2026.1
Changineers implements policies and procedures to maintain compliance and integrity of data. The Security Officer and Privacy Officer are responsible for maintaining policies and procedures and assuring all Changineers workforce members, business associates, customers, and partners are adherent to all applicable policies. Previous versions of policies are retained to assure ease of finding policies at specific historic dates in time.
Policy Statements
Section titled “Policy Statements”Changineers policy requires that:
(a) Changineers policies must be developed and maintained to meet all applicable compliance requirements adhere to security best practices, including but not limited to:
- SOC 2
(b) All policies must be reviewed at least annually.
(c) All policy changes must be approved by Changineers Security Officer. Additionally,
- Major changes may require approval by Changineers CEO or designee;
- Changes to policies and procedures related to product development may require approval by the Head of Engineering.
(d) All policy documents must be maintained with version control, and previous versions must be retained for a defined, predetermined timeframe.
(e) Policy exceptions are handled on a case-by-case basis.
- All exceptions must be fully documented with business purpose and reasons why the policy requirement cannot be met.
- All policy exceptions must be approved by both Changineers Security Officer and COO.
- An exception must have an expiration date no longer than one year from date of exception approval and it must be reviewed and re-evaluated on or before the expiration date.
Controls and Procedures
Section titled “Controls and Procedures”Policies and Controls Framework
Section titled “Policies and Controls Framework”Changineers maintains a set of policies and controls that captures the regulatory, legal, and statutory requirements relevant to the business. The framework and its contents are reviewed at least annually so changes affecting the business are captured.
Structure
Section titled “Structure”Each policy and procedure is stored as a separate Markdown file in a Git repository. A JSON configuration maps them to each other.
Controls Mapping
Section titled “Controls Mapping”A JSON document configures the mapping of each control procedure to one or more security or compliance frameworks.
The mapping is maintained at the procedure level rather than the policy level, because each framework requirement needs a documented control or procedure to be considered implemented.
Compliance standards
Section titled “Compliance standards”At least once a year, Changineers reviews the regulatory, legal, and statutory requirements relevant to its business needs and adopts any relevant standards into its controls framework and governance program.
The list of applicable standards is maintained in the same repository as the policies and controls documentation.
Revision History
Section titled “Revision History”| Date | Summary | Approved by |
|---|---|---|
| 2020-01 | Initial revision. | James Gregory |
| 2026-04-24 | Dropped unused compliance management platform reference. | James Gregory |