This policy is used to ensure the company's 3rd party suppliers (such as those providing technology software to the company) adhere to certain security standards as required by ISO27001 or SOC2 for instance. Everything after the Introduction can and should be copy and pasted into supplier legal agreements, or else the supplier agreements should reflect this policy. The company may not have such stringent requirements on suppliers processing non-critical data as defined by the company.
This Letter of Intent (LOI) can be used for any commercial transaction, such as confirming interest in a software product with a client. It is purposely kept lightweight and simple, where the key commercial terms can be filled in. It is not a legally binding document, but makes reference to a potentially future "Formal Agreement".
This grievance policy outlines how an employee can raise issues and grievances that may occur within the company. It outlines who they should let know, how to raise the issue and the procedure that would occur once the issue is raised. This document may be used in conjunction with the ISO27001 certification.
This Cryptographic Controls Policy details when encryption is required and how encryption keys (private and public) should be managed. It links to a Password Policy and Security Policy, which are typically other policies used as part of an overall Information Security Management System (ISMS), such as those required for ISO27001 and SOC2.