Clauses act as reference points that relate Exos policies to a common theme and controls. Clauses can be defined for each organization and help map authority documents to organizational policies.

Clauses can be accessed from the "My Organization" section by clicking the ellipsis next to the "Add New Employee" button.


In Exos, clauses are predefined in an organization and can be related to policies in Exos so that it's easy to see how policies are mapped to frameworks (eg. HIPAA).

MedStack Clauses

There is a growing list of MedStack Clauses that represent many of the inheritable controls, policies, and procedures that you get by using Exos with MedStack Control.

Setting clauses

MedStack has already done much of the hard work for you by directly mapping clauses to some of our pre-defined policies. However, depending on your chosen frameworks, you may wish to modify your mappings.

This can be customized at the bottom of every policy in Exos.

The footer section of a policy in Exos.

The footer section of a policy in Exos.


The current list includes known limitations for the clauses feature in Exos:

  • Clauses cannot be edited nor deleted.
  • Custom clauses cannot be created.
  • New groups of clauses (i.e. SOC 2, ISO) cannot be created.