====== Handbook Maintenance ======

This page defines how the Unicis Handbook is kept accurate, current, and useful. A handbook that is not maintained is a liability — it creates confusion and erodes trust both internally and externally.

===== Page Ownership =====

Each section of the handbook has a designated owner responsible for keeping it current.

^ Section ^ Owner ^ Review Cadence ^
| [[pub:company:leadership|Leadership]], [[pub:company:vision_traction_organizer|V/TO]], [[pub:company:scorecard|Scorecard]] | CEO (Predrag) | Quarterly |
| [[pub:trust_center|Trust Center]] (all sub-pages incl. TPSRM, Policies, Controls) | CEO (Predrag) | Quarterly + after any security incident |
| [[pub:development|Development]], [[pub:development:sdlc|SDLC]], [[pub:development:testing|Testing]] | CEO (Predrag) | Per release cycle |
| [[pub:processes:start|Core Processes]] | CEO (Predrag) + relevant process owner | Quarterly |
| [[pub:company:communications|Communications]], [[pub:operations:tech_stack_applications|Tech Stack]] | CEO (Predrag) | When tools change |
| [[pub:recruitment|Recruitment]], open positions | CEO (Predrag) | Monthly |
| [[pub:company:eos|EOS pages]] | CEO (Predrag) | After each quarterly planning session |
| [[pub:operations:service_vendor_providers|Vendor/Service Providers]], [[pub:trust_center:subprocessors|Subprocessors]] | CEO (Predrag) | When vendors change |

===== Trigger-Based Updates =====

Certain events must trigger an immediate handbook update, regardless of the review schedule:

  * **New contractor or tool introduced** → Update [[pub:trust_center:tpsrm|TPSRM]] and [[pub:operations:tech_stack_applications|Tech Stack Applications]] before the tool is used
  * **Contractor offboarded** → Confirm access revocation is logged per [[pub:trust_center:tpsrm|TPSRM]]
  * **Policy change** → Update the relevant policy page and announce in ''#town-square'' on Matrix
  * **New team member** → Update [[pub:company:unicis#org_chart|Org Chart]] and [[pub:recruitment:open_positions|Open Positions]]
  * **New framework or compliance requirement** → Add to [[pub:trust_center:controls|Controls]] and relevant Trust Center pages
  * **Process change** → Update the relevant [[pub:processes:start|Core Process]] page within one week
  * **Vendor added or removed** → Update [[pub:operations:service_vendor_providers|Vendor Providers]] and [[pub:trust_center:subprocessors|Subprocessors]]

===== Staleness Signals =====

Every substantive page should include a "Last reviewed" note at the bottom:

<code>
//Last reviewed: [Month Year] — [Owner]//
</code>

If a page has not been reviewed in more than 6 months, flag it with:

<code>
<wrap warning>This page may be outdated. Last reviewed: [date]. Please contact the CEO to request a review.</wrap>
</code>

===== Annual Handbook Audit =====

Each year in Q1, the CEO conducts a full handbook review aligned with the ISO 27001 internal audit cycle:

  - Read every public-facing page
  - Verify all links are live and accurate
  - Confirm all tool references match the current [[pub:operations:tech_stack_applications|Tech Stack]]
  - Confirm all vendor references match the current [[pub:trust_center:subprocessors|Subprocessors]] list
  - Archive or delete pages that are no longer relevant
  - Document the audit completion in this page with the date

//Last annual audit: — (due Q1 2027)//

===== Contributing to the Handbook =====

Anyone — team members, contractors, and community members — can suggest edits:

  - Click "Edit this page" on any page
  - Make your suggested changes and add a clear edit summary
  - A core team member will review and approve or discuss within 5 business days

For structural changes (new sections, new pages, navigation), open a discussion in the ''#handbook'' Matrix channel first.

//Last reviewed: June 2026 — Predrag//

{{tag>handbook process maintenance governance}}