Policy management software: the buyer’s guide

Policy management software: the buyer’s guide

Policy management software: the buyer’s guide

Managing policies is important in every organisation, and absolutely critical in particular sectors which either have prominent areas of risk or are regulated. These sectors cover everything from financial services to construction to charities.

Across many industries, policy management software is often identified as a potential solution when organisations find they are:

  • spending too much time managing the administration of policies
  • the business has important safeguarding and policy management responsibilities and wants to minimise their risks.

While identifying the need to buy policy management software is relatively straightforward, choosing the right software is less so. Customers often ask us what the key features of policy management software are and want to know how to evaluate the right solution. In this article we’re going to explore how to buy policy management software, looking at the key features to watch out for, the process for evaluation, and other things that buyers need to consider.

What is policy management software?

We define policy management software as "any solution which helps policy owners and digital workplace teams effectively manage their content throughout its lifecycle, ensuring it is up-to-date, accurate and effectively distributed to users."

On top of capabilities that deliver around the policy management lifecycle, there are usually additional features that support employee attestation, a more sophisticated search, integration with other systems and so on. Policy management solutions like Xoralia go beyond the basics and provide highly useful extras that make life easier for teams managing policies and the users accessing them.

What key features should policy management software have?

Policy management software will have a number of core features, as well as the various "extras" that add value. It’s important to know what these features are to be able to evaluate the right solution. Below we explore the main features of a policy management solution as well as the value-added components; note that all these capabilities are available with Xoralia.

"Does it provide a central controlled library for distribution of documents?"

🛈Distribution and dissemination are key elements of policy management. An effective policy management solution should include a document library from where anyone in the organisation can access the policies they need. Potentially this could be integrated into an organisation’s intranet.

This document library must also include the right governance and controls to ensure only nominated policy owners and administrators can upload and update specific policies. It should also have elements such as automatic version control and numbering, and also the ability to restrict certain policies and procedures to different audience groups.

"Does it have a powerful search?"

🛈Making your policies findable and discoverable is key. A good policy management solution will have a dedicated search using document titles and departments, while also being filterable on meaningful data such as policy owner, category and so on. Having strong findability means that employees can find what they need and makes it more likely they will engage with policies.

"Does it allow for custom labels and tags?"

🛈Every organisation is different and will want to present their policies to users in custom ways. Policy management software should therefore be flexible and allow you to add custom labels and tags to policies to categorise and present your library of policies in different ways to users.

"Does it have personalised views?"

🛈Support for personalisation is a must-have feature for any policy management software. Not every policy is going to be relevant for every employee, and when a user views a policy and procedure library, they should only see the policies that are targeted to them based on their profile (location, division etc.) and in terms of any action required, such as mandatory reads. In Xoralia, we created personalised views for users, but also for policy managers who can see what they need to do to manage the policies they are responsible for.

"Does it support policy owners through the policy management lifecycle?"

🛈Your solution should actively support policy owners in manging their policies throughout the policy management lifecycle, covering everything from creation and distribution, through to reviewing and updating with new versions, to eventually retiring and replacing a policy.

Various features will support this including permission management to ensure only nominated policy owners and admins can manage particular policies, automatic review reminder notifications, approval workflow for policies, document versioning and the ability to archive policies.

"Can it support an employee attestation process?"

🛈An important feature of policy management software is support for the employee attestation process. This underpins compliance with policies that are mandatory to read, by ensuring that employees confirm they have read the policy in question. The software manages the attestation process end to end by providing the facility for mandatory reads, but then also providing the reporting to keep track of progress.

Involved in this are several features:

  • The ability for admins to easily set up a mandatory read for a policy and assign it to different groups, ideally those that are already set up in Active Directory (if using that)
  • The ability for users to view the policies they must read and add their confirmation that they have done so
  • The ability to view progress on who has confirmed they have read the policy, and to segment this by different groups so department and team managers can take action if necessary
  • The ability to send out automated reminders to those still to complete the attestation process.

"Can users preview documents in the solution?"

🛈It might sound like a small feature but in the employee attestation process, it helps if an employee can preview and read a document within the policy solution itself. This helps to encourage users to complete the attestation process when they receive the notification and helps push up the proportion of employees who have read policies.

"Does it also have a flexible quiz builder?"

🛈Not all policy management software has an additional feature that not only supports attestation but also validates the knowledge of employees to make sure they have actually read a policy. In Xoralia our new flexible quiz builder allows document owners to create custom questions, use question pools and set a pass mark to ensure employees have read and understood a new policy.

"Does it automate reminders and notifications for users and policy owners?"

🛈Notifications to remind users and policy owners that they need to read or review a policy is also an essential feature of policy management software, underpinning policy management and employee attestation processes. In Xoralia we have recently improved our notifications by making them more customisable, for example so you can create an alias email address that appears as the sender.

"Does it have a reporting suite?"

🛈The ability to report on various different aspects of policy management is another core feature of a good policy management solution. For example, within Xoralia we have a suite of reports that features who has and hasn’t read a particular policy, with the ability to segment by department. This will help you track document lifecycles and their validation history, as well as the read status on a per user or per department basis. This reporting feature also helps to drive compliance by showing external parties that your employees have read a new policy. Other dashboards and views can also help users. For example, allowing users to review their own “read” history and their next set of deadlines, all in one place.

"Can it work with SharePoint and Microsoft 365?"

🛈For any organisation working with SharePoint intranet or Microsoft 365 digital workplace, the ability for a policy management solution to integrate with the wider digital place has enormous benefits. For example, with Xoralia you can integrate it seamlessly within a SharePoint intranet, and even use an existing SharePoint library to include in Xoralia.

We’ve also gone one further by creating a handful of Xoralia web parts that can exposed on a SharePoint site or intranet covering:

  • All documents within the policy library
  • All the mandatory documents that must be read by an individual user
  • All the documents that a policy owner or admin is responsible for and any related review dates.

"Can it work with Azure Active Directory?"

🛈Working with Azure Active Directory is also important, not only underpinning Single Sign-On through Microsoft 365 identities but also for administrators who are likely to want to target policies to existing AAD / Microsoft 365 groups.

"Can it integrate with Microsoft Teams? "

🛈Microsoft Teams has enjoyed huge levels of adoption and in some organisations it’s where many employees are spending much of their working day. The ability for a solution to integrate with Teams means policies are readily available directly in the flow of work. Xoralia now has a Teams app so the solution can be fully consumed within Teams.

"Can it integrate with Microsoft Viva? "

🛈Microsoft Viva is a new employee experience platform accessed through Teams, that is attracting a lot of interest from digital workplace teams. Here at Xoralia we’ve also created two cards that can slot into the Viva Connections dashboard; these cover policies that must be read by users, and policies that are due for review by policy owners and admins.

"Can you automate policy management relating to employee onboarding? "

🛈When a new employee joins your company they often have to read particular policies and confirm they have read them. Ideally, policy management software should include features that automates the onboarding process so that when a new person joins they automatically receive notifications to read the relevant policies.

With Xoralia, we’ve fully automated onboarding by ensuring that when a person is put into a particular AD or Office 365 group they then will then receive relevant notifications. This means any new starters or movers within your company will be asked to read the right policies – meaning that you really can “set and forget”.

"Does it have audit tracking for compliance purposes?"

🛈The need for regulatory compliance or the need to demonstrate compliance to meet certification standards is a significant factor in policy management, and can be useful in legal, regulatory or certification processes. Robust policy management software should support all your compliance processes, including full audit tracking. For example, Xoralia provides a full audit trail around employee attestation that can also be downloaded to Excel. As document libraries are also based on SharePoint it also means that actions around different documents can also be tracked.

"Does it have a freemium product license?"

🛈Often policy owners, IT functions and intranet managers want to see a product in action before making a purchasing decision. A product with a freemium license option can provide an excellent way to “try before you buy”. This is something which we’ve introduced into Xoralia – you can test all our features excluding branding customisation and report extracts, for an unlimited amount of time.

Click here to Get started free

Considering the impact of policy management software

Beyond the features of the product, there are also a range of other non-functional areas to consider to ensure that the potential policy management software ticks all the right boxes.

"Does it integrate with your existing systems?"

🛈Ideally, you'll want your policy management software to integrate with your existing digital workplace and technology stack, and it's likely that this will be on your IT function’s evaluation checklist. We find this is a particularly important question for organisations that have deployed Microsoft 365 and SharePoint Online, and this is one of the key reasons they choose Xoralia, which is built on SharePoint and Microsoft technologies. For many organisations the question "Is the solution based on Microsoft 365 technologies" is effectively the same as "Does it integrate with your existing systems"?

"How will the staff and team cope with the new system?"

🛈Policy management software must be sustainable, so it’s important to consider the usability and accessibility of any new product. This is critical both from an end user and administrator standpoint, and it was a key consideration for us when designing Xoralia; we knew it was essential to make the product intuitive and easy to use.

"How will staff learn to use it? "

🛈You'll also want to make sure that there is training in place for the administrators of the policy management software. Here at Xoralia we offer product training, usually delivered remotely by one of our training team using screen sharing software like Microsoft Teams.

"What about other support?"

🛈Depending on your needs, you’ll also want to know that there is support for your product. Again, we have a support team who can deal with all enquiries and issues, including guiding you through any installation.

"Is the solution secure?"

🛈An important evaluation point in assessing any software is security – and this is an area that cannot be compromised on. One of the reasons why some customers choose Xoralia is that it is integrated into their existing Microsoft 365 digital workplace, so it is subject to the same stringent security and identity management processes that govern the M365 ecosystem.

"Is the software easy to manage?"

🛈The ease of managing any solution will also be a consideration. Here, many teams want a cloud-based solution available as Software-as-a-Service (like Xoralia) where the vendor does virtually all the heavy lifting in terms of upgrades, security patches and other changes.

"What is the best policy management software for me?"

🛈To work out the best policy management software that fits your specific needs, it helps to stick to a process that will help you define your requirements, review a product, and then make a final decision. Generally, a product evaluation process will follow these steps:

  1. Carry out research: speak to your stakeholder and users and define exactly what you need out of the policy management solution.
  2. Make a list of requirements: Based on your research, work out a list of requirements for the software – you might prioritise these including those that are “must have” features.
  3. Identify a product or products: Research the market to find suitable solutions.
  4. Map the product features to your requirements: Ensure any potential solution has the features you need.
  5. Get a demo: arrange a demo of the software to understand its potential and ask any questions.
  6. Compare your products: If reviewing more than one product, compare them to see which is best one. Here involve the right stakeholders and use a MoSCoW evaluation if necessary.
  7. Make the final decision: good luck!

Buying policy management software

Buying policy management software is relatively straightforward but there are various different aspects to consider in finding the right solution for you. We hope you’ve found this buyer’s guide useful. If you have any questions get in touch or arrange a free demo.

Book a live demo

Find out more about Xoralia policy management software

During the demo, we'll walk you through Xoralia’s various features and functionality, providing plenty of time for you to ask our experts questions along the way.

Book a demo

Xoralia SPFX Installation Guide

Xoralia SPFX Installation Guide


This deployment document describes how to install the Xoralia SPFX web parts and adaptive card extensions (ACE’s) onto a SharePoint Tenancy.

This document assumes that:

  • The deployment is undertaken by a competent I.T. professional
  • The person undertaken the deployment has administrator permissions (including access to the SharePoint App Catalogue).

At the end of the deployment, the SharePoint tenancy will have access to the following SPFX web parts and ACE’s:

  1. Must read documents web part (targeted)
  2. All documents library web part
  3. Documents due for review web part (targeted)
  4. Org-wide documents due for review web part
  5. Expired documents VIVA extension card
  6. Must read documents VIVA extension card
  7. Documents due for review VIVA extension card

How to deploy the “Xoralia-SPFX.sppkg” package to your App Catalogue

Visit the admin centre for your SharePoint tenancy (*-admin.sharepoint.com, where ‘*’ is the name of your tenant.

Click “More Features” in the left panel.

Click the “Open” under the Apps section of “More Features”

Click “App Catalog”

Click “Apps for SharePoint” in the left panel

Click “Upload” and select the “xoralia-spfx.sppkg” file and click Open

Select the “Make this solution available…” checkbox if you would like to deploy the Xoralia SPFX web part’s and ACE’s to every site on your tenancy, otherwise leave unchecked.

If you leave it unchecked you will need to add the app manually to each site.

Click “Deploy”.

We then need to approve Microsoft Graph API. To do that, you can use either Option 1 or Option 2.

Option 1

Go back to the SharePoint Admin Center and click “API access” in the left-hand side panel

Approve the “User.ReadBasic.All” and “Sites.Read.All” permissions. The “API access” window should then look like below:

Option 2

Visit https://portal.azure.com and go into the “App Registrations”

Click “All applications” and then click on “SharePoint Online Client Extensibility Web Application Principal”

Click the Ellipsis on the grey bar, then click “Add to configured permissions”.

Click “Yes, add”

Click “Grant admin consent for {{tenant}}”

Click “Yes”

Visit a page and click the edit button, then the “+” icon to add a web part. Type Xoralia in the search bar and the four web parts should appear

Add the web parts to the page to check that policies are rendered with no errors.

Add the All documents library web part to the page and configure the web part properties to make sure that policies are shown for at least one document library

Now we will add the Adaptive Card Extensions to the Viva Connections Dashboard. The dashboard is only available on the “Home” site.

For this deployment guide we will use the “Policies” site, however you should take some deliberation with the rest of your organisation in deciding what site is best served to show the Dashboard.

Go to the SharePoint Admin centre (*-admin.sharepoint.com) and click “Settings”. Then select “Home Site” then type out the root URL of the site you want to set the Home site as then click “Save”.

Visit the site you have selected as your “Home” site (in this case https://77gl5l.sharepoint.com/sites/Policies) and click the settings cog, then “Set up Viva Connections”.

NOTE: Sometimes it can take some time for this option to show up – try going in and out of Site Contents to force the option to appear

Click “Create Dashboard”

You will then be redirected to the Dashboard page, where you can add the ACE’s

Download user guide: Xoralia SPFX Installation Guide

Web part and viva add on package

Xoralia webparts and Viva adaptive card extensions

Xoralia web parts

Web parts are the core components that build value in any SharePoint intranet site. To keep your organisation using the intranet as a high-value resource, Xoralia provides 4 bolt-on web parts. These include:

All documents library web part

This web part displays all documents within document libraries that have been synced with Xoralia to allow the end user to browse. Note the document libraries must be selected to show by the Site Owner within the web part properties in order for the web part to work correctly.

Must read documents web part (targeted)

This web part is targeted to end users within the intranet and will show them documents that have been assigned to them to read.

Documents due for review web part (targeted)

This web part is targeted to end users within the intranet to show the user documents they have been assigned to maintain the validity of, and therefore shows them documents pending update or documents that have expired (review lapsed).

Org-wide documents due for review web part

This web part is most helpful for managers or the compliance team and displays all documents across all documents libraries and document owners in Xoralia that have expired.

Click here to view Xoralia web parts installation instructions >

Viva addon extensions

Viva extensions are a powerful tool that can help utilise productivity. Xoralia's adaptive card extensions deliver notifications directly to your Viva account, so that you never have to miss a thing! These include:

Must read documents VIVA extension card

This VIVA extension shows the user the documents they have been assigned to read and attest to.

Documents due for review VIVA extension card

This VIVA extension shows the user the documents they own that are pending their review.

Expired documents VIVA extension card

This VIVA extension shows the user the documents they own that have expired (review date lapsed).

Click here to view Xoralia extension card installation instructions >

Download user guide: Web part and viva add on package

Can’t see the Viva web parts in your page web part catalogue?

Can't see the Viva web parts in your page web part catalogue?

The issue is likely because the site or page you're trying to add the web part onto has not been set as a Home site by the SharePoint administrator. VIVA extensions are limited to only being available on Home sites.

See below instructions on how to make a site a Home site to allow for VIVA extension web parts.

1. Open SP admin center. Click settings > click Home site and add URL.

2. Once step one is complete, in the site, you should see 'Set up Viva Connections'.

3. Now click on 'Add a card' > Choose webpart / card > For configuration, click edit icon. Then click Republish.

4. In the main site, you can now edit the page and add webpart 'Dashboard for Viva Connection'

What is policy lifecycle management?

What is policy lifecycle management?

What is policy lifecycle management?

Policy lifecycle management can be defined as the successful management of a policy from the point at which it is created up to when it is updated to a new version or retired. This includes the processes relating to creating the policy, dissemination to employees, any employee attestation process required and then reviewing it before updating to a new version.

Policy lifecycle management often involves activities carried out by policy authors and owners, and then administrators who are managing the dissemination across the intranet or relevant site as well as the attestation process. Policy lifecycle management software can help with this process, automating many of the tasks.

What are the different stages in policy lifecycle management?

The policies in your organisation are very important – they guide decision-making, minimise risk, support everyday operations, uphold compliance across a variety of different areas and more. Policy lifecycle management is a critical activity in ensuring that your policies are kept up to date and everybody is accessing the latest versions, and that employees are aware of any changes made.

In this article, we’re going to look at what policy lifecycle management is, the different stages involved and how policy lifecycle management software can help.

What are the key stages in the lifecycle of a policy?

Let’s take a closer look at the ten stages involved in policy lifecycle management, particularly when policy lifecycle management software such as Xoralia is involved.

  1. Create the policy
  2. First, policy owners must create the policy. This is likely to be an offline process which can involve various different policy owners, stakeholders and owners. It’s likely to be done in a document format, and may have gone through several revisions. In particular, starting a new policy from scratch is not necessarily a rapid process.

  3. Upload the document to a library
  4. When a draft policy document is ready, it can be uploaded to a repository ready for dissemination. This is likely to be an appropriate document library within an intranet or SharePoint site, for example.

  5. Send the document for review and approval
  6. It’s important to check that the policy document is the correct version, so there will often be some review and approval workflow from appropriate stakeholders to make sure everything has been approved. In practice, reviews will likely have already taken place offline if a new policy has been created from scratch. However, if it is a new version of a policy with only some changes to confirm, then this review and approval workflow stage works very well.

  7. Document approved and accessible within the document library
  8. Once the document has been approved for organisational use, it will be displayed in the document library and given a suitable version control number, such as V2.0. Important additional information should also be displayed such as the date and the policy owner, as well as elements like the category. At the same time, the previous version of a policy will be retired.

  9. Distribute the document and trigger an attestation process
  10. With the document accessible, it’s now time to distribute the document to the entire organisation or to targeted groups; the latter could be reflected in your Active Directory.

    Distributing the new policy could be as simple as drawing attention to it through a communication, but there may also be a need for an employee attestation process whereby all employees must confirm they have read the new policy. This could be because it is important for internal or external compliance, or both. Using software like Xoralia, you can automate the attestation process, with every employee getting a notification and link to the policy and related confirmation form.

    You can also ensure that the attestation process is triggered for new starters, for example, who need to review a particular policy as part of their onboarding process.

  11. Review attestation status for each employee and chase if required
  12. It’s now time to review the attestation status for each employee and, if necessary, chase them to take action; policy management software will have in-built report to help with this.

    If an employee does need to be chased, it can be done through automated reminders if there has been no action after a certain amount of time or by a certain deadline, or a direct message from their line manager.

  13. View overall reporting and attestation status for each policy
  14. As more employees confirm they have read the policies, administrators and policy owners can then review the overall attestation status for each one.

  15. Meet compliance requirements and report for audit
  16. As admins view the overall attestation status of a policy, they can take action until everybody has confirmed they have read and understood it, meeting any compliance requirements. There should be some reporting to provide confirmation that the compliance has been met, to be used with external third parties for auditing and certification purposes.

  17. Review the policy
  18. Policies need to be regularly reviewed so they remain up to date. Ideally, a review period or date should be set to automatically prompt the owner to review the policy and see if it needs an update. At other times, there might be a trigger such as change in legislation or an incident that could prompt a review of policies. During its lifecycle, a version of a policy will go through multiple reviews.

  19. Retire and replace the policy
  20. A policy will eventually be replaced by a later version, or sometimes replaced entirely. The lifecycle is then complete.

Policy lifecycle management software can help

Managing policies involves a lot of administration and repeatable tasks, so software can make the process significantly easier to manage. Most policy lifecycle management software has been carefully designed to assist with each stage of the policy lifecycle. Let’s explore the different ways it can help.

Automate a multitude of tasks

Many of the tasks within policy lifecycle management can be automated: tasks like sending out reminders, checking to see if a policy has been read, ensuring policy owners and governing bodies review their policy and issuing version numbers can all be carried out through automation. This helps busy teams save time and be more productive, allowing them to redirect their day to more value-added and less mundane activities!

Provide reminders to owners and employees

One of the automated tasks that policy lifecycle management software helps with is sending out different notification reminders, both to policy owners to review their policies at regular intervals and to employees when a new policy needs to be read, as well as reminders if an employee hasn’t confirmed they have read a required policy. These notifications are essential in driving the lifecycle of the policy.

Scale the process

Checking for and sending out all these reminders and notifications is a nightmare to do manually, as anyone who has ever used a spreadsheet and email will confirm! It’s also a completely unnecessary administrative overhead. Policy lifecycle management software ensures your policy management is truly scalable.

Eliminate mistakes

Keeping on top of policy management versions and employee attestation processes is very fiddly, and errors are probable. Perhaps you missed out a group? Perhaps a version of a policy didn’t update on the intranet? Policy lifecycle management software does much of the heavy lifting and helps avoid mistakes and errors, reducing risk in the process.

Support reporting

Policy management software will automate all the reporting to track policy management, employee attestation and other related processes. Good policy lifecycle management software supports reporting for senior management, policy owners, system administrators and managers responsible for ensuring their division or team read a policy.

Support compliance

Collectively, the reporting, document versioning and audit trails around updating policies and employee attestation processes support regulatory and legal compliance needs, and are crucial to show a third party that you are doing everything you can to ensure employees comply with a policy, for example.

Provide access for everybody

Of course, policy lifecycle management software also ensures everyone has access to your policies, ideally via your intranet or similar employee portal.

Using Xoralia for policy management

Xoralia is a dedicated policy lifecycle management solution based on SharePoint that can help with everything we have described above, supporting you through every stage of the policy management lifecycle. Want to find out more? Then book a demo!

Book a live demo

Find out more about Xoralia policy management software

During the demo, we'll walk you through Xoralia’s various features and functionality, providing plenty of time for you to ask our experts questions along the way.

Book a demo
PHP Code Snippets Powered By : XYZScripts.com

We use cookies to give you the best experience on our site. By continuing to use our website, you are agreeing to our use of cookies. To find more about the cookies, please see our Cookie notice

You can also read about our Privacy policy

Contact Support

If you have a question about Xoralia software, please fill out the form below and a member of our support team will be in contact with you shortly.