I'm not a fan of comprehensive policies. Often what happens is that there are pretty useless exercises in generating paper that spends too much effort on the wrong things. In practice, what will happen if you write a big policy right now, you'll find that when something does come up, the policy doesn't make any sense.
In drafting policies, your focus should be to answer the question "who decides?" You should refrain from saying "we should do X" but rather write the policy so that "person X is responsible for deciding what we do in situation Y." If someone wants to use the logo, who decides what can be done. If you have a rule, you need to figure out who can change or make exceptions to the rule.
The other question you should ask is "what is the bad thing that can happen if we get this wrong?" If you can't think of the bad thing that you are trying to prevent, then it's likely a waste of time to worry about that policy. Finally, it's a good idea to run the policy discussion past someone that is one the outside. I've found that non-profits can spend extraordinarily large amounts of time arguing over things that people on the outside think are silly.
Also you need to figure out how much you need to formalize. If it's a small 20 person non-profit, then what will happen is that most of the stuff will get decided informally. If you have a 2000 staff members, then you need to get pretty formal and elaborate, since you can't get everyone in the same room.
Here are the things that I would be worried about.
1) Financial control and privacy rules. Here you need to remember that this is not an issue of policy but of *law*. There are legal requirements on what you can do with student data, and there are also legal requirements as to what you are required to do when it comes to money. Also, you will have to check with any contributions that you've received to see what are the strings that are attached on those.
When drafting a policy manual, what you want to do is less to come up with new policies than to make sure that the legal requirements and constraints that you are under are in one easy to find reference location.
2) Harassment policy. The actual policy doesn't need to be any more than saying that people should behave decently, but you should absolutely have some contact person that can handle these situations, and then some internal policy about how issues should be escalated. If you are dealing with students, these sorts of issues *will* come up (i.e. high school student X is being annoyingly persistent at asking high school student Y out for a date, someone tells an offensive joke or posts a NSFW thing on the bulletin board) but hopefully they'll be minor. The nightmare scenario is that you come to work one day and find out that a staff member is being accused of something very nasty, and at that point you should have a clear policy that determines "who decides what needs to be done?"
3) Intellectual property/acceptable use policy. Who owns generated content? One thing that you'll quickly find is that if you have some sort of community that these will be completely non-controversial until one day you announce a change and everyone starts screaming.
4) Accessibility/access policies. This becomes extremely important because you may be under ADA requirements, and even if you are not you want to do the right thing.
5) Press policy. This should be something that says that people should refrain from making people think that they are speaking officially on behalf of the organization, and that persons X, Y, and Z are the people that can speak officially on behalf of the organization.
6) HR. Things like sick days, vacation times, travel policies. These are usually non-controversial, but it's important to have them in one place for easy reference.
7) Organization chart and list of meetings. No brainer, but good to have it in one place.
8) Anything else that might be controversial. This can be different from non-profit to non-profit. In one non-profit I was part of, we spent a huge amount of time and energy arguing over smoking policy.
Finally, when it comes to policies, one other way of thinking about it is that the policy manual can tell you when to be rude. If someone is asking a lot of questions, they could be using social engineering to do something nasty, and so the policy manual should give you a clear idea of when you can be rude and unhelpful.