How Xoralia accesses your information

How Xoralia accesses your information

Xoralia uses a Microsoft verified Entra ID Enterprise Application to communicate with your Microsoft 365 tenant. Our Enterprise Application uses a mix of delegated and application permissions, which we describe below.

During installation, you will be presented with a permission request like below. This details each of the permissions that Xoralia requires to carry out it’s operations. These permissions are not individually configurable and are required to be accepted by a Microsoft 365 Global Administrator (or Entra Administrator) for Xoralia to work correctly.

Delegated permissions are a type of permission that requires a signed in user to be accessing the application and the operation will be performed on behalf of that user. For example, a delegated operation might be to view a list of files from a SharePoint site – Xoralia will perform this as a delegated query and will query that information as the logged in user, meaning it will only display information to the user that they have access to from that SharePoint site.

Application permissions are a type of permission that does not require a signed in user and will allow the Xoralia application to perform operational and service level tasks without user interaction. An example of this is a library synchronisation that Xoralia performs every 10 minutes to check for updates in SharePoint document libraries.

Xoralia requests the following Microsoft Graph permissions:

    • Send a teamwork activity as the user

        • Type: delegated

        • Reason: Used by our Microsoft Teams app to send notifications to users

    • Sign in and read user profile

        • Type: delegated

        • Reason: Allows the user to sign in to Xoralia and access information within Xoralia

    • Have full control of all site collections

        • Type: delegated

        • Reason: Allows Xoralia administrators to associate libraries to Xoralia to which they have access. Also allows users to read documents within Xoralia to which they have access.

    • Send a teamwork activity to any user

        • Type: application

        • Reason: Used by our Microsoft Teams app to send notifications to users

    • Read all users’ full profiles

        • Type: application

        • Reason: Xoralia allows document owners to target documents to users. This permission allows Xoralia to view users inside of your Microsoft 365 tenant to know which users are to be targeted.

    • Send mail as any user

        • Type: application

        • Reason: As a Xoralia adminstrator, you can set which email address should send notifications (such as must read and expiry notifications). This permission allows Xoralia to do that.

    • Read all groups

        • Type: application

        • Reason: Xoralia allows document owners to target documents to groups. This permission allows Xoralia to view groups inside of your Microsoft 365 tenant to know which users are to be targeted.

    • Read all group memberships

        • Type: application

        • Reason: Xoralia allows document owners to target documents to groups. This permission allows Xoralia to view groups inside of your Microsoft 365 tenant to know which users are to be targeted.

    • Create, edit, and delete items and lists in all site collections

        • Type: application

        • Reason: Xoralia can create libraries and add meta data columns to associated libraries when an Xoralia administrator triggers that action. This permission allows that control – Xoralia will only ever create libraries when a Xoralia administrator requests so and will never use this permission for any other action. This permission is also used by the Xoralia sync process to update library and document information.

    • Read installed Teams apps for all users

        • Type: application

        • Reason: Allows Xoralia to find the Teams app inside of your tenant to send targeted notifications to users (such as Must Read notifications)

You can limit who can access Xoralia by going to Enterprise Applications within Microsoft Entra ID and opening the Xoralia Policy Management app. Once you have this open, select properties and enable the ‘Assignment required?’ option. Save this property and open the ‘Users and Groups’. With this setting enabled, only users and groups listed here will be able to access Xoralia. Add your users and groups here using the ‘Add user/group’ option.

Xoralia 3.0 release notes

Xoralia 3.0 release notes

Highlights of this release:


Line Managers dashboard

Xoralia’s Manager dashboard works using your Microsoft365 Active Directory. For individuals who manage a team and are specified with the Manager field of their teams User profile, Xoralia’s new functionality will allow manager’s to check their teams attestation records and compliance information!


Global search (across all document libraries)

We understand users often don’t know where documents live and their appropriate library. To resolve this issue we have implemented a global search in our new navigation. This allows users to search for partial or full document titles and the results allow them to further refine via filters such as Tags and by Document Contact.


User centric navigation

Xoralia has a re-vamped navigation. Previously the application has required its users to navigate to find documents by first selecting a document library, however our new navigation provides every user with a targeted, more user-centric, consolidated library – “Documents I must read”. This new landing page provides a more useful view, providing the ability to see all outstanding attestations across all document libraries in one view.


Urgent indicator for overdue reads

Building upon our new “Documents I must read” landing page, Xoralia has a new indicator within the navigation to highlight when any attestations are overdue.


Browse by library

Understanding that users may still want to be able to browse documents by library – whether they’re documents requiring attestation or not – the browse by library feature is here to stay, too. Document libraries can be accessed via our ‘quick access’ buttons that display within the My reads section. There is also a dropdown option within the navigation that will show all libraries synced with Xoralia to the user.


Document governance (the new Documents you manage)

“Documents you own” has been re-named to “Document governance”, and what was formally known as “All my documents” is now called “My libraries”. Similarly to our navigation re-structure, My libraries now allows for a simpler method to move through libraries where you are a Document Owner.

“Documents due for review” and “Documents that have expired” have been condensed into one area, “Documents due an update”, and now to quickly identify expired documents Xoralia will show a red exclamation mark next to the documents with an expiry date in the past.


A consolidated ‘Assigned documents’ area

To manage and check the information on documents that have been assigned more quickly, our new navigation contains “Assigned documents” where assigned documents across all libraries will be shown to their respective Document Owners.

Document controls in ISO 9001: meeting the requirements

Document controls in ISO 9001: meeting the requirements


ISO 9001 is one of the most important and popular international standards. It helps organisations demonstrate their commitment to quality management and have all the right processes and approaches in place to make it happen. Each year hundreds of thousands of companies around the world seek certification in ISO 9001 and go through the required audit process.

One element that is critical for ISO 9001 is having the right documents and related controls in place to support quality management processes. But implementing document controls and demonstrating that they are in place is not always straightforward and realistically organisations may need to invest in additional software to support ISO 9001.

In this post we’re going to explore what needs to be done to get the right document controls in place for ISO 9001. First, we look at what ISO 9001 and why it’s so important. We then look at the specific requirements around documents controls in ISO 9001 and some of the associated challenges. Finally, we look at how policy management software like Xoralia can help.

What is ISO 9001?

ISO 9001 is the international standard for Quality Management Systems (QMS) and helps to define what needs in place to achieve certification. The standard recognises organisations that take a process-led approach to quality management in order to consistently provide products and services that meet both regulatory and customer requirements.

ISO 9001 is published by the International Standards Organisation (ISO), with the current version dating from September 2015.

Why is ISO 9001 important and what are its benefits?

ISO 9001 is a major standard with over two million organisations worldwide certified. It is critical for many organisations as it recognises their commitment to quality, which is important to customers, suppliers and regulators; some successful commercial relationships may even be conditional on ISO 9001 being in place. The fact that the standard is recognised across borders also makes it essential.

ISO 9001 is particularly important for sectors such as manufacturing, construction, technology, engineering, healthcare and more.

Beyond certification, implementing ISO 9001 has major benefits in helping to establish the quality of goods and services, driving efficiency, supporting good customer service, minimising risks, standardising approaches, providing clarity for staff over specific processes and more.

What is document control in ISO 9001?

Documents play a crucial role in the life of organisations. Documents contain details of policies and related information. They provide records of decisions that have been made. Documents represent the “official” line of what to do and are everyday essential reference points for employees.

Within a Quality Management System there is an emphasis on doing things in a particular way to guarantee quality. But employees will need to have access to the right documents with the right information at the right time. Unsurprisingly in ISO 9001 there is an emphasis on having document controls in place to ensure that any relevant documents are up to date, have accurate information, are accessible an dmore.

The need to have “documented information” and the control of documented information are specifically referenced in the standard and is therefore an area that organisations must address in able to get certified.

What ISO 9001 document controls need to be in place?

The ISO 9001 standard is very detailed and requires a lot of very specific actions to gain certification. The area relating to documented information and document controls are covered in section 7.5, and points 7.51 to 7.53. Richard Keen at Endeavour Technical provide a very helpful overview of these sections of ISO 9001, detailing what the standard requires relating to document controls.

In essence it covers the documented information that you need to maintain and retain for ISO 9001 documented information, and additional needs such as the importance of staff fully understanding the type of documents that need to be controlled and how.

Clause 7.5.3 is specifically dedicated to the “Control of Documented Information” and includes (among other things) the need to:

  • Have controls in place to approve, review, update, identify changes and provide access to relevant documents , effectively all through their lifecycle.
  • Make relevant documents available at the point of use.
  • Have a suitable format to for the documents.
  • Provide adequate protection and security, including access control.
  • Have the right approach to document retention in place.
  • And more!

What are some of the challenges with document control in ISO 9001?

Maintaining document controls is not always as straightforward as it should be with some associated challenges. These challenges are relatively common in organisations but organisations seeking ISO 9001 accreditation needs to show that they are tackling these.

Challenges include:

  • Lack of formality and clarity: Stakeholders simply aren’t clear on what needs to be done relating to document controls, sometimes because there are no formal procedures available or they are too loosely applied. Clearly ISO 9001 requires a far more formal approach with clarity over what everybody needs to do.
  • Lack of buy-in: Some stakeholders within the business don’t fully buy-in for the need for document controls so don’t manage their documents in the way that they should.
  • Version control: Version control is not consistently applied so there can be multiple versions of the same document in circulation, with some that are out of date, and confusion about which is the latest one. ISO 9001 cannot be applied when there are multiple versions of documented information.
  • Access control and security: Access and security controls are not fully applied to documents, usually unintentionally. The ISO 9001 standard requires security and access control to be addressed.
  • Documents not up to date: Document owners don’t keep their documents up to date, either because they have forgotten to or don’t see it as a priority.
  • Documents are not easily available: Documents are not easily accessed by the people who need to reference them, often because there is no established or trusted central repository. ISO 9001 requires documents of controlled information to be readily available at the point of use.
  • Changes are not recognised: Even if changes are made to a document – for example to a policy or a procedure - then this is not communicated or recognised by the people who need to know about what that change is.
  • There is no approval process in place: Some documents should have an approval process in place but this isn’t there either because it is not clear who the approver should be, or the workflow relies on sending the right emails which isn’t very reliable. ISO accreditation would need to cover approval of the relevant documents.

How can policy management software help with ISO 9001 document control

Policy management software can help with many of the general challenges associated with controlling documents must be addressed for ISO 9001 certification. For example, a robust policy management software solution like Xoralia:

Additionally, investing in a solution like Xoralia helps to demonstrate that you are doing what you can to put the right documents controls in place for ISO 9001. It also provides clarity for both documents owners and staff to they know what they need to do to support ISO 9001 and reflects its importance, ensuring all stakeholders pull their weight.

How Xoralia helped LifeArc achieve ISO 9001 accreditation

When LifeArc needed to establish ISO 9001 accreditation they needed a quick solution to urgently improve the access employees have to information security policies and procedures. With a rapidly approaching ISO 9001 audit, LifeArc urgently implemented Xoralia and got it live within 72 hours, helping them to achieve certification. You can read more in the LifeArc case study.

Document controls for ISO 9001 accreditation

Having the right document controls in place is critical for ISO 9001, but there can be associated challenges that are experienced by many organisations. Investing in policy management software like Xoralia can make a huge difference in establishing the right document controls and get you on the path to achieving ISO 9001 accreditation.

Why not book a free demo of Xoralia or get in touch with us to discuss your needs?

Book a live demo

Find out more about Xoralia policy management software

During the demo, we'll walk you through Xoralia’s various features and functionality, providing plenty of time for you to ask our experts questions along the way.

Book a demo
PHP Code Snippets Powered By : XYZScripts.com

We use cookies to give you the best experience on our site. By continuing to use our website, you are agreeing to our use of cookies. To find more about the cookies, please see our Cookie notice

You can also read about our Privacy policy

Contact Support

If you have a question about Xoralia software, please fill out the form below and a member of our support team will be in contact with you shortly.