Policy

Build me a policy acknowledgment tracker in Tracecat. Pull the employee roster from Okta, compare it against policy acceptance records in Vanta, and track outstanding acknowledgments in a Tracecat table. DM each person on Slack with the policy link, escalate to their manager after two reminders, and post a completion summary to the compliance channel every Friday. First help me understand how this maps to GV.PO-01 and why acknowledgment records are the enforcement evidence auditors ask for. Ask me which policies require annual acknowledgment and how many reminders to send before escalating. Talk me through whether the chase should run as one scheduled workflow or as an agent that handles replies and exceptions.

Build me a policy drift checker in Tracecat. Read our access control and change management policies from Notion, then compare what they promise against live settings: MFA enforcement and session lifetime in Okta, branch protection and review rules in GitHub. Record each mismatch in a Tracecat table and open a Jira ticket per drift item with the policy line and the actual setting side by side. First help me understand how this maps to GV.PO-02 and why policies decay when nobody compares them to running systems. Ask me where our policies live and which two policies to start with. Talk me through running this as a monthly scheduled workflow versus a skill I invoke before each audit.

Build me a policy review tracker in Tracecat. Keep a table of every policy with its owner, last review date, and review cycle. Each week, find policies due or overdue for review, open a Linear issue assigned to the owner, and have an agent draft a Gmail brief listing what changed since the last review: new regulations, new technology we adopted, and incidents that touched the policy area. First help me understand how this maps to GV.PO-02 and what a healthy review cycle looks like when the review itself stays human judgment. Ask me how many policies we have and what review cycle each one should get. Talk me through whether overdue reviews should escalate automatically or just keep appearing in the weekly digest.