Management review: Quality Policy & Security Policy (ISO 9001 §5.2 / ISO 27001 §5.2) #6
Description
Context
As part of HWW 2.0 (branch `feature/hww-2.0`), two new policy pages have been added to the documentation site:
docs/ISO/quality-policy.md— ISO 9001:2015 §5.2docs/ISO/security-policy.md— ISO 27001:2022 §5.2
Both documents are currently marked draft: true and contain a "Pending management review" admonition.
Required action
Management must review and approve both documents before they can be published as official policy. This includes:
- Review quality-policy.md — confirm objectives, commitments, and review cycle are accurate
- Review security-policy.md — confirm scope, roles, controls, and objectives are accurate
- Approve or request changes
- Once approved: remove
draft: truefrom frontmatter and remove the review admonition
ISO requirement
ISO 9001:2015 §5.2.2 requires the quality policy to be available as documented information and communicated within the organization.
ISO 27001:2022 §5.2 requires the information security policy to be approved by management.
/cc @quality-manager