ISMS Copilot
Prompt engineering

Generate Policies in Markdown Format

ISMS Copilot generates policies and procedures in Markdown format for version control, audit trails, and compliance-as-code workflows. Markdown files are UTF-8 encoded, portable, and integrate with Git repositories and GRC platforms.

Before you begin: You'll need an active workspace and sufficient document generation quota for your plan tier.

Request Markdown Output

Specify Markdown format in your prompt to generate structured policies ready for export:

Draft an access control policy for ISO 27001 A.5.15-5.18 in Markdown format with sections for Purpose, Scope, Controls, and Review Schedule.

For tabular outputs like control mappings, request explicit columns:

Create a markdown table mapping GDPR Article 32 requirements to technical controls with columns: Requirement, Control ID, Implementation Status, Evidence.

The AI generates Markdown with proper heading hierarchy, lists, and tables. Iterate by requesting adjustments like "Add a Roles and Responsibilities section" or "Convert to checklist format."

Download Markdown Files

When the AI generates a policy document, a "Generated Documents:" section appears in the message. Click the preview icon (👁️) to open the document panel, then use the download button (⬇️) to save the .md file to your device.

For full conversation history including all prompts and outputs, click the ellipsis (⋯) in the chat header and select "Copy entire conversation" to copy Markdown to your clipboard.

Downloaded files use UTF-8 encoding. If your editor shows encoding issues, verify it's set to UTF-8.

Use Markdown for Version Control

Markdown policies integrate with Git workflows for audit-ready compliance documentation:

  1. Download or copy the Markdown policy file

  2. Add it to your Git repository (e.g., /policies or /compliance folder)

  3. Commit with a descriptive message: git commit -m "Add ISO 27001 access control policy v1.0"

  4. Track changes with git diff to see policy updates over time

  5. Tag releases for certification milestones: git tag iso27001-audit-2024

Markdown files work with Confluence, Notion, GitHub wikis, and GRC platforms like Vanta or Drata. Store policies alongside code for DevSecOps teams or link them to infrastructure-as-code repositories.

Always review and validate AI-generated policies against official standards before committing to version control or using in audits.

Best Practices

  • Specify format upfront: Include "in Markdown format" in your initial prompt to avoid reformatting

  • Use workspaces: Separate client or project policies into dedicated workspaces for clean version control

  • Iterate before exporting: Refine structure and content in the chat, then download the final version

  • Reference controls explicitly: Mention specific control IDs (e.g., "ISO 27001 A.8.1") for accurate, non-generic outputs

For more prompting techniques, see Request Specific Output Formats. To learn about document preview and download features, see Previewing Generated Documents.

Was this helpful?