Policy management basics
Create and organize policies for AI governance.
Overview
The Policy Manager in VerifyWise helps you create, organize, and maintain AI governance policies for your organization. Well-documented policies are the foundation of effective AI governance, demonstrating your commitment to responsible AI and ensuring consistent practices across teams.
Policies in VerifyWise can be created from scratch or built from pre-designed templates covering common AI governance topics. Each policy tracks its status through a defined lifecycle, from initial draft through review and approval to publication.
Why manage AI policies?
AI systems introduce unique governance challenges that traditional corporate policies may not address. From algorithmic bias to data privacy, from model transparency to human oversight, organizations need clear policies that define how AI should be developed, deployed, and monitored. Without documented policies, teams make inconsistent decisions, risks go unmanaged, and regulatory compliance becomes difficult to demonstrate.
- Regulatory compliance: Many AI regulations require documented policies covering AI development, deployment, and monitoring
- Consistent practices: Ensure all teams follow the same standards for AI development and use
- Risk management: Define acceptable uses, prohibited practices, and risk thresholds for AI systems
- Audit readiness: Demonstrate governance controls to auditors and regulators with documented policies
- Stakeholder trust: Show customers, partners, and the public that you take AI governance seriously
- Training foundation: Provide clear guidance that teams can reference and learn from
The policy manager screen
The Policy Manager has two main tabs for organizing your work:
Organizational policies
Your organization's custom policies. Create, edit, and manage policies that define your AI governance standards.
Policy templates
Pre-built templates covering common AI governance topics. Use templates as starting points for your own policies.
Policy status overview
At the top of the organizational policies tab, status cards show the distribution of your policies across each lifecycle stage:
- Draft — Policies being written or edited, not yet ready for review
- Under review — Policies submitted for stakeholder review
- Approved — Policies that have passed review and are ready for publication
- Published — Active policies that apply to your organization
- Archived — Older policies retained for reference but no longer active
- Deprecated — Policies that have been superseded or are no longer relevant
Creating a policy
To create a new policy:
- Click "Add new policy" in the organizational policies tab
- Enter a title that clearly describes the policy's purpose
- Write or paste the policy content using the rich text editor
- Select relevant tags to categorize the policy
- Set the initial status (typically Draft)
- Optionally set a next review date
- Save the policy
Policy fields
Each policy includes the following information:
- Title: A clear, descriptive name for the policy
- Content: The full policy text with rich formatting support
- Status: Current lifecycle stage (Draft, Under review, Approved, Published, Archived, Deprecated)
- Tags: Categories like AI ethics, Privacy, Security, EU AI Act, ISO 42001, etc.
- Next review date: When the policy should be reviewed for updates
- Author: The person who created the policy
- Last updated: When the policy was most recently modified
- Updated by: Who made the most recent changes
Available policy tags
VerifyWise provides predefined tags to help categorize your policies:
- Governance topics: AI ethics, Fairness, Transparency, Explainability, Bias mitigation, Accountability, Human oversight
- Technical areas: Privacy, Data governance, Model risk, Security, LLM, Red teaming, Monitoring
- Compliance frameworks: EU AI Act, ISO 42001, NIST RMF, Audit, Vendor management
Filtering and searching
The policy manager provides several ways to find specific policies:
- Filter: Filter by title, status, author, or next review date
- Group by: Group policies by status or author for easier navigation
- Search: Search for policies by title
Editing and deleting policies
To edit a policy, click on it in the table to open the detail view. Make your changes and save. The last updated timestamp and updated by fields will be automatically recorded.
To delete a policy, use the delete action in the policy table. Deleted policies cannot be recovered, so consider archiving policies instead if you may need to reference them later.
Frequently asked questions
Can we use our existing corporate policies?
Yes. You can paste existing policy content into VerifyWise to centralize your AI governance documentation. Many organizations start by importing their current policies, then use VerifyWise to track their status, schedule reviews, and maintain a single source of truth for AI governance.
How do AI policies relate to general corporate policies?
AI policies should complement your existing corporate policies, not replace them. Your general data protection, information security, and ethics policies still apply. AI-specific policies address the unique challenges of AI systems, such as model transparency, algorithmic fairness, and automated decision-making. Reference your corporate policies where applicable and focus AI policies on what is different about AI.
How many policies do we need?
Start with the policies required by your regulatory environment and add others based on your risk assessment. Most organizations need at minimum an AI ethics policy, a model development policy, and a data governance policy for AI. Use the policy templates as a guide for what topics to cover, but do not create policies just to check a box. Each policy should address a real governance need.
Who should write AI policies?
Policy development typically involves collaboration between technical teams who understand AI systems, legal and compliance teams who understand regulatory requirements, and business stakeholders who understand operational needs. Assign a policy owner responsible for drafting and maintaining each policy, with input from relevant subject matter experts.
How often should policies be reviewed?
Review policies at least annually, or more frequently for rapidly evolving areas. AI regulations and best practices are still developing, so policies may need more frequent updates than traditional corporate policies. Set review dates when you publish a policy and use VerifyWise to track when reviews are due.