02. Governance Core

This section contains all ISMS governance documents. These are the foundational decisions: what AlphaTech's risk appetite is, what the ISMS covers, what policies govern behaviour, and how objectives are tracked.

What Is Here

Policy Register (database below)

Every ISMS policy as a database row. Each row shows: owner, approval status, regulatory mapping, and next review date. Click any row to see the full summary.

ISMS Scope and Context (Evidence Repository)

The full Clause 4 context and scope analysis is stored in the Evidence Repository as "Clause 4 - ISMS Context and Scope - V2.0". It documents what is in scope, what was excluded and why, and the internal and external context factors that shaped the risk assessment.

How Governance Connects to the Rest of the System

Each policy in this register links to specific controls in the Control Library (04. Control Core)
Each policy addresses risks documented in the Risk Register (03. Risk Core)
Policy review dates are tracked here and surfaced in the Executive Dashboard
Evidence documents for policies live in 07. Evidence Repository only

Regulatory Framework Summary

Framework	Primary Contact Point in Governance Core
ISO 27001 Clause 5.2	Information Security Policy
ISO 27001 Clause 6.1	Risk Management Policy
HIPAA §164.316(a)	Information Security Policy, Incident Response Policy
GDPR Article 24	Privacy Policy, Data Retention Policy
CCPA	Privacy Policy, Data Retention Policy

Policy Register