Short Document Title¶
Purpose. One or two sentences: what this document is for and which risk it addresses. Keep it short — this is a small company; favour practical over padded.
1. Scope¶
Who and what this applies to (people, systems, data). Note anything explicitly out of scope.
2. Policy / Procedure¶
The actual rules or steps. Be specific and evidence-able — every "we do X" should map to something an auditor can see (a setting, a log, a record, a ticket). Use Soon's real stack (AWS eu-west-1, SSO/SAML, MFA, Stripe, Intercom, Sentry, Supabase, PostHog, GitHub) rather than generic placeholders.
3. Roles & responsibilities¶
Who does what. For Soon's small remote team, name the role, not just a person.
4. Related documents¶
- Link related policies/procedures by their repo path.
Change log¶
| Version | Date | Author | Comments |
|---|---|---|---|
| 0.1 | YYYY-MM-DD | Andrea Cardinali | First draft |