Uploading Your Policy/Policies
How do I upload a policy?
Step 1. Click on the Policy Assessment icon.
NOTE: You will see a list of policy families on the left-hand side, listed from 3.1 (Access Control) down to 3.14 (System and Information Integrity).
Step 2. Click on the policy family you wish to upload your policy.
Step 3. Click on the Upload Documents button located in the middle of the screen. A pop-up displays.
Step 4. Click on Attach Document.
Step 5. Select the document you wish to attach. See How do I attach multiple documents? for more information on adding multiple documents.
Step 6. Click the Open button.
Step 7. Click the Submit button.
NOTE: You will see a notification and pop-up once you have successfully uploaded your document.
Why can’t I attach my document?
Step 1. Check to see if you are uploading an accepted file type.
NOTE: Acceptable file types are limited to: .docx, .doc, .pdf. See What file types can be uploaded? for more information.
Step 2. Check to see if you are over the size limit: 20 MB.
Step 3. If it is a .PDF file, make sure it is not password protected.
NOTE: You can disable the password and upload the document. Once uploaded, you can re-enable the password. See How do I remove a password from PDF files?
Step 4. If you’re still having issues contact customer support at 1(443) 445-0560.
What file types can be uploaded?
Acceptable file types are limited to: .docx, .doc, .pdf. See “What file types can be uploaded?” for more information.
How do I delete a document?
Step 1. Locate the Delete linknext to the date/time stamp and person who uploaded the applicable document.
NOTE: You will receive a pop-up notification asking if you are sure you wish to delete.
Step 2. Click the Delete button to completely remove from the platform.
NOTE: You will not be able to recover this document from the platform after deleting.
How do I attach multiple documents?
Step 1. Click Upload Documents button.
Step 2. Click the Attach Document button.
Step 3. Select each document using the <Ctrl> key until all the applicable documents needed are highlighted.
Step 4. Click the Open button.
Step 5. Click the Submit button.
NOTE: This will reassess your document set and provide you with a new score, KENI and overall assessment.
Don’t have any policies?
Click on the Policy Builder iconin the left menu and follow the instructions to create your policies.
Building NIST 800-171 Policy Documents Using Policy Builder
How do I get to Policy Builder?
There are several ways to get to policy builder:
- From the Dashboard , click the link Don't have policies and need assistance in creating them? Click here to use Policy Builder!
- Click the Policy Builder icon located on the static menu located on the left of the screen.
- Under the policy assessment area, each policy family has a link to the specific template in policy builder. There you will find please click here to go to Policy Builder.
NOTE: This will take you directly to the Policy Planning Information for that applicable policy.
How do I create a policy?
Step 1. Download the GAP assessment and Risk Register spreadsheet by clicking on the blue hyperlinked text from the welcome pop-up.
NOTE: If you’ve already closed your welcome pop-up you can re-open by clicking on the link “Policy Planning Information” located on the top right corner of the site.
Step 2. Read through the NIST provided instructions on how to do a GAP assessment and Risk Register. This will help show you where you are missing controls and is a crucial step to building an effective policy.
Step 3. Next, follow our guide to prepare, gather and consult the appropriate materials and people.
Step 4. Click the link If you are ready, get started ->.
What does prepare, gather and consult mean?
- Prepare – lists recommended steps that should be taken before starting the Policy Builder process
- Gather – provides insight into documents and records that will be helpful in writing new policy documents
- Consult – suggests individuals within your company that will likely be able to answer questions that come up during the Policy Builder process.
How do I edit a policy document?
Step 1. Click on the pencil iconnext to the area you wish to edit. It will bring up the content on a new pop-up on the lower left-hand side.
Step 2. Make any edits as needed.
Step 3. Click Save once finished OR if you don’t want to save your work, click the Cancel or Exit button.
Step 4. If you selected to Cancel or Exit, A prompt asks if you really want to close. Click Yes or No to cancel or go back to the previous screen.
Step 5. If Yes is selected, all changes for that session will be reverted.
Step 6. If No is selected, it will bring you back so you can save any changes made.
NOTE: If you accidentally saved some changes but want the original template back, you can click the Reseticon next to the section to revert back to the default information with all changes and additions removed. See the section I’ve messed up, can I get the original templates back? for more information.
How do I save my policy to my computer?
Step 1. Once you are satisfied with your edits, click the up arrowlocated on the bottom right-hand corner.
NOTE: If you have not made sufficient changes to the policy document, a pop-up window will displays and state The items referenced below have not been customized. Do you still want to aggregate the controls and export?
Step 2. Click Yes if you are ready to save to your computer, OR click No if you want to make changes.
I’ve messed up, how do I get the original templates back?
The Reset iconis visible for each section.
Step 1. Click the Reset icon to revert your changes.
NOTE: A pop-up warning, Clicking on the reset button will reset the controls below to the original setting. Are you sure you want to reset? displays.
Step 2. Click Yes to reset.
Step 3. You will need to do this for each control section you wish to bring back to the original state.
NOTE: Any resets cannot be undone, please be sure that you want to remove any changes made to that section prior to resetting.
Do I have to edit these templates?
Yes. These templates are generic for all industries, company sizes, and locations. They are lacking the specific policies and content in which your company has in place. If the templates are not properly edited you will not have effective cybersecurity policy documents.
Do I have to edit each section?
Some sections may or may not be applicable to your particular company. Read the instructions, guidelines and other information (from our resource tab) to make a judgment on whether or not a particular control applies to your company.
If you decide it is not relevant, uncheck the Guidelines control checkboxand it will be excluded in the exported policy document when you complete the process. For more information, see What does the checkmark/checkbox mean?
What does the checkmark/checkbox mean?
The Guidelines checkboxis checked by default. That means that the section/control will be included when you export the document. If you feel that you’ve covered that control in another policy area or that it is not in the scope of your company, uncheck the box and it will be removed from the aggregated policy document.
What is the tracking number?
The tracking number is for your own internal use, you can use it to keep track of version number. It is not a mandatory field and you can freely add any other information or exclude that field from your policy document.
I only see 3.1, where are the other policy family template documents?
On the left-hand side, click the hamburger icon. This will bring up the list of all of the policy families (14 in total).
How do I score my Policy Builder documents after I have completed customizing them?
Click on the checkmark icon https://www.platform.ismsapplications.com link.on the top left-hand corner of the website. This will take you back to the main platform or simply go to the