About Features Pricing Help Sign in

Answering the security-questionnaire policy-acknowledgment line (before your first enterprise deal)

Your first real enterprise prospect sends over a security questionnaire, and somewhere in the dozens of rows is a line that looks small but stalls deals: "Do employees acknowledge your information-security policy?" This guide explains what that question is really asking, why "we think so" is not an answer, and how to produce a dated record your auditor and customers can rely on.

The first time a serious customer wants to buy your software, their security team usually goes first. They send a security questionnaire — a SIG, a CAIQ, or the buyer's own spreadsheet — and your sales cycle now depends on answering it cleanly. Most of it is about your product and your infrastructure. But a recurring row is about your people: do your employees acknowledge your information-security policy, and can you prove it?

What the question is really asking

The reviewer is checking a basic control: that you have an information-security policy, that your team has actually seen it, and that you can show who acknowledged it and when. The same row shows up in a handful of forms:

  • "Are personnel required to acknowledge information-security policies upon hire and annually?"
  • "Do you maintain records of employee acceptance of your acceptable-use policy?"
  • "Provide evidence that staff have acknowledged your security and code-of-conduct policies."

"We think everyone signed it during onboarding" is the answer that turns one row into a follow-up call. What the reviewer wants is a dated record they can take back to their own auditor.

Accedo signer portal where an employee reviews the information-security policy and adds a dated acknowledgment signature
Each employee reviews the policy and signs — and the date is captured automatically.

Answering the question with a dated record

Accedo is the focused acknowledgment layer for exactly this question: you upload the information-security policy you already wrote, it distributes it to every employee, captures a timestamped signature, and keeps the record you can export and attach to the questionnaire. The policy-acknowledgment row turns from "we think so" into a dated record you can hand the prospect's security team directly.

You bring your own documents — Accedo does not author, supply, or replace your policy. It distributes what you upload, collects the signatures, and keeps the audit trail so the answer is "here is the dated record," not "we think so."

  • Publish the policy and assign it to every employee, including new hires as they join.
  • Collect a dated signature from each person, so acknowledgment becomes a fact you can point to.
  • Export the record and attach it to the questionnaire — or hand it to the prospect's security team directly.

Get this in order before the questionnaire arrives, and the policy-acknowledgment row stops being the thing that slows your first enterprise deal.

Answer the policy-acknowledgment line with a dated record.

Publish your information-security policy, collect a signature from every employee, and export the trail. Start free.

Get Started Free See Pricing