Management review: Quality Policy & Security Policy (ISO 9001 §5.2 / ISO 27001 §5.2)

## Context

As part of HWW 2.0 (branch \`feature/hww-2.0\`), two new policy pages have been added to the documentation site:

- [`docs/ISO/quality-policy.md`](../blob/feature/hww-2.0/website/docs/ISO/quality-policy.md) — ISO 9001:2015 §5.2
- [`docs/ISO/security-policy.md`](../blob/feature/hww-2.0/website/docs/ISO/security-policy.md) — ISO 27001:2022 §5.2

Both documents are currently marked `draft: true` and contain a **"Pending management review"** admonition.

## Required action

Management must review and approve both documents before they can be published as official policy. This includes:

- [ ] Review quality-policy.md — confirm objectives, commitments, and review cycle are accurate
- [ ] Review security-policy.md — confirm scope, roles, controls, and objectives are accurate
- [ ] Approve or request changes
- [ ] Once approved: remove `draft: true` from frontmatter and remove the review admonition

## ISO requirement

ISO 9001:2015 §5.2.2 requires the quality policy to be available as documented information and communicated within the organization.
ISO 27001:2022 §5.2 requires the information security policy to be approved by management.

/cc @quality-manager

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Management review: Quality Policy & Security Policy (ISO 9001 §5.2 / ISO 27001 §5.2) #6

Context

Required action

ISO requirement

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Management review: Quality Policy & Security Policy (ISO 9001 §5.2 / ISO 27001 §5.2) #6

Description

Context

Required action

ISO requirement

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions