Skip to Content

Policy Acknowledgement

by
Odoo

149.00

v 18.0 Third Party
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Employees (hr)
Website (website)
Lines of code 1776
Technical Name policy_acknowledgement
LicenseOPL-1
Websitehttps://spacecitysoftware.com/policy_acknowledgement
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Employees (hr)
Website (website)
Lines of code 1776
Technical Name policy_acknowledgement
LicenseOPL-1
Websitehttps://spacecitysoftware.com/policy_acknowledgement

Policy Acknowledgement

Versioned policies, mass-acknowledge campaigns, and tamper-evident audit evidence - on top of Odoo HR.
SOC 2 / ISO 27001 / HIPAA / GDPR ready.

Policy Acknowledgement for Odoo

A self-hosted alternative to bundled GRC policy modules

The audit-grade policy workflow, on Odoo, for a one-time price.

SOC 2 / ISO 27001 / HIPAA audits all require evidence that employees have read and signed the relevant policies on a recurring cadence. The dominant solution today - Drata Policies, Vanta Policies, Hyperproof Policies - bundles this into a $7,500-$30,000/year GRC platform.

This module gives you the policy-attestation workflow surface directly inside Odoo HR. One-time purchase. Versioned policies, bulk-issue campaigns with audience targeting, employee-portal click-to-attest, immutable audit evidence with a tamper-evident sha256 hash on every acknowledgement.

One policy, every version, full history

Owner, frequency, audience, and the entire revision chain on one form

Parent policy form with audience and re-attestation cadence

Versioned policy library

Draft → Published → Archived. Published versions are immutable.

Published policy version with locked text and statusbar

Features

Versioned policies with state machine

Draft versions are freely editable. Publishing locks text_html and version for the audit trail. To revise a published policy, click "New Version" to fork to a fresh draft - the version number auto-bumps (1.0 → 1.1) and the parent linkage is recorded.

Mass-acknowledge campaigns

Bulk-issue an acknowledgement to a target audience. The campaign tracks who has acknowledged, who hasn't, and a daily cron ships reminders to laggards on a configurable interval. Live progress widget shows current attestation percentage.

Audience targeting from Odoo HR

Target by individual hr.employee records, entire hr.departments, or both. Policies default to "all active employees"; campaigns can override with a narrower scope per launch (e.g. "Engineering only for this quarter's annual refresh").

Immutable, write-once evidence

Every acknowledgement is an append-only audit row. Snapshot fields (version, full text, signer name and email, signature, IP, timestamp) are populated at create time and rejected from all subsequent writes - even by managers. The only permitted mutation is the GDPR forget action.

Tamper-evident SHA-256 snapshot hash

Beyond the snapshot text, every acknowledgement stores a sha256 hex digest of the policy body at attestation time. Auditors can re-hash the snapshot HTML and verify it matches the stored hash without trusting the row directly - a chain-of-custody anchor that no other Odoo "policy" module on the App Store provides.

Employee portal at /my/policies

Logged-in employees see two lists: pending acknowledgements they're responsible for, and a history of what they've already attested. Clicking through a pending row shows the full policy text and a typed-signature form - one click to attest.

Six starter policy templates

Module ships with six starter policies (Acceptable Use, Information Security, Data Retention & Disposal, Confidentiality & Sensitive Data Handling, Remote Work / BYOD, and Incident Response Awareness) as draft scaffolds. Replace the text with your own lawyer-reviewed copy before publishing - the workflow is the product, not the legal text.

Manager / User permission split

Two security groups: User (read-only on policies, can attest their own) and Manager (full CRUD plus full evidence visibility). A self-only ir.rule ensures regular employees can only see their own attestation rows on the portal - no peer-signer leakage.

Multi-company isolation

Per-company ir.rule records on every model - policies, versions, acknowledgements, and campaigns. Tested for cross-tenant isolation.

GDPR-ready

One-click forget action wipes a signer's PII (name, email, signature, IP) while preserving the snapshot text and hash for audit. Email is replaced with a redacted marker so unique constraints stay valid.

No Odoo Sign required

Click-to-attest with typed-signature works on Odoo 18 Community out of the box. Optional integration with Odoo Sign (Enterprise) can be wired in v2 if you prefer cryptographic attestation - not required for v1.

Run a campaign in three clicks

Pick a published version, select an audience, hit Launch.

Campaign form with statusbar workflow

Auditor-ready evidence list

Filter by campaign, policy, employee, or date range. Export to XLSX from any list view.

Acknowledgement evidence list (auditor view)

Employee portal - one-click attestation

Employee /my/policies portal with pending acknowledgement

Typed-signature attestation, captured forever

One checkbox, one typed name, one immutable audit row

Employee acknowledgement form with checkbox and typed signature

Why teams pick this over a separate GRC platform

  • Lives where the employees do. Acknowledgement happens on Odoo Portal, the same place employees already go for time-off, expenses, and timesheets. No new login, no new tool.
  • Audit-grade by default. Write-once evidence rows with sha256 snapshot hash. No way for a manager to retroactively edit a signed acknowledgement, even with backend access.
  • One-time price. Pay once on the Odoo App Store. No recurring fees.
  • Bring your own legal text. Six starter policies are scaffolds, not finished templates. Replace the body before publishing - you own the legal text, we provide the workflow.
  • Mass-acknowledge campaigns with reminders. Daily cron nudges laggards on the cadence you set (default weekly). Live progress widget shows percent complete.
  • GDPR-friendly. Forget-signer action wipes PII while keeping the audit row. Snapshot hash remains valid for compliance.
  • Multi-company from day one. Run separate policy programs per Odoo company in a multi-tenant install - rules enforced server-side.
  • Compatible with Odoo 18 Community and Enterprise. No Odoo Sign required; works on bare Community.

Requirements

Odoo 18 (Community or Enterprise) with the hr, portal, website, and mail modules installed.

No external API keys, no third-party services, no recurring fees beyond the one-time App Store purchase.

More from Space City Software

Other Odoo apps that pair well with Policy Acknowledgement

Trust Center for Odoo

Trust Center

Customer-facing security posture: compliance frameworks, NDA-gated documents, and access-request workflow on /trust.

Status Page for Odoo

Status Page

Public component health, incident timelines, and email subscribers, built into your Odoo Website at /status.

Roadmap Portal for Odoo

Roadmap Portal

Public roadmap with upvoting and an auto-published changelog on your Odoo Website. Email subscribers, double-opt-in.

Support

Bug reports and configuration questions are handled by the author within 14 days. Use the "Contact Author" button at the top of this page or reach out via email. 

Odoo Proprietary License v1.0

This software and associated files (the "Software") may only be used (executed,
modified, executed after modifications) if you have purchased a valid license
from the authors, typically via Odoo Apps, or if you have received a written
agreement from the authors of the Software (see the COPYRIGHT file).

You may develop Odoo modules that use the Software as a library (typically
by depending on it, importing it and using its resources), but without copying
any source code or material from the Software. You may distribute those
modules under the license of your choice, provided that this license is
compatible with the terms of the Odoo Proprietary License (For example:
LGPL, MIT, or proprietary licenses similar to this one).

It is forbidden to publish, distribute, sublicense, or sell copies of the Software
or modified copies of the Software.

The above copyright notice and this permission notice must be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author or have a question related to your purchase, please use the support page.