Handbook Maintenance
This page defines how the Unicis Handbook is kept accurate, current, and useful. A handbook that is not maintained is a liability — it creates confusion and erodes trust both internally and externally.
Page Ownership
Each section of the handbook has a designated owner responsible for keeping it current.
| Section | Owner | Review Cadence |
|---|---|---|
| Leadership, V/TO, Scorecard | CEO (Predrag) | Quarterly |
| Trust Center (all sub-pages incl. TPSRM, Policies, Controls) | CEO (Predrag) | Quarterly + after any security incident |
| Development, SDLC, Testing | CEO (Predrag) | Per release cycle |
| Core Processes | CEO (Predrag) + relevant process owner | Quarterly |
| Communications, Tech Stack | CEO (Predrag) | When tools change |
| Recruitment, open positions | CEO (Predrag) | Monthly |
| EOS pages | CEO (Predrag) | After each quarterly planning session |
| Vendor/Service Providers, Subprocessors | CEO (Predrag) | When vendors change |
Trigger-Based Updates
Certain events must trigger an immediate handbook update, regardless of the review schedule:
- New contractor or tool introduced → Update TPSRM and Tech Stack Applications before the tool is used
- Contractor offboarded → Confirm access revocation is logged per TPSRM
- Policy change → Update the relevant policy page and announce in
#town-squareon Matrix - New team member → Update Org Chart and Open Positions
- New framework or compliance requirement → Add to Controls and relevant Trust Center pages
- Process change → Update the relevant Core Process page within one week
- Vendor added or removed → Update Vendor Providers and Subprocessors
Staleness Signals
Every substantive page should include a “Last reviewed” note at the bottom:
//Last reviewed: [Month Year] — [Owner]//
If a page has not been reviewed in more than 6 months, flag it with:
<wrap warning>This page may be outdated. Last reviewed: [date]. Please contact the CEO to request a review.</wrap>
Annual Handbook Audit
Each year in Q1, the CEO conducts a full handbook review aligned with the ISO 27001 internal audit cycle:
- Read every public-facing page
- Verify all links are live and accurate
- Confirm all tool references match the current Tech Stack
- Confirm all vendor references match the current Subprocessors list
- Archive or delete pages that are no longer relevant
- Document the audit completion in this page with the date
Last annual audit: — (due Q1 2027)
Contributing to the Handbook
Anyone — team members, contractors, and community members — can suggest edits:
- Click “Edit this page” on any page
- Make your suggested changes and add a clear edit summary
- A core team member will review and approve or discuss within 5 business days
For structural changes (new sections, new pages, navigation), open a discussion in the #handbook Matrix channel first.
Last reviewed: June 2026 — Predrag