Citrix Secure Developer Spaces™

Information Security Policy

The Information Security Policy lets you publish your organization’s security policy document to everyone on the platform. As an administrator, you upload a PDF and set how long it stays valid before you renew it. Users can open and read the policy at any time.

Find this setting at Settings > Security > Information Security Policy.

Information Security Policy

What the Information Security Policy is used for

Use this feature to make a single, authoritative security policy available across the platform. You upload the document, and the platform stores its submission date, its most recent renewal date, and its expiry date so your policy stays current.

The document must be a PDF.

Where users see the policy

Anyone signed in to the platform can open the policy from the Policy link in the footer. Selecting it opens a window that shows:

  • The submission date.
  • The renewal date.
  • The expiry date.
  • The policy document itself.

Administrators also see a Renew button in this window.

Is acceptance required?

No. The Information Security Policy is a reference document. Users can read it whenever they want, but they aren’t prompted to accept it, and they aren’t blocked from using the platform if they haven’t opened it.

Note:

If you need users to actively accept a document before they can use the platform, use Terms of Service Agreements instead. The two features are separate: Terms of Service Agreements require acceptance and block access until the user accepts, while the Information Security Policy is read-only for users and never blocks them.

How Approval Expiry works

When you upload the policy, you set an Information Security Policy Approval Expiry period: 3, 6, 9, 12, 18, or 24 months. The platform uses this to calculate an expiry date, measured from the upload date.

This is an administrator reminder, not a user re-acceptance schedule. Here’s what expiry does and doesn’t do:

  • It doesn’t affect users. Users are never re-prompted, notified, or blocked when the policy expires.
  • It reminds administrators. Within 14 days of the expiry date, and after it passes, administrators see a warning that the policy needs attention. This keeps your published policy current.

So the Approval Expiry period sets how long your document is considered current before you, as an administrator, need to renew or replace it. Users aren’t asked to approve the policy based on this period.

Keep the policy current

Clear an expiry warning in one of two ways:

  • Upload a new policy. Go to Settings > Security > Information Security Policy, upload a new PDF, and set a fresh Approval Expiry period. This replaces the current document.
  • Renew the current policy. Open the policy from the footer and select Renew. This extends the expiry date without replacing the document.
Information Security Policy