Policy acknowledgments provide documented proof that employees have read and accepted your organization’s policies. This is a critical compliance requirement across all frameworks and serves as evidence during audits.

Why Acknowledgments Matter

Compliance frameworks require organizations to demonstrate that employees are aware of and agree to follow security policies. Acknowledgments provide:
  • Audit evidence that employees were informed of policies and their obligations
  • Legal protection by documenting employee acceptance of organizational rules
  • Compliance coverage for controls related to security awareness and acceptable use
  • Accountability by creating a record that employees understood their responsibilities
Acknowledgments are mapped to compliance controls automatically. When employees acknowledge a policy, the relevant controls gain evidence coverage across all applicable frameworks.

Sending Acknowledgment Requests

You can send acknowledgment requests for any policy that is in Published status.
1

Open the Published Policy

Navigate to Policies and open the policy you want employees to acknowledge.
2

Click Send Acknowledgment

Click the Send Acknowledgment button. This opens the recipient selection dialog.
3

Select Recipients

Choose who needs to acknowledge the policy:
  • All employees - Send to everyone in your organization
  • Specific groups - Send to personnel groups (e.g., Engineering, Sales, Contractors)
  • Individual people - Select specific team members
Not every policy needs to go to every employee. An Encryption Policy may only need acknowledgment from the engineering team, while an Acceptable Use Policy should go to everyone.
4

Set a Deadline

Optionally set a deadline by which employees must complete their acknowledgment. Deadlines trigger reminder notifications as the due date approaches.
5

Send

Click Send. Each selected recipient receives an email notification with a link to review and acknowledge the policy.

Employee Acknowledgment Flow

When an employee receives an acknowledgment request, they follow this process:
1

Notification

The employee receives an email notification that a policy requires their acknowledgment. The email includes the policy name, a brief description, and a link to the Employee Portal.
2

Review the Policy

The employee opens the policy in the Employee Portal and reads the full content. For uploaded or linked documents, the portal displays or links to the document directly.
3

Acknowledge

After reading the policy, the employee clicks the Acknowledge button. This records their acceptance with a timestamp and their identity.
4

Confirmation

The employee receives a confirmation that their acknowledgment has been recorded. The policy is marked as acknowledged in their Employee Portal dashboard.
Employees can access all policies requiring acknowledgment from their Employee Portal dashboard. The portal shows pending, completed, and overdue acknowledgments in a single view.

Tracking Acknowledgment Status

As an administrator, you can track acknowledgment progress at both the policy level and the organization level.

Policy-Level Tracking

Open any published policy and navigate to the Acknowledgments tab to see:
MetricDescription
Total sentNumber of acknowledgment requests sent for this policy
CompletedNumber of employees who have acknowledged
PendingNumber of employees who have not yet acknowledged
OverdueNumber of employees past the deadline who have not acknowledged
Completion ratePercentage of recipients who have acknowledged
The acknowledgment list shows each recipient with their status, date of acknowledgment (if completed), and time remaining until deadline.

Organization-Level Tracking

The compliance dashboard provides aggregate acknowledgment metrics:
  • Overall acknowledgment completion rate across all policies
  • Policies with the lowest acknowledgment rates
  • Employees with overdue acknowledgments
  • Recent acknowledgment activity
View acknowledgment status for a specific policy. See which employees have acknowledged, which are pending, and which are overdue. Export the list for reporting.

Reminders and Deadlines

LowerPlane provides automated reminders to help ensure timely acknowledgment completion.

Automatic Reminders

When a deadline is set, LowerPlane sends automated email reminders:
  • 7 days before deadline - First reminder to employees who have not yet acknowledged
  • 3 days before deadline - Second reminder with increased urgency
  • 1 day before deadline - Final reminder before the deadline expires
  • On deadline - Notification that the deadline has passed (sent to both the employee and the policy owner)

Overdue Handling

After a deadline passes, overdue acknowledgments are:
  • Flagged with an Overdue badge in the tracking view
  • Surfaced on the compliance dashboard as an action item
  • Included in compliance reports as an open gap
  • Reported to the policy owner and compliance administrators
Overdue acknowledgments can impact your compliance readiness score. Controls that depend on policy acknowledgment evidence will show degraded status when acknowledgments are overdue.

Sending Manual Reminders

In addition to automatic reminders, you can send manual reminders at any time:
  1. Open the policy and go to the Acknowledgments tab
  2. Filter for Pending or Overdue employees
  3. Select the employees you want to remind
  4. Click Send Reminder

Re-Acknowledgment

When a policy is updated and republished, you may need employees to acknowledge the new version.
1

Update and Republish

Edit the policy, go through the approval workflow, and publish the updated version.
2

Send New Acknowledgment Requests

Send acknowledgment requests for the updated policy. LowerPlane treats this as a new acknowledgment cycle, separate from previous versions.
3

Track New Cycle

The acknowledgments tab shows the current cycle’s progress. Previous acknowledgment records are preserved in the version history.
Not every policy update warrants re-acknowledgment. Minor formatting changes or typo corrections typically do not need new acknowledgments. Reserve re-acknowledgment for substantive changes that affect employee obligations.

Acknowledgment Records as Evidence

Acknowledgment records serve as compliance evidence for controls related to:
  • Security awareness and training
  • Acceptable use agreements
  • Confidentiality agreements
  • Data handling procedures
  • Code of conduct
These records include:
  • Employee name and email
  • Policy name and version
  • Date and time of acknowledgment
  • IP address of the acknowledging session
Acknowledgment records are immutable. Once an employee acknowledges a policy, the record cannot be modified or deleted. This ensures the integrity of your compliance evidence for audits.

Best Practices

Include policy acknowledgment in your employee onboarding process. New hires should acknowledge all relevant policies within their first week.
Give employees enough time to actually read the policies. A 7-14 day deadline is reasonable for most policies. Urgent security updates may warrant shorter deadlines.
Send acknowledgment requests only to employees for whom the policy is relevant. Over-sending creates fatigue and reduces the likelihood of employees actually reading the content.
Establish an annual cycle where all employees re-acknowledge key policies. This demonstrates ongoing awareness and is expected by most auditors.