Enterprise Data Insight
Security and Facilities
POLICY GOVERNANCE
Document information
Document title: Policy Governance
Document Description:
The Policy Governance document defines how Enterprise Data Insight creates, reviews, approves, maintains and retires Company policies. It ensures that all policies are controlled, consistent, compliant and fit for purpose, and that they are implemented in a way that protects the Company, its employees, its information and its operational integrity.
| EFFECTIVE DATE | VERSION NO. | AUTHOR | OWNER | APPROVED BY | COMMENTS |
|---|---|---|---|---|---|
| January 2025 | 1.0 | Governance Office | Head of Security and Facilities | Chief Operating Officer | New Policy |
KEYWORD DESCRIPTORS
Company Policy, Governance, Compliance, Document Control, Policy Management, Operational Standards
1. PURPOSE
The purpose of this Policy Governance document is to ensure that all Enterprise Data Insight policies are created, reviewed, approved and maintained in a structured and controlled manner. This provides employees with clear, consistent and authoritative guidance and ensures that the Company meets its legal, operational and regulatory obligations.
2. SCOPE
This policy applies to all Enterprise Data Insight policies, procedures, charters, standards and guidelines.
It covers:
Policy development
Policy approval
Policy implementation
Policy review, update and retirement
Roles and responsibilities for policy ownership
This policy applies to all employees, contractors, consultants and third parties engaged by Enterprise Data Insight.
3. GOVERNING PRINCIPLES
Enterprise Data Insight is committed to maintaining a consistent, controlled and transparent approach to policy governance. All policies must:
Align with UK law and regulatory requirements including GDPR, employment law, data protection, security standards and relevant industry mandates.
Reflect EDI’s business operations, culture and risk management framework.
Provide clear, accessible, and unambiguous guidance to employees.
Be reviewed at least annually or sooner if triggered by legal, organisational or operational changes.
Be approved by the appropriate authority, including the Head of HR, Governance Office, and EDI Leadership Team.
Be communicated effectively to all relevant employees.
4. POLICY DEVELOPMENT PROCESS
4.1 Drafting
The relevant department will draft the initial policy content.
All policies must use the standard EDI policy template structure (document information, purpose, scope, definitions, roles, working statements etc.).
4.2 Review
A review must be performed by:
HR (for employee-related content)
Compliance and Governance
Legal (if contractual or regulatory implications exist)
Leadership Team where strategic or risk impact is expected
4.3 Approval
A policy becomes enforceable only after being:
Signed off by the Policy Owner
Approved by the EDI Leadership Team
Logged in the central Document Register
4.4 Publication
Approved policies will be:
Stored in the official Policy Repository
Communicated through internal channels
Made accessible to all employees and contractors
5. POLICY CHANGES AND VERSION CONTROL
5.1 Triggers for Policy Updates
Policies must be updated when:
There is a change to legislation or regulatory standards
Internal audits identify gaps or risks
Organisational structure or processes change
New technology or systems are adopted
Leadership mandates a review
5.2 Version Control Requirements
Every version must include:
Version number
Effective date
Summary of changes
Author and Owner
Approval history
Superseded versions must be archived but retained for audit.
6. ROLES AND RESPONSIBILITIES
6.1 Policy Owner
Each policy must have an assigned Owner responsible for:
Ensuring the policy is accurate and up to date
Initiating reviews and updates
Monitoring compliance
Coordinating training or awareness where required
6.2 HR & Compliance
Maintain the official Policy Register
Ensure consistent structure and format
Support policy creation and messaging
Advise on legal, regulatory and operational considerations
6.3 Leadership Team
Final approval authority
Ensure alignment with business objectives, risk appetite and legal obligations
6.4 Employees
Must read, understand and comply with all Company policies
Must seek clarification from HR or their manager if unsure about policy requirements
7. POLICY MONITORING AND COMPLIANCE
The Governance Office and HR will jointly review compliance by:
Conducting periodic audits
Ensuring policy visibility and awareness
Identifying non-compliance and recommending corrective action
Breaches of any policy may result in disciplinary action in accordance with Company procedures.
8. POLICY RETIREMENT
Policies may be retired when:
They are obsolete
They have been replaced by another document
They no longer reflect current operations or legal requirements
Retired policies must be archived with full version history.
9. RELATED DOCUMENTS
Information Security Policies
HR Charters and Policies
Code of Conduct
Data Protection Policy
Document Control Procedure
HOW CAN YOU CONTACT US ABOUT THIS POLICY?
If you have questions or comments about this policy, email us at privacy@edatainsight.com or by post to:
Enterprise Data Insight.
71-75 Shelton Street, Convent Garden, London, WC2H 9JQ
POLICY CHANGES
If we change our policies and procedures, we will post those changes on this page. If we make any changes to this Policy that materially change how we treat your personal information, we will endeavour to provide you with reasonable notice of such changes, to your email address of record, and where required by law, we will obtain your consent or give you the opportunity to opt out of such changes.