Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.matproof.com/llms.txt

Use this file to discover all available pages before exploring further.

Policy Management

Matproof generates a complete policy library pre-mapped to your active frameworks. Policies are produced in your chosen language (German, English, French, Spanish, Italian, or Dutch), version-controlled, and ready for review — so you start from a draft tailored to your organization, not a blank page.

Languages

When you set up your organization, you pick a policy language — the language Matproof generates policies in. Supported languages:
LanguageCode
Germande
Englishen
Frenchfr
Spanishes
Italianit
Dutchnl
You can change the policy language at any time in Settings → Organization.

Also generate English

DACH organizations often need parallel English versions of policies for international auditors, customers, or partners. Enable Also generate English in Settings to have Matproof produce both your primary-language version and an English version of every policy. The two versions stay in sync — when you edit one, the other can be regenerated to match. This is independent of the UI locale (the language the Matproof app itself displays in). You can run the app in German while generating policies in French.

Included policies

PolicyFrameworks satisfied
Information Security PolicyISO 27001, SOC 2, DORA, NIS2
Acceptable Use PolicyISO 27001, SOC 2
Access Control PolicyISO 27001, SOC 2, DORA
Incident Response PlanISO 27001, SOC 2, DORA, NIS2
Business Continuity PlanISO 27001, DORA
Disaster Recovery PlanISO 27001, DORA
Data Protection PolicyGDPR, ISO 27001
Vendor Management PolicyISO 27001, DORA, GDPR
Change Management PolicyISO 27001, SOC 2, DORA
Risk Management PolicyISO 27001, SOC 2, DORA
Cryptography PolicyISO 27001
Physical Security PolicyISO 27001
AI Use PolicyEU AI Act, ISO 42001
Sustainability PolicyCSRD / ESRS
Supply Chain ESG PolicyCSRD / ESRS
Custom frameworks can declare their own required policies — see Custom Frameworks.

Generating policies

1

Open Policies → Generate

From the sidebar, go to Policies → Generate. Matproof shows the policies suggested by your active frameworks.
2

Pick which policies to draft

Click Generate all, or select specific policies. Drafting takes 1–3 minutes per policy.
3

Review the draft in the editor

Each generated policy opens in the AI Policy Editor with sections, headings, and framework alignment notes already in place.
4

Customize

Edit, rewrite, or accept as-is. The AI’s draft is calibrated from your setup-wizard answers (industry, size, geography, work pattern), so it’s usually 70–80% right out of the box.
5

Set review dates and assign owners

Each policy needs a designated owner and a review cadence (typically annual). Auditors check both.
6

Publish

Click Publish. The policy becomes available for team acknowledgement and counts as evidence on the controls it satisfies.

The Policy Editor

The editor supports:
  • Rich text — headings, lists, tables, callouts
  • Inline AI suggestions — highlights gaps against framework requirements; offers stronger language where auditors expect specifics
  • Multi-language toggle — if “Also generate English” is enabled, switch between primary language and English views without losing edits
  • Version history — every save is a version; restore any prior version; diff between versions
  • Comments — inline comments for reviewers
  • Approval workflow — submit → review → approve, with the approval timestamp and reviewer name preserved as audit evidence
See AI Policy Editor for the editor’s deeper capabilities.

Publishing and acknowledgements

When you publish a policy:
  • Team members in the relevant role receive a notification
  • They can acknowledge reading the policy in the platform
  • Acknowledgement rate is tracked and exposed as evidence on training/awareness controls
  • For mandatory policies (typically driven by ISO 27001 or DORA), unacknowledged users surface as a finding
You can require re-acknowledgement when a policy is materially updated — useful for major policy changes (new incident reporting timeline, updated access control rules).

Version control

Matproof keeps full version history on every policy:
  • Saving creates a version automatically — you cannot lose work
  • Previous versions are archived (never deleted) and accessible from the policy header
  • The change log records who changed what and when
  • Affected team members are notified of material updates
  • Re-acknowledgement can be required on update
This audit trail satisfies ISO 27001 A.5.1 (policies for information security), SOC 2 CC2.2 (communication of policies), and DORA Article 5 (governance and organisation).

Exporting policies

Export individual policies or the full policy library:
  • PDF — for distribution and audit packages (includes approval status, version, last review date)
  • Word (.docx) — for further editing outside Matproof
  • ZIP bundle — full policy library at the current version, organized by framework
Open any policy and click Export, or go to Policies → Export library for the bundle.

AI Policy Editor

Editor capabilities and inline AI suggestions

Frameworks

How policies link to framework controls

Evidence Collection

Acknowledgements and version history as control evidence