Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.matproof.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

The AI Policy Editor helps you create compliance policies faster by generating framework-specific content, suggesting improvements inline, and ensuring your policies cover the requirements of your active frameworks. Instead of starting from a blank document, the editor produces a complete draft tailored to your organization that you review, customize, and approve.
The AI Policy Editor is available on all plans. Navigate to Policies and click New Policy or open an existing policy to access the editor.

Generating a new policy

1
Select the policy type
2
Go to Policies - New Policy. Choose from framework-specific templates:
3
  • Information Security Policy
  • Incident Response Policy
  • Access Control Policy
  • Business Continuity Policy
  • Data Protection Policy
  • Vendor Management Policy
  • And more, depending on your active frameworks
    • 4
    Provide context
    5
    The editor asks for basic context about your organization:
    6
  • Organization name and industry
  • Active frameworks (pre-filled from your settings)
  • Any specific requirements or constraints
    • 7
    This context shapes the generated content so it reflects your actual environment rather than generic boilerplate.
    8
    Review the generated draft
    9
    The AI produces a complete policy draft including:
    10
  • Purpose and scope
  • Roles and responsibilities
  • Policy statements aligned to your framework requirements
  • Review and approval procedures
    • 11
    The draft appears in the editor where you can make changes immediately.

    Inline AI suggestions

    While editing any policy, the AI provides inline suggestions:
    • Completeness checks - highlights sections where a framework requirement is not yet addressed
    • Improvement suggestions - recommends stronger language, more specific controls, or additional detail where auditors typically expect it
    • Framework alignment - shows which specific framework clauses or articles each section addresses
    To use inline suggestions:
    1. Open a policy in the editor
    2. Click the AI Assist button or select text and choose Suggest improvement
    3. Review the suggestion and accept, modify, or dismiss it
    Inline suggestions work best after you have made your initial edits to the generated draft. The AI uses your customizations as additional context for more relevant suggestions.

    Framework-aware content

    The editor understands which frameworks you have activated and adjusts content accordingly:
    FrameworkEditor behavior
    DORAIncludes ICT risk management language, incident reporting timelines, vendor criticality references
    ISO 27001Aligns sections to Annex A controls, uses ISO terminology
    NIS2References Article 21 measures, includes management accountability language
    GDPRIncludes data subject rights, legal bases, DPO references
    SOC 2Maps to Trust Services Criteria
    If you have multiple frameworks active, the editor produces unified content that satisfies overlapping requirements without duplication.

    Editing and collaboration

    The policy editor supports:
    • Rich text editing - headings, lists, tables, and callouts
    • Version history - every save creates a version you can review or restore
    • Comments - add inline comments for reviewers
    • Approval workflow - submit for review, track approvals, and publish

    Approval workflow

    Once a policy is ready:
    1. Click Submit for review
    2. Select the reviewer (typically a compliance lead or CISO)
    3. The reviewer receives a notification and can approve, request changes, or reject
    4. Approved policies are marked with an approval timestamp and reviewer name - this serves as audit evidence
    Most frameworks require policies to be formally approved by management. Always route policies through the approval workflow rather than publishing directly. The approval record is evidence during audits.

    Exporting policies

    Export policies for distribution or audit packages:
    1. Open the policy
    2. Click Export
    3. Choose PDF or Word
    Exported documents include the policy content, approval status, version number, and last review date.