Hop And Haul Policies

Appearance

Hop And Haul Policy Index

Document ID: PLCY-IDX-001
Version: 1.8
Effective Date: January 21, 2026
Last Review: January 21, 2026
Owner: Hop And Haul Team

CONFIDENTIAL

This document is CONFIDENTIAL and for internal use only. Do not distribute outside the organization.

1. Purpose

This document serves as the authoritative index of all Hop And Haul policy documents, establishing governance structure, ownership, review cadence, and regulatory mapping.

2. Policy Document Registry

SaaS Model

Hop And Haul is a SaaS platform. See Governance & Assumptions for role definitions and responsibility boundaries.

Document IDTitleVersionOwnerLast ReviewNext Review
PLCY-GOV-001Governance & Assumptions1.0Hop And Haul TeamDec 22, 2025Quarterly
PLCY-SYS-001System Description1.0Hop And Haul TeamDec 22, 2025Dec 2026
PLCY-BUF-001Safety Buffer Parameters1.2Hop And Haul TeamJan 21, 2026Jun 2026
PLCY-LIA-001Accident & Liability Framework1.0Hop And Haul TeamDec 22, 2025Dec 2026
PLCY-INC-001Incident Response Procedures1.0Hop And Haul TeamDec 22, 2025Jun 2026
PLCY-VOI-001Voice Agent Integration Policy1.7Hop And Haul TeamJan 21, 2026Jun 2026
PLCY-VOI-002Voice Agent Technical Specification1.2Hop And Haul TeamJan 21, 2026Jun 2026
PLCY-VOI-003Voice Escalation Procedures1.1Hop And Haul TeamJan 21, 2026Jun 2026
PLCY-COM-001Driver Communication Policy3.0Hop And Haul TeamJan 21, 2026Jun 2026
PLCY-ADM-002Admin Call Routing Configuration1.0Hop And Haul TeamDec 30, 2025Jun 2026
PLCY-VAL-001Pre-Transaction Validation1.1Hop And Haul TeamDec 22, 2025Jun 2026
PLCY-SEC-001Security Controls1.0Hop And Haul TeamDec 22, 2025Jun 2026
PLCY-ACC-001Access Control Matrix1.0Hop And Haul TeamDec 22, 2025Jun 2026
PLCY-DATA-001Data Classification Policy1.0Hop And Haul TeamDec 22, 2025Dec 2026
PLCY-AUD-001Audit Trail Specifications1.2Hop And Haul TeamJan 21, 2026Dec 2026
PLCY-CON-001Consent & Authorization Log1.2Hop And Haul TeamJan 21, 2026Dec 2026
PLCY-FIN-001Financial Controls1.0Hop And Haul TeamDec 22, 2025Dec 2026
PLCY-RAT-001Rating System Policy1.0Hop And Haul TeamDec 22, 2025Dec 2026
PLCY-RET-001Records Retention Policy1.0Hop And Haul TeamDec 22, 2025Dec 2026
PLCY-CTL-001Control Testing Procedures1.0Hop And Haul TeamDec 22, 2025Jun 2026
PLCY-DRP-001Disaster Recovery Plan1.1Hop And Haul TeamDec 22, 2025Jun 2026
PLCY-RSK-001Risk Assessment Policy1.0Hop And Haul TeamDec 22, 2025Jun 2026
PLCY-INF-001Infrastructure Sizing1.0Hop And Haul TeamDec 22, 2025Jun 2026
PLCY-ORG-001Organization & Domain Policy1.0Hop And Haul TeamDec 22, 2025Jun 2026
PLCY-FRP-001Findings & Remediation Plan1.0Hop And Haul TeamDec 22, 2025Quarterly
PLCY-IDX-001Policy Index (this document)1.8Hop And Haul TeamJan 21, 2026Quarterly

2.1 Federal Compliance Documents

Document IDTitleVersionOwnerLast ReviewNext Review
PLCY-FED-001Federal Compliance Overview1.0Hop And Haul TeamDec 30, 2025Jun 2026
PLCY-FED-002SSP-Lite (System Security Plan)1.0Hop And Haul TeamDec 30, 2025Jun 2026
PLCY-FED-003Risk Register (Federal)1.0Hop And Haul TeamDec 30, 2025Jun 2026
PLCY-FED-004Development Roadmap1.0Hop And Haul TeamDec 30, 2025Jun 2026
PLCY-FED-005Control Mapping Matrix1.0Hop And Haul TeamDec 30, 2025Jun 2026
PLCY-NIST-AC-001NIST Access Control Policy (AC)1.0Hop And Haul TeamDec 30, 2025Jun 2026
PLCY-NIST-AU-001NIST Audit & Accountability Policy (AU)1.0Hop And Haul TeamDec 30, 2025Jun 2026
PLCY-NIST-IR-001NIST Incident Response Policy (IR)1.0Hop And Haul TeamDec 30, 2025Jun 2026
PLCY-NIST-CMSI-001NIST Config Mgmt & Integrity Policy (CM/SI)1.0Hop And Haul TeamDec 30, 2025Jun 2026
PLCY-NIST-SA-001NIST Vendor Risk Management Policy (SA)1.0Hop And Haul TeamDec 30, 2025Jun 2026

3. Trust Service Criteria Mapping

3.1 Common Criteria (CC) Coverage

CriteriaDescriptionPrimary Documents
CC1Control EnvironmentPLCY-IDX-001, PLCY-SYS-001
CC2Communication & InformationPLCY-COM-001, PLCY-VOI-001, PLCY-AUD-001
CC3Risk AssessmentPLCY-BUF-001, PLCY-INC-001, PLCY-RSK-001
CC4Monitoring ActivitiesPLCY-CTL-001, PLCY-AUD-001
CC5Control ActivitiesPLCY-VAL-001, PLCY-SEC-001
CC6Logical/Physical AccessPLCY-ACC-001, PLCY-SEC-001
CC7System OperationsPLCY-INC-001, PLCY-SYS-001
CC8Change ManagementPLCY-SEC-001
CC9Risk MitigationPLCY-LIA-001, PLCY-BUF-001

3.2 Availability Criteria Coverage

CriteriaDescriptionPrimary Documents
A1.1Capacity PlanningPLCY-SYS-001, PLCY-DRP-001
A1.2Recovery ObjectivesPLCY-INC-001, PLCY-DRP-001
A1.3Testing RecoveryPLCY-INC-001, PLCY-DRP-001, PLCY-RSK-001

3.3 Confidentiality Criteria Coverage

CriteriaDescriptionPrimary Documents
C1.1Identify Confidential InfoPLCY-DATA-001
C1.2Dispose Confidential InfoPLCY-DATA-001, PLCY-RET-001

3.4 Processing Integrity Coverage

CriteriaDescriptionPrimary Documents
PI1.1Input ValidationPLCY-VAL-001
PI1.2Processing ControlsPLCY-VAL-001, PLCY-FIN-001
PI1.3Output ReviewPLCY-AUD-001

3.5 Privacy Criteria Coverage

CriteriaDescriptionPrimary Documents
P1-P8Privacy PrinciplesPLCY-DATA-001, PLCY-CON-001

4. Regulatory Alignment Matrix

RegulationApplicable Documents
49 CFR 392.80 (Texting prohibition)PLCY-COM-001, PLCY-VOI-001
49 CFR 392.82 (Handheld phone prohibition)PLCY-COM-001, PLCY-VOI-001
49 CFR 390.6 (Coercion prohibition)PLCY-COM-001, PLCY-VOI-001, PLCY-RAT-001
FMCSA HOS regulationsPLCY-VAL-001, PLCY-BUF-001
DOT accident reportingPLCY-LIA-001, PLCY-INC-001
State recording consent lawsPLCY-VOI-001, PLCY-CON-001
Workers' compensationPLCY-LIA-001
IRS worker classificationPLCY-FIN-001, PLCY-SYS-001

5. NIST 800-53 Control Family Mapping

5.1 FedRAMP Moderate Baseline Coverage

Control FamilyFamily NamePrimary DocumentsCoverage
ACAccess ControlPLCY-SEC-001, PLCY-ACC-001, PLCY-NIST-AC-00180%
ATAwareness & TrainingPLCY-RSK-00167%
AUAudit & AccountabilityPLCY-AUD-001, PLCY-NIST-AU-00194%
CAAssessment & AuthorizationPLCY-CTL-00156%
CMConfiguration ManagementPLCY-SEC-001, PLCY-DRP-001, PLCY-NIST-CMSI-00182%
CPContingency PlanningPLCY-DRP-00192%
IAIdentification & AuthenticationPLCY-SEC-00183%
IRIncident ResponsePLCY-INC-001, PLCY-NIST-IR-00190%
MAMaintenancePLCY-DRP-00167%
MPMedia ProtectionPLCY-RET-00175%
PEPhysical & EnvironmentalN/A (Inherited from AWS)100%
PLPlanningPLCY-FED-00478%
PMProgram ManagementPLCY-IDX-00175%
PSPersonnel SecurityN/A (Inherited)100%
RARisk AssessmentPLCY-RSK-001, PLCY-FED-00389%
SASystem & Services AcquisitionPLCY-NIST-SA-00164%
SCSystem & CommunicationsPLCY-SEC-00178%
SISystem & Information IntegrityPLCY-SEC-001, PLCY-NIST-CMSI-00178%
SRSupply Chain RiskPLCY-NIST-SA-00158%

5.2 Federal Compliance Documents

Document IDTitleNIST Families
PLCY-FED-001Federal Compliance OverviewAll
PLCY-FED-002SSP-LiteAll
PLCY-FED-003Risk Register (Federal)RA, PM
PLCY-FED-004Development RoadmapPL, PM
PLCY-FED-005Control Mapping MatrixAll
PLCY-NIST-AC-001Access Control PolicyAC
PLCY-NIST-AU-001Audit & Accountability PolicyAU
PLCY-NIST-IR-001Incident Response PolicyIR
PLCY-NIST-CMSI-001Config Mgmt & Integrity PolicyCM, SI
PLCY-NIST-SA-001Vendor Risk Management PolicySA, SR

For detailed control-by-control mapping, see Control Mapping Matrix.

6. Review Schedule

6.1 Review Frequency

FrequencyDocuments
QuarterlyPLCY-FRP-001, PLCY-IDX-001
Semi-AnnualPLCY-BUF-001, PLCY-INC-001, PLCY-VOI-001, PLCY-COM-001, PLCY-VAL-001, PLCY-SEC-001, PLCY-ACC-001, PLCY-CTL-001, PLCY-DRP-001, PLCY-RSK-001, PLCY-INF-001, PLCY-ORG-001
AnnualPLCY-SYS-001, PLCY-LIA-001, PLCY-DATA-001, PLCY-AUD-001, PLCY-CON-001, PLCY-FIN-001, PLCY-RAT-001, PLCY-RET-001

6.2 Review Triggers (Outside Scheduled)

  • Significant incident requiring policy change
  • Regulatory update affecting covered topics
  • Audit finding requiring remediation
  • Material change in operations
  • New product/feature launch

7. Document Ownership

All policy documents are owned and maintained by the Hop And Haul Team.

Customer Roles (Fleet Operator - Not Hop And Haul Staff)

Where policies reference operational roles like "Safety Director" or "Operations Manager," these refer to customer staff, not Hop And Haul employees. See Governance & Assumptions for details.

8. Cross-Reference Dependencies

DocumentReferencesReferenced By
PLCY-BUF-001-PLCY-VOI-001
PLCY-RET-001-PLCY-LIA-001, PLCY-INC-001, PLCY-DATA-001, PLCY-AUD-001, PLCY-SEC-001, PLCY-DRP-001
PLCY-VAL-001PLCY-BUF-001PLCY-SYS-001, PLCY-LIA-001
PLCY-COM-001PLCY-BUF-001PLCY-VOI-001
PLCY-SEC-001-PLCY-ACC-001, PLCY-DATA-001, PLCY-DRP-001, PLCY-RSK-001, PLCY-INF-001
PLCY-INC-001PLCY-VOI-001PLCY-LIA-001, PLCY-DRP-001, PLCY-RSK-001
PLCY-DRP-001PLCY-INC-001, PLCY-SEC-001, PLCY-AUD-001, PLCY-RET-001PLCY-RSK-001, PLCY-INF-001
PLCY-RSK-001PLCY-DRP-001, PLCY-INC-001, PLCY-SEC-001, PLCY-AUD-001-
PLCY-INF-001PLCY-DRP-001, PLCY-SEC-001, PLCY-RSK-001-
PLCY-ORG-001PLCY-ACC-001, PLCY-SEC-001, PLCY-RET-001, PLCY-DATA-001-

9. Version Control Standards

9.1 Version Numbering

  • Major version (X.0): Significant restructuring or scope change
  • Minor version (X.Y): Content additions or modifications
  • Patches: Tracked in document control section

9.2 Change Documentation

All policy changes require:

  • Version increment
  • Date update
  • Author attribution
  • Change summary in document control section

9.3 Approval Requirements

Change TypeRequired Approvers
New policyDocument owner + Executive sponsor
Major revisionDocument owner + Compliance Manager
Minor revisionDocument owner
Emergency changeAny executive + Compliance review within 48 hours

10. Document Control

VersionDateAuthorChanges
1.0December 22, 2025Hop And Haul TeamInitial release
1.1December 22, 2025Hop And Haul TeamAdded PLCY-INF-001, PLCY-ORG-001; updated DRP to 1.1
1.2December 22, 2025Hop And Haul TeamAdded PLCY-GOV-001
1.3December 22, 2025Hop And Haul TeamUpdated PLCY-BUF-001, PLCY-VAL-001 to v1.1 (HOS/ELD, same-day constraints)
1.4December 30, 2025Hop And Haul TeamAdded Federal Compliance section and NIST 800-53 mapping
1.5December 30, 2025Hop And Haul TeamAdded PLCY-VOI-002, PLCY-VOI-003, PLCY-ADM-002 (Voice Agent technical docs)
1.6December 30, 2025Hop And Haul TeamUpdated PLCY-VOI-001 to v1.5, PLCY-VOI-002 to v1.1 (dispatch coordination model, one-touch headset prerequisite, Samsara route updates)
1.7January 2, 2026Hop And Haul TeamSamsara Messages Integration: Updated PLCY-COM-001 to v2.0 (Samsara Messages API as primary communication, voice as last resort), PLCY-VOI-001 to v1.6 (voice fallback section), PLCY-AUD-001 to v1.1 (Samsara Message events), PLCY-CON-001 to v1.1 (new consent_method values)
1.8January 21, 2026Hop And Haul TeamDriver Communication Policy v3.0: Replaced PLCY-COM-001 with new policy structure (voice-first, 15-min buffers, 5-min response window, standard call scripts, prohibited language, driver rights). Updated: PLCY-VOI-001 to v1.7, PLCY-VOI-002 to v1.2, PLCY-VOI-003 to v1.1 (aligned with new policy). PLCY-BUF-001 to v1.2 (15-min buffer requirement). PLCY-CON-001 to v1.2 (driver rights). PLCY-AUD-001 to v1.2 (new event types).

CONFIDENTIAL - Internal Use Only - Hop And Haul Policy Documentation

Hop And Haul Team - Do Not Distribute