The purpose of a policy is to define the rules that govern the behavior of the organization and are an important aspect of a company’s culture. The are created to ensure that the organization is operating in a way that is consistent with its values and goals.

---

These polices have an impact on all departments and all employees at centrexIT.

1. Employee Handbook - POL-0173

• Definition - Helps an employee get acquainted with everything they need to be successful and safe in our Company.

• Owner - H.R. Manager

• Employee Handbook Link

• Approval process and system - The original draft is maintained in the H.R. systems. Modifications and additions are reviewed and approved by the Leadership Team and then sent out through Paylocity to all employees to review and sign.

2. Quality Manual - POL-0119

• Definition - State’s the Company’s intentions for operating and executing processes within our quality management system.

• Owner - Quality Manager

• Currently under revision

• Approval process and system - The original version is maintained and adopted in Policy Scorecard by the Leadership Team.

3. Business Continuity Plan - POL-0171

• Disaster Recovery Standard

• Definition - Ensures that the organization can respond to a disaster or other emergency that affects information systems to minimize the effect to business operations.

• Owner - VP Of Technology

• CIT Disaster Recovery Link

• Approval process and system - The original version is maintained and adopted in Policy Scorecard by the Leadership Team.

• Business Impact Analysis

• Definition - Identifies the effects of a disruption to business functions and systems and then prioritizes them to establish strategies to mitigate or minimize risk to business operations.

• Owner - VP of Technology

• CIT Business Impact Analysis Link

• Approval process and system - The original version is maintained and adopted in Policy Scorecard by the Leadership Team.

• Internal Business Continuity Strategy - This portion of the policy is not made public to organization, as it contains sensitive information. In the event of an emergency, the DR team would communicate specific details with the right parties.

• Definition - Prepares for a planned change in the company, helps identify who will lead business recovery efforts in the event of an unplanned change.

• Owner - President

• Approval process and system - The original version is maintained and adopted in Policy Scorecard by the Leadership Team.

4. Information Security - POL-0428

• Definition - Helps protect sensitive business information and data assets from unauthorized access. Helps protect against Confidentiality, Integrity, and Availability events.

• Owner - Information Security Lead

• CIT - Information Security Policy - POL-0428 Link

• Approval process and system - The original version is maintained and adopted in Policy Scorecard by the Leadership Team.

5. Accounting and Finance - POL-0172

• Definition - Clarifies the roles, authority, and responsibilities for the financial management activities and decisions made the Company.

• Owner - Controller

• This policy is not made public to the organization as it contains sensitive information. All accounting or finance related standards that are available for the organization to review, will be found in the Employee Handbook, or as related documents under the Accounting Core Process.

---

na

---

1. Image of process map (TBD). Note: Please add KB relationships to core process, process, SOPs or other WIs on the right.