Skip to main content
DraftIndicative placeholder for the section owner — amend, replace, or confirm as the first definitive version.

Doc owner: DDE

Digital Policy Domain

Long-form meaning and scope

Digital policies cover software, platform, data, and tooling governance. This is a first-class domain because software systems evolve continuously post-deployment, and failure modes (security, integrity, availability) differ from physical engineering and production.

Scope boundaries

  • Software change control — Deployment, release management, rollback
  • Access and environment — Access control, environment separation, secrets management
  • Secure development — Secure SDLC, dependency management, vulnerability handling
  • Reliability — Uptime, incident response, disaster recovery
  • Data — Data classification, retention, handling

What belongs here

  • POL-DIG-xxx policies
  • Software change control policy
  • Access control policy (digital systems)
  • Secure development policy
  • Incident response policy

What does not belong here

  • Physical configuration management (→ engineering/)
  • Enterprise information security baselines (→ enterprise/ where company-wide)
  • People conduct (→ people/)