POLICY: Policy
The POLICY entity represents a quality, security, or organisational policy record with ownership, review scheduling, approval tracking, and version history.
POLICY definition shipped with DemandFlow. Administrators can add, remove, rename, or re-type fields, change which ones are required, and alter the layout from the Definitions screen in Settings. Your tenant's current schema may differ from what is shown here. To read the current definition at any time, GET the DEFINITION object whose id matches POLICY.Entity properties
| Property | Value |
|---|---|
| Entity code | POLICY |
| Display name | Policy |
| Plural | Policies |
| Level | 90040 |
Use cases
POLICY is the policy register required by ISO 9001 clause 5.2 and ISO 27001 clause 5.2. It tracks policies, procedures, and work instructions with ownership, review dates, and approval status. The policyType field classifies documents by level (Policy, Standard, Procedure, Work Instruction, Guideline) following the typical document hierarchy. The scope field identifies which ISO standard or business area the policy covers. Review scheduling via nextReviewDate with pastCheck ensures overdue reviews are flagged. The linkedDocument field connects to DRECORD for full version-controlled document management. The Acknowledgements panel could be extended with a relatedlist for tracking staff acknowledgement of policies.
Fields
General
| Field | Type | Required | Notes |
|---|---|---|---|
name | text | Yes | Policy Title. |
policyRef | text | Reference Number. | |
policyType | enum | Yes | Document Type. Valid ids: policy (Policy), standard (Standard), procedure (Procedure), workInstruction (Work Instruction), guideline (Guideline), template (Template), form (Form). |
status | enum | Yes | Status. Valid ids: draft (Draft), inReview (In Review), approved (Approved), superseded (Superseded), retired (Retired). |
version | text | Version. | |
confidentiality | enum | Confidentiality. Valid ids: public (Public), internal (Internal), confidential (Confidential), restricted (Restricted). | |
scope | multiselect | Applicable Standards. | |
department | text | Leave blank if organisation-wide. | |
description | text (multi-line) | Brief description of what this policy covers and why it exists. | |
isoClauseRef | text | ISO Clause Reference(s). | |
owner | reference → user | Yes | Policy Owner. |
approvedBy | reference → user | Approved By. | |
approvalDate | date | Approval Date. | |
effectiveDate | date | Effective Date. | |
lastReviewDate | date | Last Review Date. | |
nextReviewDate | date | Yes | Policies should typically be reviewed annually. |
reviewFrequency | enum | Review Frequency. Valid ids: 6months (Every 6 Months), annual (Annual), biennial (Every 2 Years), triennial (Every 3 Years), asNeeded (As Needed). | |
linkedDocument | reference → DRECORD | Link to full version-controlled document in the DMS. |
Policy Content
| Field | Type | Required | Notes |
|---|---|---|---|
policyContent | text (HTML) | Policy Content. |
Change History
| Field | Type | Required | Notes |
|---|---|---|---|
changeHistory | text (multi-line) | Record of changes made in each version. |
Additional panels
- Activity timeline panel attached.
- Documents. Field
files.
Relationships
- Lookups:
linkedDocumentpoints atDRECORDrecord.
Creating a Policy via the API
POST /v1/objects
Authorization: Bearer <your-pat>
Content-Type: application/json
{
"entity": "POLICY",
"level": 90040,
"comboKey": "SUB:<your-sub-id>|ENT:",
"name": "Example",
"policyType": "policy",
"status": "draft",
"owner": ""
} Listing POLICY records
# All policies in your tenant
GET /v1/entities/POLICY/SUB