From e83949e2c30ea74294abebdb77d86fa982c898fe Mon Sep 17 00:00:00 2001 From: Mike Kell Date: Fri, 3 Apr 2026 19:55:25 -0400 Subject: [PATCH] Publish initial policy repository documentation --- .../KC-POL-GOV-001-document-control-policy.md | 194 ++++++++++++++++++ ...-policy-review-and-retirement-procedure.md | 192 +++++++++++++++++ docs/policies/index.md | 29 ++- 3 files changed, 414 insertions(+), 1 deletion(-) create mode 100644 docs/policies/governance/KC-POL-GOV-001-document-control-policy.md create mode 100644 docs/policies/governance/KC-PRO-GOV-001-policy-review-and-retirement-procedure.md diff --git a/docs/policies/governance/KC-POL-GOV-001-document-control-policy.md b/docs/policies/governance/KC-POL-GOV-001-document-control-policy.md new file mode 100644 index 0000000..4bce5fe --- /dev/null +++ b/docs/policies/governance/KC-POL-GOV-001-document-control-policy.md @@ -0,0 +1,194 @@ +--- +document_id: KC-POL-GOV-001 +title: Document Control Policy +document_type: Policy +domain: Governance +version: 1.0 +status: Active +owner: Business Owner +reviewers: + - Operations Staff +approver: Business Owner +effective_date: 2026-04-03 +next_review_date: 2027-04-03 +supersedes: None +related_documents: + - KC-PRO-GOV-001 +related_systems: + - Kell Creations Platform + - Policy Repository + - Forgejo Git + - Compliance Evidence Repository +retention_period: 3 years +confidentiality: Internal +--- + +# Purpose + +The purpose of this policy is to establish a controlled and auditable process for creating, reviewing, approving, publishing, revising, superseding, retaining, and retiring official Kell Creations governance and operational documents. + +# Scope + +This policy applies to all controlled documents maintained within the Kell Creations repository structure, including: + +- policies +- procedures +- standards +- guidelines +- forms +- exception records + +This policy applies to all business areas using the policy repository, including governance, operations, ecommerce, marketing, manufacturing, finance, information technology, security, and privacy. + +# Policy Statement + +Kell Creations shall maintain all controlled documents through a defined document lifecycle that supports traceability, version control, formal approval, and retention of evidence. + +Controlled documents must be: + +- uniquely identified +- versioned +- assigned an owner +- reviewed before activation +- approved before publication to active status +- retained in version-controlled form +- retired when superseded, obsolete, or withdrawn + +No document shall be treated as active policy unless it is stored in the approved repository structure, has required metadata, and has been formally approved. + +# Document Lifecycle Requirements + +## Draft + +A document begins in draft status while being authored or revised. + +Draft documents must: + +- use an approved template where applicable +- include required metadata +- identify an owner +- be stored in the `drafts/` area unless formally advanced + +## Review + +A document moves to review status when the owner determines it is ready for formal evaluation. + +Review documents must: + +- identify reviewers +- be evaluated for completeness, clarity, and applicability +- remain unchanged except through controlled revision + +## Active + +A document becomes active only after formal approval by the named approver. + +Active documents must: + +- include an effective date +- include a next review date +- be stored in the `active/` area +- be referenced in the document register + +## Revision and Supersession + +When an active document is changed materially, the revised version must proceed through draft and review before replacing the active version. + +Superseded versions must not remain in the active area. + +## Retirement + +A document shall be retired when it is no longer needed, replaced, withdrawn, or no longer applicable. + +Retired documents must: + +- be moved to the `retired/` area +- retain their historical metadata +- be referenced in the control log +- retain supporting retirement evidence when required + +# Metadata Requirements + +All controlled documents must include front matter with the required metadata fields defined in the repository guidance. + +Missing or incomplete metadata makes a document ineligible for active status. + +# Version Control Requirements + +Controlled documents must be maintained in the Kell Creations Git repository. + +All lifecycle changes must be traceable through version history and supporting control records. + +Git history supports technical traceability, but document register and control log updates are still required for formal lifecycle accountability. + +# Roles and Responsibilities + +## Business Owner + +The Business Owner shall: + +- approve active policies and procedures unless delegated otherwise +- ensure document control is enforced +- review high-impact governance changes +- approve retirement of major governing documents +- ensure repository integrity and governance consistency + +## Document Owner + +The document owner shall: + +- maintain document accuracy +- initiate review when updates are needed +- ensure metadata is complete +- coordinate revisions and corrections +- ensure the document is moved through the proper lifecycle state + +## Reviewers + +Reviewers shall: + +- evaluate assigned documents for accuracy and applicability +- provide timely feedback +- identify conflicts, ambiguity, or missing controls + +## Operations Staff + +Operations Staff shall: + +- use active documents as authoritative references +- support document updates where assigned +- avoid relying on draft or retired documents for active operations + +# Document Registers and Evidence + +The following records must be maintained: + +- `policy-register.csv` +- `document-control-log.csv` +- `review-calendar.csv` +- `exception-register.csv` when applicable + +Approval, review, exception, and retirement evidence should be preserved under the `evidence/` structure when required by the document type or business need. + +# Exceptions + +Exceptions to this policy must be documented, justified, approved, time-bounded where appropriate, and recorded as controlled exception records. + +No informal exception overrides this policy. + +# Compliance and Enforcement + +Failure to maintain document control may result in: + +- use of outdated or unauthorized guidance +- inconsistent business execution +- loss of approval traceability +- reduced audit readiness + +Noncompliant documents may be withdrawn from active use until corrected. + +# Review and Revision History + +| Version | Date | Description | Author | Approver | +|---|---|---|---|---| +| 1.0 | 2026-04-03 | Initial active release | Business Owner | Business Owner | \ No newline at end of file diff --git a/docs/policies/governance/KC-PRO-GOV-001-policy-review-and-retirement-procedure.md b/docs/policies/governance/KC-PRO-GOV-001-policy-review-and-retirement-procedure.md new file mode 100644 index 0000000..b823af9 --- /dev/null +++ b/docs/policies/governance/KC-PRO-GOV-001-policy-review-and-retirement-procedure.md @@ -0,0 +1,192 @@ +--- +document_id: KC-PRO-GOV-001 +title: Policy Review and Retirement Procedure +document_type: Procedure +domain: Governance +version: 1.0 +status: Active +owner: Business Owner +reviewers: + - Operations Staff +approver: Business Owner +effective_date: 2026-04-03 +next_review_date: 2027-04-03 +supersedes: None +related_documents: + - KC-POL-GOV-001 +related_systems: + - Policy Repository + - Forgejo Git + - Compliance Evidence Repository +retention_period: 3 years +confidentiality: Internal +--- + +# Purpose + +This procedure defines the steps used to review active controlled documents and to retire documents that are superseded, obsolete, or no longer applicable. + +# Scope + +This procedure applies to all controlled documents maintained under the Kell Creations policy repository structure. + +# Preconditions + +Before starting this procedure, the following should exist: + +- the target document is identified +- the current version is available in the repository +- the owner and approver are known +- supporting review or retirement rationale is available + +# Procedure Steps + +## A. Periodic Review Process + +### 1. Identify review candidate + +Identify a document for review using one or more of the following: + +- scheduled review date +- business process change +- system change +- regulatory or governance update +- issue discovered during operations +- owner-requested review + +### 2. Confirm current document state + +Verify: + +- document ID +- version +- current status +- owner +- file location +- related documents +- next review date + +### 3. Evaluate the document + +Review the document for: + +- continued applicability +- accuracy +- clarity +- completeness +- consistency with current business practice +- consistency with related architecture, systems, and workflows + +### 4. Determine review outcome + +Select one of the following outcomes: + +- no change required +- revise and resubmit +- supersede with a new version +- retire document + +### 5. Record review result + +Update the appropriate records, including: + +- `review-calendar.csv` +- `document-control-log.csv` + +If no change is required, update the next review date and close the review cycle. + +## B. Revision and Supersession Process + +### 6. Create revised draft + +If revision is required, create or update the next version in the appropriate `drafts/` area. + +### 7. Route for review + +Move or track the revised document through the `review/` state and gather reviewer input. + +### 8. Obtain approval + +Obtain formal approval from the named approver. + +### 9. Publish revised version + +After approval: + +- place the approved document in the correct `active/` location +- update version and effective date +- update the document register +- log the transition in the control log + +### 10. Retire superseded version + +Move the superseded active version to the appropriate `retired/` location and record the supersession in the control log. + +## C. Retirement Process + +### 11. Identify retirement basis + +A document may be retired because it is: + +- replaced by a newer version +- no longer applicable +- obsolete due to process or system change +- withdrawn by management decision + +### 12. Confirm retirement impact + +Before retiring the document, confirm: + +- no current dependency requires it to remain active +- users can be directed to a replacement, if applicable +- related records are updated +- evidence of the retirement decision is captured when needed + +### 13. Obtain retirement approval + +The named approver must approve retirement before the document is removed from the active set. + +### 14. Move document to retired state + +Move the document to the matching path under `retired/`. + +Do not delete retired controlled documents unless a separate retention rule explicitly authorizes deletion. + +### 15. Update records + +Update: + +- `policy-register.csv` +- `document-control-log.csv` +- `review-calendar.csv` as applicable + +### 16. Preserve evidence + +Store supporting evidence in the appropriate evidence folder when required, including: + +- approval note +- review outcome +- supersession reference +- retirement rationale + +# Outputs + +This procedure should result in one or more of the following: + +- updated active document +- retired document +- updated review date +- updated registers and control log +- retained approval or retirement evidence + +# Exceptions and Escalation + +If review cannot be completed on time, or if ownership, applicability, or replacement status is unclear, escalate to the Business Owner. + +If an active document appears unsafe, misleading, or materially outdated, it should be flagged for immediate review and may be temporarily withheld from operational use pending decision. + +# Review and Revision History + +| Version | Date | Description | Author | Approver | +|---|---|---|---|---| +| 1.0 | 2026-04-03 | Initial active release | Business Owner | Business Owner | \ No newline at end of file diff --git a/docs/policies/index.md b/docs/policies/index.md index 788e57d..8d778d8 100644 --- a/docs/policies/index.md +++ b/docs/policies/index.md @@ -1,3 +1,30 @@ # Policy Repository -This section documents controlled business policies, procedures, standards, and forms. +This section provides the published documentation view of the Kell Creations controlled policy repository. + +## Purpose + +The policy repository supports the controlled lifecycle of business governance and operational documents, including drafting, review, approval, publication, supersession, retirement, and evidence retention. + +## Repository Structure + +The repository is organized into the following lifecycle areas: + +- `drafts/` +- `review/` +- `active/` +- `retired/` +- `templates/` +- `register/` +- `evidence/` + +## Current Published Governance Documents + +The initial governance set includes: + +- Document Control Policy +- Policy Review and Retirement Procedure + +## Notes + +This section documents the governance layer that supports controlled business operations for Kell Creations. Future additions should include standards, procedures, guidelines, forms, and exception records across governance, operations, ecommerce, marketing, manufacturing, finance, IT, security, and privacy. \ No newline at end of file