Detects ICS calendar attachments that include a social-engineering lure referencing policy review and secure access, a technique commonly used in credential phishing and BEC campaigns. The rule triggers on inbound messages with attachments whose file_type is ics or whose content_type is text/calendar or application/ics. It then analyzes the top-level content (depth 0) of the exploded file for both phrases (case-insensitive): 'policy review' and 'secure access'. Detection occurs only when both phrases are present within the ICS content. This indicates an attempt to prompt action under compliance or security requirements through calendar invites. The rule uses file analysis and content analysis to identify suspicious calendar invites and maps to high-severity risk due to potential credential compromise or fraud. Attack types include Credential Phishing and BEC/Fraud, with tactics focusing on Evasion and Social engineering. The rule is designed for endpoint-facing inspection of attachments and calendar-related applications, leveraging file-level inspection to catch calendar-based social engineering payloads.