LowerPlane provides multiple ways to create and manage policies. Whether you want to start from a pre-built template, write from scratch, upload existing documents, or link to external files, LowerPlane tracks everything in a unified policy library.

Creating from a Template

LowerPlane includes 15+ policy templates that cover the most common compliance requirements. Templates are the fastest way to create policies because they come pre-written, pre-mapped to framework controls, and include all required sections.
1

Navigate to Policies

Go to Policies from the main navigation and click Create Policy.
2

Select a Template

Browse the template library and select the policy you want to create. Each template shows which frameworks it applies to and how many controls it maps to.
3

Customize the Content

The template opens in the editor with pre-written content. Customize the following:
  • Organization name and specific details (placeholders are highlighted)
  • Roles and responsibilities for your team structure
  • Review frequency (annually, semi-annually, quarterly)
  • Approval authority (who signs off on the policy)
  • Framework-specific sections (additional paragraphs for HIPAA, GDPR, PCI-DSS if applicable)
4

Review Control Mappings

Template policies are automatically mapped to relevant controls. Review the Linked Controls section to verify the mappings are appropriate for your organization.
5

Save as Draft

Save the policy. It starts in Draft status and can be edited further before submitting for approval.

Available Templates

TemplateFrameworksControls Mapped
Information Security PolicyAll12+
Access Control PolicyAll8+
Data Protection & Privacy PolicyAll10+
Incident Response PolicyAll6+
Acceptable Use PolicyISO, SOC 2, HIPAA5+
Change Management PolicyISO, SOC 2, PCI-DSS7+
Business Continuity PolicyISO, SOC 25+
Vendor Management PolicyAll6+
Risk Management PolicyAll5+
Encryption PolicyAll4+
Physical Security PolicyISO, HIPAA, PCI-DSS4+
Human Resources Security PolicyISO, SOC 2, HIPAA6+
Network Security PolicyISO, SOC 2, PCI-DSS5+
Data Retention PolicyISO, GDPR, HIPAA4+
Password PolicyAll3+
Templates include framework-specific appendices that are added automatically based on your enabled frameworks. If you enable GDPR, GDPR-specific sections are appended to relevant policies.

Using the Built-in Editor

For custom policies that do not fit a template, use the built-in rich text editor.
1

Create a New Policy

Go to Policies and click Create Policy. Select Blank Policy instead of a template.
2

Set Policy Metadata

Enter the policy title, description, and select the applicable frameworks. Choose a policy category to help with organization.
3

Write Your Policy

The editor supports:
  • Headings (H1 through H4) for document structure
  • Bold, italic, and underline for emphasis
  • Bullet and numbered lists for procedures and requirements
  • Tables for structured information
  • Links to reference external resources
  • Code blocks for technical configurations
4

Link to Controls

Manually link your custom policy to relevant controls using the Linked Controls panel. This ensures the policy contributes to your compliance readiness score.
5

Save

Save the policy as a Draft. It can be edited, previewed, and submitted for approval.

Uploading Documents

If you have existing policies in PDF or DOCX format, you can upload them directly to LowerPlane.
1

Create via Upload

Go to Policies, click Create Policy, and select Upload Document.
2

Upload Your File

Drag and drop or browse to select your file. Supported formats are PDF and DOCX. Maximum file size is 25 MB.
3

Add Metadata

Enter the policy title, description, owner, and applicable frameworks. This metadata is used for searching, filtering, and control mapping.
4

Map to Controls

Link the uploaded policy to relevant compliance controls. Unlike templates, uploaded documents require manual control mapping.
Uploaded documents cannot be edited within LowerPlane. To update the policy content, upload a new version of the document. LowerPlane maintains version history for uploaded files.

Linking External Documents

For policies managed in external platforms, LowerPlane supports linking to documents hosted on Google Drive, Dropbox, OneDrive, or any accessible URL.
1

Create via Link

Go to Policies, click Create Policy, and select Link Document.
2

Provide the URL

Paste the URL of your external document. LowerPlane validates that the URL is accessible.
3

Configure Access

Ensure the linked document is accessible to all team members who need to review or acknowledge it. LowerPlane does not manage permissions on external documents.
4

Add Metadata and Map Controls

As with other source types, add metadata and link to relevant controls.
Linked documents are managed externally but tracked internally. LowerPlane handles the approval workflow, version tracking (via URL updates), and acknowledgment process for linked documents.

Policy Preview

Before submitting a policy for approval, use the Preview feature to see how it will appear to reviewers and employees:
  • Click Preview from the policy editor or detail view
  • The preview shows the formatted policy as it will appear in the Employee Portal
  • For uploaded documents, the preview renders the PDF or DOCX inline
  • For linked documents, the preview opens the external URL in a new tab
Always preview your policy before submitting for approval. Formatting issues, broken links, or placeholder text that was not replaced are common issues caught during preview.

Best Practices

Templates save significant time and come with pre-built control mappings. Even if you need to customize heavily, starting from a template gives you a solid structure and ensures you do not miss required sections.
Replace all placeholder text with your organization’s specific details. Generic policies with obvious placeholders left in place will raise questions during audits.
Policies should be clear and actionable. Avoid excessive legal jargon or unnecessarily long documents. Employees are more likely to read and follow concise policies.
Before creating individual policies, review the full list of templates and plan which policies you need. This prevents overlap between policies and ensures complete coverage of your compliance requirements.