organisation needs to be compliant and protected.