Skip to main content

Policies and Procedures (PnP)

The Policies and Procedures (PnP) module is used by organizations to manage internal compliance documentation. It allows admins to upload policy documents, assign internal signers, and track completion — helping enforce organizational adherence to regulatory standards like HIPAA.

What is a Policy or Procedure?

Policies and Procedures are internal documents that define how the organization operates securely and in compliance with regulations.

Examples:

  • Password Management Policy
  • Incident Response Procedure
  • Data Retention Policy

PnP Workflow Overview

  1. Folder Creation

    • Org Admin creates folders to organize documents by category or department.

  2. Document Upload

    • Admin uploads documents (PDF/DOCX) into appropriate folders.

  3. Assign Signers

    • Admin assigns internal users (employees) who are required to review and sign the document.
    • Users are notified and given access to sign from their dashboard.

  4. Signature Tracking

    • Admins can track which users have signed or missed a deadline.
    • Signed copies are stored and available for export during audits.

Who Can Access PnP?

RoleAccess Level
Org AdminFull access
Compliance AnalystFull access (if scoped)
Org AuditorRead-only
EmployeeRead-only + Sign
VendorNo access

PnP Page Capabilities

For Org Admins & Scoped Compliance Analysts:

  • Create folders
  • Upload and delete documents
  • Assign documents to team members
  • Monitor signature status
  • Reassign or remove signers
  • Export signed logs

For Internal Users (Employees):

  • View assigned documents
  • Sign once per document
  • Download signed copy

Permissions & Restrictions

  • Only Org Admins and scoped Compliance Analysts can manage PnP.
  • Employees cannot create, upload, or delete documents.
  • Auditors can view all documents but cannot interact with them.
  • Vendors do not have access to this module.

Signature Quality and Audit Trail

Every PnP e-signature uses the same unified signature model as BAA:

FieldWhat it records
Content hashSHA-256 of the exact file bytes at signing time
Signature hashTamper-evident hash of subjectType:subjectId:versionId:signerType:signerId:contentHash:issuedAt
IP addressSigner's IP at the moment of signing
User-agentSigner's browser/client string
issuedAtISO timestamp frozen at write time — never updated

One signature per document per user — the database enforces this with a unique index. If a user tries to sign a document they have already signed, the system returns an error. There is no "re-sign" flow.

Document Viewer

  • Inline DOCX preview — DOCX files are rendered directly in the document viewer without requiring a separate download. PDF files have always been viewable inline.
  • Deep-linkable selections — the PnP explorer syncs folder and document selections to the URL search parameters. Admins and reviewers can share a direct link to a specific folder or document.

Document Audit Trail

Each action within PnP is logged:

  • Who uploaded or edited the document
  • Who was assigned to sign
  • Who signed and when

This information is critical for external audit reviews.

Troubleshooting & Notes

  • File won’t upload: Only PDF and DOCX are supported.
  • User can't see assignment: Confirm they’re part of the same organization.
  • Signer not notified: Check email delivery or resend notification manually.

📎 Related Pages