Policy Management & Administration

Overview#

An internal affairs investigation hinges on whether the officer involved knew about a use-of-force policy change that was issued four months before the incident. The agency can produce the email that distributed the update, but not a signed acknowledgment from that officer. In a well-run policy management system, the acknowledgment is on record with a timestamp. Without it, the agency is in a difficult position that could have been avoided entirely.

Argus Policy Management provides a centralised platform for creating, reviewing, distributing, and tracking compliance with departmental policies, procedures, directives, and guidelines. It serves as the single authoritative source for all policy documents, with version control, configurable approval workflows, and automated compliance monitoring. The platform is designed for law enforcement agencies, fire services, local government, emergency management, healthcare systems, and defence support organisations where policy currency and documented acknowledgment matter.

Open Standards#

• ISO 19005 (PDF/A): Archived and exported policy documents are rendered as ISO 19005-1 (PDF/A-1B), ISO 19005-2 (PDF/A-2B), ISO 19005-3 (PDF/A-3B), and ISO 19005-4 (PDF/A-4F) packages, ensuring long-term archival fidelity for litigation support and accreditation audits.
• NIST SP 800-162 / XACML-aligned ABAC: The policy evaluation engine implements attribute-based access control with deny-override semantics, versioned policy bundles, and obligations consistent with the NIST Guide to Attribute Based Access Control and the OASIS XACML data model.
• OAuth 2.0 / JSON Web Tokens (RFC 6749 / RFC 7519): All API access to policy management endpoints is authenticated via RS256-signed JWTs carrying scoped claims; service-to-service calls use the same bearer-token pattern.
• NIST SP 800-53: Audit and accountability controls (AU-2 Event Logging, AC-2 Account Management) are explicitly mapped in the compliance layer, governing the immutable audit trail recorded on every policy change, distribution, and acknowledgment.
• GraphQL (June 2018 specification): Policy lifecycle operations, creation, versioning, workflow routing, and compliance queries, are exposed through a Strawberry GraphQL schema, enabling precise field-level queries and mutations.
• OpenAPI 3.x: REST endpoints are documented via an OpenAPI 3 schema published at runtime, covering the policy management REST surface used by integrations and the Swagger UI.
• GDPR (Regulation (EU) 2016/679): Data retention periods and lawful-basis fields are first-class attributes on policy records and form templates, supporting Article 5 storage-limitation compliance and Article 15 subject-access obligations.
• ISO 8601 / RFC 3339: All timestamps, policy creation, version publication, acknowledgment deadlines, and review-cycle dates, are stored and exchanged in ISO 8601 / RFC 3339 format, ensuring unambiguous cross-system interoperability.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Key Features#

• Policy Repository: centralised library with hierarchical organisation, full-text search, sensitivity-based access controls, document linking between related policies, multi-format support, and historical archives of superseded policies available for retrieval at any date
• Version Control: complete change tracking with side-by-side comparison, version numbering, modification audit trails, and the ability to view any policy as it existed on any historical date, a capability that proves essential during legal proceedings and investigations
• Approval Workflows: configurable review and approval routing through subject matter experts, legal review, and command staff approval with tracked timelines and comments at each stage
• Distribution and Acknowledgment: automated policy distribution to affected personnel with read receipts, acknowledgment tracking, deadline management, and escalation for non-compliance
• Review Scheduling: automated review cycle management with configurable frequencies, responsible reviewer assignment, deadline tracking, and compliance reporting for accreditation
• Compliance Monitoring: track policy acknowledgment rates, training completion for policy-linked requirements, and personnel compliance status across the organisation
• Template Management: standardised policy templates with required sections, formatting guidelines, and legal review checkpoints ensuring consistency across all documents
• Reporting and Analytics: policy lifecycle metrics including review timeliness, acknowledgment rates, compliance status, and audit-ready documentation for accreditation bodies

Use Cases#

• Policy Development: author new policies using standardised templates, route through legal and command review, and publish with automated distribution to affected personnel
• Policy Updates: manage revisions with tracked changes, side-by-side comparison for reviewers, and automated redistribution with new acknowledgment requirements
• Accreditation Compliance: demonstrate active policy management through review schedules, version histories, acknowledgment records, and compliance reporting for CALEA and state accreditation
• Litigation Support: retrieve the exact policy version in effect on a specific date with its complete approval history for legal proceedings, internal investigations, and administrative hearings
• New Employee Onboarding: assign required policy reviews with acknowledgment tracking to ensure new personnel are familiar with all relevant policies before operational deployment

Integration#

The module connects with training management systems for policy-linked training requirements, personnel management for role-based distribution, internal affairs for policy violation tracking, and document management systems for archival and records retention compliance. All policy records are scoped to the organisation with a complete audit trail on every change, distribution, and acknowledgment.