What’s here
This site is the canonical home for Neuroscale’s internal policies, procedures, and reference documentation. If a policy or procedure isn’t documented here, it isn’t official.- Policies — the 22 binding internal policies (plus 2 in /legal/) every employee and contractor must follow.
- Procedures — operational procedures that implement the policies (onboarding/offboarding, access reviews, vendor risk, DSRs, DPIAs, etc.).
- Engineering — practices for engineers building and operating Neuroscale services.
- Helpdesk — day-to-day IT and people-ops support.
- Public — customer- and public-facing notices (privacy, ToS, sub-processor list, cookie notice).
- Templates — fillable templates (DPA, TIA, FCRA forms, customer comms, AI agent rules).
- Handbook — meta-documentation: compliance frameworks, calendar, glossary, roles & personnel, this page.
(todo) markers — what they mean
You’ll see entries like:Reports of incidents go to (todo: link to internal incident-tracker board).A
(todo) is a placeholder for something specific to Neuroscale that still needs to be filled in — usually a wiki URL, an internal-tool link, an owner name, or a numeric SLA. Treat them as TODO items, not as official policy. If you know the right answer, please open a PR.
Owners
| Area | Owner |
|---|---|
Security policies (most of /policies/) | CISO |
Engineering practices (/engineering/) | CTO + CISO |
Helpdesk / IT (/helpdesk/) | CISO (acting as IT Manager) |
Legal & compliance (/legal/, anti-bribery, insider-trading, trade-compliance) | General Counsel |
| HR / People (Code of Conduct, HR Security, Employee Privacy, Workplace Violence) | CHRO |
AI policy (/policies/ai-acceptable-use, /policies/open-source-sbom) | CTO (with CISO + GC co-signers) |
Reviewing & updating policies
- All policies are reviewed at least annually by their owner.
- Material changes require approval from the policy owner and the Security team.
- Version history is captured in the page footer of each policy.
- Next review date for each policy is annually from the row date in its Version history table; the General Counsel maintains the consolidated review calendar in the Compliance Calendar.
- Signed approval record. The signed approval record for every policy listed in the Version history table is filed in Microsoft SharePoint → Legal → Policy Approvals under restricted access, organized by policy and version. The countersignature page (PDF) is the artifact auditors should be shown on request; the approver column in each policy’s Version history references that file.
Acknowledgement
Every Neuroscale employee and contractor must acknowledge these policies at hire and annually thereafter. Acknowledgement is tracked in our Vanta compliance workspace.Version history
| Version | Date | Description | Author | Approved by |
|---|---|---|---|---|
| 1.0 | May 8, 2026 | Initial version | Cameron Wolfe | Ishan Jadhwani |