Policy POL-2040

Data Handling Policy

Privacy & data handling (restricted category). State: Review pending. Owner: Marcus Sterling.

✦AI-assisted summaryReview pending

What you can do

Permissions and gate decisions for this policy and your active persona (admin).

You can review. Approve, request changes, or reject from the review queue.

This policy is in the restricted category (Privacy & data handling). Publication requires legal + security reviewer approvals in addition to SME before executive sign-off.

Policy summary

Current version metadata, effective dates, and AI-assisted summary.

Current version: v2 (Review pending)
Effective: —
Next review: —
Expires: —
AI summary: AI summary: Data Handling Policy v2 — covers privacy & data handling with updates to previous version. Recommended attestation cycle: annual.
Attestation coverage: 0 / 0 (0%)
Assignment audiences: -

Current version body

v2 authored by Marcus Sterling.

# Data Handling Policy

## 1. Purpose

Establishes how Northstar Logistics classifies, stores, transmits, and retains information assets including customer shipment data, employee PII, financial records, and operational telemetry.

## 2. Classification

Data is classified as: Restricted (customer PII, payment data, employee SSN/government IDs), Confidential (internal financials, vendor contracts, route optimization data), Internal (operational dashboards, team communications), Public (marketing collateral, press releases).

## 3. Storage requirements

Restricted data must be encrypted at rest using AES-256 or equivalent. Confidential data must be stored in approved systems (no local-only copies). Access is governed by least-privilege RBAC reviewed quarterly.

## 4. Reviewer chain (RESTRICTED CATEGORY)

This policy is in the **restricted** category. Publication requires approvals from both **Legal** and **Information Security** reviewers before executive approval. Attempts to publish with only one reviewer will be blocked.

Reviewer chain

SME, Legal, Security, Compliance reviewers. Restricted-category policies require Legal + Security.

Order	Reviewer type	Reviewer	State	Decision	Comment
1	Subject-matter expert	-	Approved	-	-
2	Legal	-	Awaiting	-	-
3	Security	-	Awaiting	-	-

Version history

Every version with its publication date. Earlier versions are retired when a new one publishes.

Version	State	Author	Published	Substantive	Retired
v2	Review pending	Marcus Sterling	—	Cosmetic	—
v1	Retired	Marcus Sterling	Mar 17, 2026	Cosmetic	Mar 17, 2026

Recent attestations

Most recent 12 attestation rows for this policy.

Employee	State	Assigned	Due	Attested at	IP

Full attestation roster: see audit evidence packet or the full attestation queue. Use the audit-bundle Export button on the packet to download CSV.

← Back to all policies