Policy & Documentation
IT governance that protects your business
When things go wrong, you need a plan. When auditors come knocking, you need proof. We write the documentation that keeps your organisation compliant, secure, and prepared for anything, tailored to your business rather than pulled from a generic template.
Why Documentation Matters
No plan survives first contact with reality. Documentation makes the difference.
Risk Reduction
Documented procedures mean fewer mistakes. When everyone knows the process, you reduce human error and dramatically improve response times during incidents.
Compliance Ready
POPIA, ISO 27001, and industry audit standards all require formal IT governance documentation. We make sure you can prove compliance at any time.
Staff Clarity
Clear policies set expectations. Your team knows what is allowed, what is not, and exactly what to do when problems crop up, ideally before they ever do.
Business Continuity
When disaster strikes, organisations with documented recovery plans are back on their feet in hours. The ones without them can take weeks, and some never fully recover.
What We Create For You
Every document is written around your organisation, never a generic template. Here's what's in our portfolio.
Disaster Recovery Plan (DRP)
Get back online fast after any incident
A step-by-step guide for recovering your IT systems after a major incident, whether that is ransomware, hardware failure, or a natural disaster. We document your critical systems, recovery priorities, RTO/RPO targets, and communication protocols.
- Business impact analysis (BIA)
- Recovery time & recovery point objectives
- Vendor and supplier contact lists
- System restoration runbooks
- Tabletop exercise scenarios
- Annual testing and review schedule
IT Policy Framework
The rules that govern your technology
A comprehensive set of enforceable policies covering how your organisation uses technology. Clear, practical, and tailored to your size and industry, never generic templates.
- Acceptable use policy (AUP)
- Data classification and handling standards
- Access control and privilege management
- Password and authentication requirements
- BYOD and remote work guidelines
- Software and hardware procurement rules
Incident Response Plan (IRP)
Know exactly what to do when it counts
When a security breach or IT incident occurs, every minute counts. We create detailed response procedures so your team acts decisively, minimising damage, preserving evidence, and meeting your notification obligations.
- Incident severity classification matrix
- Escalation paths and responsibilities
- Evidence preservation procedures
- Regulatory notification timelines (POPIA)
- Communication templates for stakeholders
- Post-incident review and lessons learned
AI Acceptable Use Policy
Govern AI before it governs you
As AI tools become standard in the workplace, clear guidelines are non-negotiable. We help you define which tools are approved, what data can be shared with them, and how to maintain quality and legal compliance.
- Approved AI tools and platforms list
- Data sensitivity and privacy rules
- Intellectual property considerations
- Quality control and review obligations
- AI output disclosure requirements
- Staff training and acknowledgement process
POPIA Compliance Framework
Meet South Africa's data protection law
The Protection of Personal Information Act (POPIA) requires organisations to formalise how they collect, store, and process personal data. We create the full documentation package your Information Officer needs.
- PAIA/POPIA manual
- Data processing register
- Consent management procedures
- Data breach notification protocol
- Supplier and third-party data agreements
- Annual compliance review checklist
Password & Access Policy
Protect your systems at the front door
Weak credentials are the number-one attack vector. We create enforceable password and access management policies aligned with NIST best practices and your specific technology environment.
- Password complexity and rotation standards
- Multi-factor authentication requirements
- Privileged access management rules
- Joiner / mover / leaver procedures
- Service account governance
- Third-party and contractor access rules
Our Documentation Process
Every policy is built around your organisation, never copy-pasted from a template
Discovery
We learn your systems, processes, and business priorities through structured interviews and a technical environment review.
Gap Analysis
We compare your current documentation against compliance requirements and security best practices to identify exactly what is missing.
Drafting
We write clear, practical, business-specific documentation, with no copy-paste templates. Every document is tailored to your organisation and signed off by you.
Review & Refine
Your team reviews the drafts. We refine until the documentation is accurate, actionable, and fits the way your business actually works.
Implementation
We help you roll out policies, train staff, and establish review schedules so documentation stays current and effective.
Aligned to Industry Standards
All documentation is written to align with recognised frameworks
POPIA
Protection of Personal Information Act
ISO 27001
Information Security Management
NIST CSF
Cybersecurity Framework
CIS Controls
Center for Internet Security
PAIA
Promotion of Access to Information
GDPR
EU Data Protection (where applicable)
Not sure what you're missing?
We'll run a free policy gap analysis to identify exactly what documentation your organisation needs to be compliant and protected.