Get in touch

Author: Dan Hawtrey

Top 10 policy management best practices

Posted on by Dan Hawtrey

Top 10 policy management best practices


Blog / Top ten policy management best practices

17th April, 2024 | By Dan Hawtrey

Policy management across an organisation is not always straightforward and can actually be very challenging. There are often multiple business functions involved. There might be confusion about who needs to be doing what in keeping their policies up to date. And even if they do, there may not be an easy way for employees to access and find the policies they need. Overall, the approach to policy management is usually ad hoc and informal and inevitably things fall between the cracks.

Policies aren’t always the most interesting documents to keep up to date or to read. But they are essential in minimising risks, ensuring compliance, and empowering managers and employees to make decisions to enable smooth day-to-day operations. If policy management is broken in your organisation and is exposing you to risks, then it’s time to take some steps.

In this post we look at ten essential best practices that will result in better policy management and can be the start of a more successful approach to managing your policies.

1. Always ensure you have a single source of truth for policies

A perennial problem with policy management is that there is more than one version of a policy circulating. Nobody knows which is the right version, and it is possible that employees will follow out of date guidance. Ultimately having multiple versions of policy documents in circulation not only increases risk but also means employees lose trust in policies and take them less seriously.

Always ensure that you have a single source of truth for your policies. Publish them in only one place and use robust versioning to ensure that when a policy is updated, the new version is the only one available to view. If possible, avoid emailing policies as people will then continue to refer to these without knowing if a policy has been superseded.

2. Establish crystal clear ownership around policies

One of the main reasons that policy management falls down is that there isn’t clarity around who owns a policy and is responsible for updating it. When there isn’t a named person then it policy updates can all too easily get forgotten, everyone assuming that it is someone else’s responsibility. This can even happen within a department; if the “HR department” is set as being the owner of a policy, then updating it can still get missed.

Successful policy management requires clear ownership of policies and what this means in terms of responsibilities. Every policy needs to have a named individual or individuals who own it, and further clarity about who should be updating it and when.

3. Write your policies so that they are clear and digestible

Policies are principally there to be followed, providing essential guidance for employees to support the right actions and decision-making. However, if a policy is written as a twenty-five-page document with very dense text and lots of legal jargon it is highly unlikely that people are going to get past the first couple of paragraphs.

Always write your policies so that they are clear and digestible, so they can actually be followed. Consider also tailoring a policy to different groups – for example translating it into a particular language or having a shorter version for frontline staff that can be more easily digested on a mobile phone.

We do understand that some policies are primarily created for legal and compliance purposes and do sometimes need to be written in legal style, but if this is the case, always create additional guidance that is clear, so employees can easily follow what they need to do.

4. Leverage automation where you can

Managing policies can involve a lot of manual administrative work. For example, somebody might need to remind policy owners to update their policies and then monitor to see who has done it. They might have to track if new hires have read a particular policy as part of their onboarding process and then chase those up who haven’t.

In the past people have had to rely on using emails and spreadsheets, which is inefficient, time-consuming and generally a miserable experience. The administrative overhead involved also means that many organisations cut corners and the approach to policy management is ad hoc or simply doesn’t happen.

Many policy management software solutions have automated features that do much of the heavy lifting around administration, making life easier for policy teams and saving huge amounts of time. Using automation can make policy management much easier, helping remind and track both policy owners and employees on what they need to do.

5. Use employee attestation to support compliance

Policies play an important role in supporting compliance and minimising risk. Employees may be required to read particular policies as part of an onboarding process when they first join, or as an annual process. Sometimes policies are updated, and employees need to digest and understand the change. In some regulated industries it is also necessary to prove to an external body or auditor that there is a process in place to ensure that employees read policies in this way.

The only reliable way to achieve all of the above is through an employee attestation process. This works by an employee acknowledging that they have read and understood a policy, and then having reporting to track progress. This is best achieved through a policy management solution like Xoralia where much of the attestation process is automated and additional features such as personalisation, content targeting, notifications, granular reporting and even additional custom questions help to ensure success and high rates of compliance. The results can even be shown to external regulators and certification bodies.

6. Put in the right approval and review processes

Policies have to be watertight; they must be accurate and up to date. Putting in the right approval and review processes can help ensure this happens. New policies and substantial changes to existing policies should always be reviewed and approved by the necessary stakeholders. Having a regular, diarised review process in place – for example every six or twelve months – can also help ensure that a policy is to date.

Good policy management software should help with both these, using appropriate approval workflow as part of the content management process, as well as automated review dates and reminders for regular reviews.

7. Make your policies easily accessible and findable

Policies are largely pointless if users cannot easily find and access them, ideally at the point of need. Employees are simply not going to waste time on looking for policies that are difficult to locate – they need to be able to find them quickly, with minimal effort and on their preferred device.

The standard way to make policies easy to find is by creating a central policy library where employees can access policies.  Most policy management solutions will deliver this, but it doesn’t mean they can then easily find that they need.

With Xoralia we leveraged the powerful Microsoft Search so employees can find what they need through both a general search but also a dedicated policy search. There is also the ability for employees to filter using custom tags to define departments or themes using familiar language specific to your organisation. Because Xoralia is built on SharePoint it also means your policy library can be easily integrated into your SharePoint-based intranet or reached via Microsoft Teams, removing all barriers to access and findability.

8. Standardize naming and numbering

It really helps to standardise the naming and numbering conventions on your policies to drive consistency, so that everyone knows what the policy is, who it is aimed at and if it is the latest updated version. This is important when you have a different policy on the same topic for different locations; for example, there may be an expenses policy for the UK and one for Germany. Reflecting this in the title can help ensure that an employee is confident they have the right document. Having the right title is also key for findability, as this will be displayed in the search results.

9. Use personalization and notifications to communicate changes

One of the most challenging aspects of policy management is communicating changes to employees. It’s hard enough to get their attention for general updates, let alone about a change to a Health & Safety policy. Using elements such as personalisation and targeting, and sending meaningful notifications can make it easier to communicate changes.

For example, an employee might enter your policy library or even your intranet and see a personalised list of the policies they need to read or where there have been changes of note. They might also receive an email reminder of a policy that they need to have confirmed they have read by a certain date. Again, these are all good practices which powerful policy management solutions like Xoralia support.

10. Make life easy for your policy owners

Perhaps this is less of a best practice, and more a general point. Policy owners are usually very busy people with a lot of things on their plate. Making life easier for them by helping them keep their policies up to date will generate both goodwill and the necessary actions.

Using automated reminders, personalised views that display the list of upcoming policies to review, and reporting that shows policy views and mandatory read confirmations, will all help in the overall policy management process.

Following policy management best practices

Following best practices to support policy management is important. Policy management software like Xoralia can help do much of the heavy lifting to help you follow best practices such as establishing one source of truth for policies and making them easily findable and accessible.

Why not arrange a free demo of Xoralia to see how it can help improve policy management in your organisation?

Book a live demo

Find out more about Xoralia policy management software

During the demo, we'll walk you through Xoralia’s various features and functionality, providing plenty of time for you to ask our experts questions along the way.

Book a demo

7 reasons to use SharePoint for policy management

Posted on by Dan Hawtrey

7 reasons to use SharePoint for policy management


Blog / 7 reasons to use SharePoint for policy management

10th January, 2022 | By Dan Hawtrey



Pushing out mandatory policies and tracking reads is perhaps the most requested feature in policy management. But before we get into that, let’s look at the other commonly requested features and examine how SharePoint (and Office 365) addresses these.

Having one source of truth for key policies, procedures, forms and other key organisational documents is important. Employees and managers need to regularly access information such as your staff handbook, IT usage policy, holiday request process, social media guideline or supplier due diligence checklist and more and be confident that these are accurate and up to date. In regulated industries such as financial services there can also be strict guidelines for interaction with customers or processes which must be followed to reduce risk.

Most organisations provide access to policies via their intranet but all too often these are:

  • Scattered across different department sites and are hard to find
  • Do not get updated with the very latest version
  • Simply do not get read, even if they are mandatory to read
  • Are not trusted by employees so they request a copy or rely on a version on their own file network or inbox, that may not be up to date.

Policy management is important. Not managing your policies and procedures carefully or making them easily available in one central place leads to risks for organisations and individual employees, as well as inefficiencies. Sometimes it can also be an requirement for industry regulators or other external third parties, and may even be the subject of an external audit.

Seven reasons why SharePoint policy management is the best approach

If your organisation is using Microsoft 365 or SharePoint on-premises, then it makes sense to leverage the power of SharePoint to help better manage your policy documents.

1. SharePoint is likely to be your existing and secure document management solution

If you use SharePoint or SharePoint Online, then that is likely to be at the root of how most people manage documents their documents and files in your organisation. Documents can be easily shared, collaborated on and there is also effective version control, meaning that you can avoid issues such as duplication and ensure there is one source of truth; this is a critical factor in manging your policies. Leveraging SharePoint for policy management also means that your existing users will be already familiar with the system in place used for managing documents. Of course, SharePoint will also be fully secure.

2. You can automate lifecycle management processes

Lifecycle management is absolutely key to successful policy management. For example, you need to make sure that policies have owners who regularly review the documents they are responsible for. SharePoint is excellent from this perspective and you can leverage its integration with Active Directory as well as Power Automate (Flow) to create clear ownership, notifications and workflow to ensure polices are kept up to date and also create views that show admins the status of policies.

3. You can get a complete audit trail

As well as lifecycle management you can also get a complete audit trail of updates to your document, showing when and by whom. This transparency is very important for minimising risks, underpinning accountability, and even for external auditing purposes.

4. You can easily provide access to all

It is critical to provide easy access to policies for your employees. As most organisations already use SharePoint for their intranet or for communication sites, it is easy to integrate a policy document library into the channels that employees already have access to.

5. You can integrate it into your search

Policies also need to be findable and discoverable. Again, most organisations are leaning in on SharePoint or Microsoft search options to allow employees to find what they need. Using SharePoint for policy management means that these documents will be included in your main search, perhaps through the intranet.

6. It can integrate with your wider Microsoft 365 ecosystem

If you are on Microsoft 365 you will likely be using a wide variety of different collaboration and communication tools such as Yammer, Microsoft Teams, Outlook and SharePoint team sites. The obvious integration between a SharePoint-based policy library and the rest of the Microsoft 365 platform means it’s easy to embed and share key policies from the library in the places where every day work happens.

7. You can track usage and get data

Using SharePoint for policy management means it is also possible to track usage and get data on different policies, for example numbers of views or when they were last updated. By leveraging integrations with Active Directory and PowerBI you can also start to create reports and track critical data such as whether a mandatory document is being read and by whom.

But what about mandatory policies and tracking reads? Introducing Xoralia Policies

Overall, using SharePoint for policy management is the way to go. Having deployed many policies libraries on SharePoint and intranets over the years, we decided to combine all our knowledge into an app which can help customers fast track to a secure, user-centric and robust policy management library.

Xoralia Policies is a brand-new app designed, developed, and managed by Content Formula. It provides organisations using Microsoft 365 and SharePoint Online a quick-to-deploy central policy library than can be accessed via a SharePoint-based intranet or SharePoint site. Xoralia Policies can also be installed by on-premises SharePoint customers.

The app is a simple but complete solution that provides:

  • Easy, central access to the latest version of organisational policy and procedure documents for all staff
  • Robust policy management with assigned content owners and regular reviews across different departments and functions
  • The ability to track the progress of mandatory reads for particular documents, as well as other useful analytics
  • All you need for auditing purposes.

Main features

1. An attractive, central policy library

Xoralia Policies acts as a central policy and procedure library that can be reached via a SharePoint-based intranet or via a SharePoint site, such as a communication site. When accessing Xoralia Policies users are presented with an attractive and intuitive interface that has been designed to help employees find that they need.

Each policy is listed with salient details including the title, the owner, the document format, the date it was last updated and any related instructions, such as whether it must be read. These instructions are personalised to the user. A handy summary at the top of the page also lets a user the number of policies that they have to read.

2. Complete auditability

Organisations may need to demonstrate to regulators or other external bodies that they both have robust processes in place to manage their policies but also that all employees have read policies that are considered to be mandatory. Xoralia Policies leverages the power of SharePoint to provide a complete audit trail of document changes, and also shows clear review policies in place with the ability to track these. This should satisfy both your own internal and external auditing requirements.

Xoralia Policies also has the ability to ensure employees are carrying out mandatory reads. If a policy is mandatory to read, employees can access the document within the app and then make a simple declaration confirming once it has been read. In-built analytics show policy owners and admins the percentage of those who have read the policy.

3. Robust policy management with automated notifications

At the heart of Xoralia Policies are robust policy management features to ensure that documents are kept up to date and your library remains the one source of truth for policies. Each policy has an identified owner and a defined regular review period.

Notifications ensure that owners are reminded to review the policies they own; Xoralia Policies also has a simple dashboard that shows a policy owner their policies that are due for review or have expired. Transparent ownership and review information displayed on each policy also encourages accountability.

4. Analytics for mandatory reads and more

Xoralia Policies also comes with powerful analytics. Xoralia Policies shows policy owners the percentage of users that have read a policy, while administrators can access a more detailed analytics dashboard showing the status of all mandatory reads as well as other salient analytics relating to document status, for example. There are options to use Power BI for more detailed and custom reporting.

These analytics can help teams to prepare for audits, making interventions where necessary, but also get a better understanding to building engagement with employees.

5. Strong findability

Findability is critical. Employees want to be able to find the right policy quickly and effortlessly. The app includes a strong search facility where an employee can enter keywords to find the policy they are looking for. Additionally, employees can filter by different categories including mandatory and non-mandatory reads, the function who owns the policy (IT, HR, Legal etc.) as well as custom tags defined by you.

6. Easy set-up and deployment

The app is quick and straightforward to implement. Because Xoralia Policies can be applied to an existing SharePoint library it means you can convert an existing policy library to the app. It can also be deployed from within any SharePoint intranet or other SharePoint site. Simplified Policies takes a few days to implement. Content Formula can handle the whole implementation or work in partnership with your IT function to deploy the app.

7. Options for customisation

If you have special requirements around managing and presenting your policies, there are options for customisation. Call us to discuss.

SharePoint is made for policy management

When it comes to managing your policies and ensuring your employees can find and access them, SharePoint is a strong option. If you’d like more information about using SharePoint for policy management or about Xoralia Policies, and would like a product demo then get in touch!

Book a live demo

Find out more about Xoralia policy management software

During the demo, we'll walk you through Xoralia’s various features and functionality, providing plenty of time for you to ask our experts questions along the way.

Book a demo

What is SOP management software and how does it help?

Posted on by Dan Hawtrey

What is SOP management software and how does it help?


Blog / What is SOP management software and how does it help?

14th February, 2024 | By Dan Hawtrey

Standard Operating Procedures (SOPs) provide important guidelines for employees on how to complete key activities. Multiple organisations across different sectors are reliant on employees correctly following SOPs to enable smooth day-to-day operations. However, there can sometimes be associated challenges, including ensuring that employees can access all the SOPs they need, and all that SOPs are up to date. Here, SOP management software such as Xoralia can make a huge difference.

In this post we’re going to do a deep dive into Standard Operating Procedures (SOP) and how to manage them. We’re going to cover what SOPs are, some typical examples of SOPs and the typical challenges that teams can encounter. We then cover what SOP management software is, how it can help overcome some of the issues in managing SOPs, and the particular features in Xoralia that help.


What are Standard Operating Procedures (SOPs)?

A Standard Operating Procedure (SOP) is a set of instructions and guidelines that provide the clear and authoritative detail around how to carry out particular activities and tasks. An SOP can often be very detailed, for example establishing a number of steps on what to do.


Why are SOPs important?

SOPs bring a lot of value to organisations. They can help to:

  • Ensure smooth day to day operations.
  • Drive efficiency and minimise risk, for example ensuring processes are carried out safely.
  • Standardise processes across larger organisations.
  • Help show external authorities such as certification bodies and professional associations that particular standards are being met.
  • Help employees learn about and train in particular processes.
  • Provide clarity and precision to decision marking and employee actions.
  • Be a structured way to manage changes to operating procedures, so employees get to know about the change.

What is SOP management software?

SOP management software is a family of applications that help organisations to manage and distribute their SOPs, often doing much of the heavy lifting around administration, content management and access, while also reducing many of the associated challenges.

SOP management software can be considered as a type of policy management software. For example, a SOP management software solution like Xoralia can also be used to manage more general policies too.

What is different between managing SOPs and managing policies?

There are lots of similarities between managing SOPs and managing more general policies. However, there are some particular characteristics of SOPs that do make some of the challenges more pertinent. For example, SOPs tend to be more detailed than some general policies, have more regular changes that need to be digested by employees, and need to be referred to more often. They also need to be accessed from anywhere, for example when employees are out in the field or by frontline employees working in a factory.

What are some typical examples of SOPs?

There are many examples of SOPs across multiple industries, for example:

  • Handling and escalating a customer complaint in a call centre.
  • Regular maintenance of a piece of heavy machinery in a factory.
  • Discharging a patient from hospital.
  • Doing necessary background checks on a new customer.
  • Auditors signing off on a set of accounts.

All of these processes and many more may be captured in SOPs.


What are some of the challenges with managing SOPs?

There are a number of particular challenges associated with managing SOPs.

Real-time access for everyone from anywhere

SOPs can relate to multiple business processes and areas so it very likely that everyone in an organisation will need to have access to your SOPs. Moreover, an employee will often need access when they are carrying out a particular activity. This could apply when they are off-site, or in a facility where there is not easy access to a desk.

Creating real-time access to SOPs from anywhere and at any time is not always straightforward, particularly if when there are frontline employees relying on mobile devices or if some SOPs are particularly sensitive with stringent security requirements.

Multiple documents with multiple versions for multiple different roles

Because SOPs can cover so many different processes and get updated regularly it can mean that there are often multiple versions of a SOP. Moreover, there may also need to be variations of a SOP dependent on the audience – for example, procedures might differ from country to country due to regulatory difference, or a SOP might need to be in multiple languages. Moreover, some SOPs are specific to different roles.

Finding the right SOP can therefore be an issue leading to multiple versions being in circulation with users struggling to know if they have the very latest version and the one that is relevant to their role and location. At best this is confusing, at worst highly risky, if employees follow the wrong procedures detailed in a SOP that has been superceded.

Managing frequent changes

SOPs focus on the detail around operations. There are potentially a lot of frequent changes to each SOP which means it can be hard for policy owners to keep everything up to date. It can be equally difficult for employees to keep on top of any changes, as well as know which is the latest version of a SOP they are accessing.

Communicating some changes and not others to the right people

SOPs are not documents that are kept up for the sake of it – they are there to be used – and it’s important to keep employees up to date about any changes. Ensuring these are communicated to employees is essential – but actually how you communicate that effectively is difficult – and also knowing which changes to communicate about is also key. Not every minor amendment will need to be communicated, for example.

Showing external parties that SOPs are managed but also understood

Sometimes it’s important to show to external third parties that you take a robust approach to managing your SOPs. For example, this could be a certification body that is performing an audit for ISO 27001 or a professional regulator who wants to know about your approaches to risk, learning and more. But sometimes just saying that you have SOPs in place is not enough and you need to demonstrate that you have a robust, systemic approach to managing and accessing SOPs. This is not always straightforward to show – having a solution with employee attestation reporting can help and shows intent.

Multiple SOP owners across the organisation

Managing SOPs can involve many people across your organisation who either contribute to or own an SOP. Having so many people involved from a wide number of different business functions can be challenging. Some may not always keep their SOP as up to date as they should do, while who is involved will change frequently as people move to new roles or leave your organisation. Sometimes an SOP might be owned by a team but it’s not always clear which member of that team is ultimately responsible, and updates get forgotten.

Inevitably this means SOPs get out of date or are not properly looked after, and central teams hoping to maintain a place for SOPs to be made available will have their work cut keeping on top of everything.

Not integrated into your wider digital workplace

SOPs need to be accessible for all employees at the point of need. However, sometimes they are not available directly in the flow of work or easily findable because they are housed in a repository that is not integrated directly into the wider digital workplace, likely to be based on Microsoft 365.

This creates barriers to accessing SOPs – for example, if your SOPs are kept in a separate database that requires another log-in, it means users may not be able to find SOPs in their main enterprise search. They also may be deterred from accessing them as they have to authenticate, and any view may be not optimised for mobile access.


How can SOP Management software like Xoralia help?

A SOP management solution like Xoralia can help with many of the challenges associated with Standard Operating Procedures.

A central SOP library available anywhere, anytime

One of the most important elements of using SOPs is to have one place that employees can easily access all SOPs. Xoralia leverages SharePoint to establish a clear, trusted SOP library that can be reached by any employee with a Microsoft 365 license. SOPs are available from anywhere and at any time, including from mobile devices, meaning they can be reached at the point of need, from the office, out in the field, on the factory floor and working from home.

Seamless integration with your Microsoft 365 digital workplace

Xoralia provide a central place to find and manage SOPs that is easy to access and even easier to use. Because the solution is based on SharePoint it means your SOP library is seamlessly integrated with your Microsoft 365-powered digital workplace and therefore can be accessed via Single Sign-On and potentially from your SharePoint intranet and Microsoft Teams. This means SOPs are available in the flow of work with an experience that is also optimised for mobile.

Excellent findability via search and custom browsing plus personalisation

Good findability is critical for distributing SOPs. If an employee can’t easily find the right SOP they may give up or end up missing the right item. Xoralia has excellent findability, allowing for SOPs to be integrated into your wider Microsoft search, as well as using custom tagging and metadata to both search and browse within the SOP library using meaningful terms and parameters, such as by department or owner. The experience is also personalised so employees can find the SOP that is relevant to their location, role and language.

Version control and targeting that scales

Xoralia has built in version control based on SharePoint, eradicating many of the challenges associated with having multiple versions. Crucially this is version control that also scales, taking into account the volume of SOPs and changes that can happen in busy, complex and global organisations.

SOP lifecycle features to support multiple stakeholders

Managing SOPs is not always carried out in time by busy, maxxed-out policy owners, or where there is ambiguity over ownership. Xoralia has built-in SOP lifecycle features to help policy owners providing clear ownership for policies with the appropriate access control, automated notifications and workflow to regularly review policies, clear views and reporting for owners so it easier for them to manage their policies and more.

A solution like Xoralia not only makes it easier for policy owners to manage policies, but also motivates them because they know employees trust and use the SOP library, and also establishes some accountability.

Robust ways to communicate changes to targeted groups

One of the most challenging aspects of managing SOPs is how to ensure that employees are made aware of any relevant changes. Xoralia does much of the heavy lifting here, leveraging existing Microsoft 365 groups and profile data to provide targeted notifications and views of SOPs that have changed, as well as employee attestation features where employees must acknowledge they have read and understood a SOP.

Flexibility and built-in automation within Xoralia also means you can decide when to issue a significant update to a particular group rather than multiple minor changes within a SOP. You can also “set and forget” by automating the communication around employee attestation for a SOP, for example repeating on an annual process or for new joiners.

Employee attestation features that ask additional questions

Sometimes it is necessary to go further than ask employees just to acknowledge they have read a SOP – you also need to know they have truly digested its contents or the relative change. Xoralia has built in additional quiz questions so you can also test whether a user has understood the SOP contents, helping to truly embed change.

Data analytics and reporting

Metrics, analytics and reporting are essential for managing SOPs and the associated employee attestation process effectively. Xoralia has robust data analytics and reporting – for example, a new report allows line managers to see which mandatory SAPs have been read and understood by their team. This reporting can also be extremely valuable in demonstrating your robust approach to SOP management for external third-parties in processes such as ISO certification.


Need help with managing your Standard Operating Procedures? Arrange a Xoralia demo!

We know how important managing SOPs is, but it can be tricky. A solution like Xoralia can reduce the challenges, save time and do much of the heavy lifting. Why not arrange a free Xoralia demo to see it in action?

Book a live demo

Find out more about Xoralia policy management software

During the demo, we'll walk you through Xoralia’s various features and functionality, providing plenty of time for you to ask our experts questions along the way.

Book a demo

Document controls in ISO 9001: meeting the requirements

Posted on by Dan Hawtrey

Document controls in ISO 9001: meeting the requirements


Blog / Document controls in ISO 9001: meeting the requirements

25th January, 2024 | By Dan Hawtrey

ISO 9001 is one of the most important and popular international standards. It helps organisations demonstrate their commitment to quality management and have all the right processes and approaches in place to make it happen. Each year hundreds of thousands of companies around the world seek certification in ISO 9001 and go through the required audit process.

One element that is critical for ISO 9001 is having the right documents and related controls in place to support quality management processes. But implementing document controls and demonstrating that they are in place is not always straightforward and realistically organisations may need to invest in additional software to support ISO 9001.

In this post we’re going to explore what needs to be done to get the right document controls in place for ISO 9001. First, we look at what ISO 9001 and why it’s so important. We then look at the specific requirements around documents controls in ISO 9001 and some of the associated challenges. Finally, we look at how policy management software like Xoralia can help.

What is ISO 9001?

ISO 9001 is the international standard for Quality Management Systems (QMS) and helps to define what needs in place to achieve certification. The standard recognises organisations that take a process-led approach to quality management in order to consistently provide products and services that meet both regulatory and customer requirements.

ISO 9001 is published by the International Standards Organisation (ISO), with the current version dating from September 2015.

Why is ISO 9001 important and what are its benefits?

ISO 9001 is a major standard with over two million organisations worldwide certified. It is critical for many organisations as it recognises their commitment to quality, which is important to customers, suppliers and regulators; some successful commercial relationships may even be conditional on ISO 9001 being in place. The fact that the standard is recognised across borders also makes it essential.

ISO 9001 is particularly important for sectors such as manufacturing, construction, technology, engineering, healthcare and more.

Beyond certification, implementing ISO 9001 has major benefits in helping to establish the quality of goods and services, driving efficiency, supporting good customer service, minimising risks, standardising approaches, providing clarity for staff over specific processes and more.

What is document control in ISO 9001?

Documents play a crucial role in the life of organisations. Documents contain details of policies and related information. They provide records of decisions that have been made. Documents represent the “official” line of what to do and are everyday essential reference points for employees.

Within a Quality Management System there is an emphasis on doing things in a particular way to guarantee quality. But employees will need to have access to the right documents with the right information at the right time. Unsurprisingly in ISO 9001 there is an emphasis on having document controls in place to ensure that any relevant documents are up to date, have accurate information, are accessible an dmore.

The need to have “documented information” and the control of documented information are specifically referenced in the standard and is therefore an area that organisations must address in able to get certified.

What ISO 9001 document controls need to be in place?

The ISO 9001 standard is very detailed and requires a lot of very specific actions to gain certification. The area relating to documented information and document controls are covered in section 7.5, and points 7.51 to 7.53. Richard Keen at Endeavour Technical provide a very helpful overview of these sections of ISO 9001, detailing what the standard requires relating to document controls.

In essence it covers the documented information that you need to maintain and retain for ISO 9001 documented information, and additional needs such as the importance of staff fully understanding the type of documents that need to be controlled and how.

Clause 7.5.3 is specifically dedicated to the “Control of Documented Information” and includes (among other things) the need to:

  • Have controls in place to approve, review, update, identify changes and provide access to relevant documents , effectively all through their lifecycle.
  • Make relevant documents available at the point of use.
  • Have a suitable format to for the documents.
  • Provide adequate protection and security, including access control.
  • Have the right approach to document retention in place.
  • And more!

What are some of the challenges with document control in ISO 9001?

Maintaining document controls is not always as straightforward as it should be with some associated challenges. These challenges are relatively common in organisations but organisations seeking ISO 9001 accreditation needs to show that they are tackling these.

Challenges include:

  • Lack of formality and clarity: Stakeholders simply aren’t clear on what needs to be done relating to document controls, sometimes because there are no formal procedures available or they are too loosely applied. Clearly ISO 9001 requires a far more formal approach with clarity over what everybody needs to do.
  • Lack of buy-in: Some stakeholders within the business don’t fully buy-in for the need for document controls so don’t manage their documents in the way that they should.
  • Version control: Version control is not consistently applied so there can be multiple versions of the same document in circulation, with some that are out of date, and confusion about which is the latest one. ISO 9001 cannot be applied when there are multiple versions of documented information.
  • Access control and security: Access and security controls are not fully applied to documents, usually unintentionally. The ISO 9001 standard requires security and access control to be addressed.
  • Documents not up to date: Document owners don’t keep their documents up to date, either because they have forgotten to or don’t see it as a priority.
  • Documents are not easily available: Documents are not easily accessed by the people who need to reference them, often because there is no established or trusted central repository. ISO 9001 requires documents of controlled information to be readily available at the point of use.
  • Changes are not recognised: Even if changes are made to a document – for example to a policy or a procedure - then this is not communicated or recognised by the people who need to know about what that change is.
  • There is no approval process in place: Some documents should have an approval process in place but this isn’t there either because it is not clear who the approver should be, or the workflow relies on sending the right emails which isn’t very reliable. ISO accreditation would need to cover approval of the relevant documents.

How can policy management software help with ISO 9001 document control

Policy management software can help with many of the general challenges associated with controlling documents must be addressed for ISO 9001 certification. For example, a robust policy management software solution like Xoralia:

Additionally, investing in a solution like Xoralia helps to demonstrate that you are doing what you can to put the right documents controls in place for ISO 9001. It also provides clarity for both documents owners and staff to they know what they need to do to support ISO 9001 and reflects its importance, ensuring all stakeholders pull their weight.

How Xoralia helped LifeArc achieve ISO 9001 accreditation

When LifeArc needed to establish ISO 9001 accreditation they needed a quick solution to urgently improve the access employees have to information security policies and procedures. With a rapidly approaching ISO 9001 audit, LifeArc urgently implemented Xoralia and got it live within 72 hours, helping them to achieve certification. You can read more in the LifeArc case study.

Document controls for ISO 9001 accreditation

Having the right document controls in place is critical for ISO 9001, but there can be associated challenges that are experienced by many organisations. Investing in policy management software like Xoralia can make a huge difference in establishing the right document controls and get you on the path to achieving ISO 9001 accreditation.

Why not book a free demo of Xoralia or get in touch with us to discuss your needs?

Book a live demo

Find out more about Xoralia policy management software

During the demo, we'll walk you through Xoralia’s various features and functionality, providing plenty of time for you to ask our experts questions along the way.

Book a demo

5 key steps to enhance workplace policy compliance

Posted on by Dan Hawtrey

5 key steps to enhance workplace policy compliance


Blog / 5 key steps to enhance workplace policy compliance

12th December, 2023 | By Dan Hawtrey

Most organisations have policies that help to minimise risk, influence decision-making and instruct employees to follow the right processes and procedures. In more risk averse or regulated industries, the number of policies may be very extensive; different functions such as the IT security team or the department tasked with Health & Safety are also likely to have more policies in operation than others. However, the level to which managers and employees actually follow these policies can vary dramatically, with some organisations and teams wondering what they can to do to improve the level of compliance.

If employees do comply with your policies, then multiple benefits are possible, from better customer service to a stronger safety record to more standardised business processes. If your policies are ignored and not followed, then there are multiple risks.

In this post we’re going to do a deep dive into policy compliance and the steps you can take to improve levels of compliance.

What is policy compliance?

Policy compliance can simply be defined as the level to which your managers and employees follow the procedures and guidelines covered in your policies. For this to be able to happen, two things need to happen. Firstly, employees need to be able to access the right policies so they know what to comply with. Secondly, there needs to be some way of measuring the level of compliance, so you can then take action to increase it.

Why is policy compliance so important?

Policy compliance is essential for a number of reasons, including:

  • Ensuring your organisation is complying with different laws and regulations.
  • Keeping employees safe, and support health and wellbeing.
  • Protecting the data of employees, customers and suppliers.
  • Supporting key organisational processes and maintaining standards.
  • Driving efficiency and supporting productivity.
  • Delivering the very best customer service.
  • Standardising processes across different teams, departments, and locations.
  • And many more!

How can we achieve policy compliance?

Achieving compliance with key policies is not always straightforward, can take time and is never completely guaranteed. However, if you take a holistic approach and adopt a number of different steps and tactics, then you are very likely to succeed increase compliance levels. These steps include:
  1. Making policy compliance a strategic priority
  2. Getting your policies up to date
  3. Removing barriers to accessing your polices
  4. Introducing employee attestation processes
  5. Making policy compliance sustainable.

Let’s look at each of these steps in more detail and some of the individual things you need to do within them.

1. Making policy compliance a strategic priority

Making policy compliance happen requires it to be an organisational priority, ideally leading to a “culture” of compliance.

Get leadership buy-in

Generally, increasing policy compliance needs be a top-down effort where it is clear to employees that senior leaders expect them to follow the policies that are in place. It is worth getting leadership buy-in to ensure that they are on side with a view to improving policy compliance. If your C-suite backs you it is easier to align any messaging, influence the actions of individual stakeholders and policy owners, and also make the case for investing in any required policy management solutions such as Xoralia.

Get commitment from stakeholders and policy owners

Responsibility for enforcing policies and increasing compliance is an ensemble effort and devolved across different business functions. For example, your HR function will be driving compliance for people-related policies, and your IT team will be doing the same for technology-related policies and so on. Increasing policy compliance throughout your organisation is dependent on their actions and buy-in; the good news is that they are usually keen to enforce policies and should support any push to drive up compliance.

Tie policies to existing risk, compliance or strategic efforts

Policies don’t exist in a vacuum – they are there for a reason, including to minimise risk and compliance efforts, or achieve wider strategic aims. Most of the time a link between a policy and a wider aim is obvious, such as a series of health & safety policies and ensuring there is a spotless safety record. At other times this might not be the case, for example policies that support employee retention. Where possible, ensure policies are tied to wider strategic aims, so there is a strong reason for compliance, both in the eyes of the stakeholder managing the policy, and the employee who needs to follow the policy.

2. Getting your policies up to date

Policy compliance can be only increased with a set of policies that are up to date, and are perceived by employees as being up to date. Without this, policies are more likely to be ignored.

Establish clear ownership

Policies require active management, so they are kept up to date. This is very difficult without clear ownership. Ensure every policy has a named individual as an owner who is responsible for keeping it up to date, encouraging accountability. Sometimes policies are owned by a department such as HR, but having a specific person is usually necessary, as it is surprising how some policies can get left behind, for example if a person within that department leaves.

Get policies up to date

You can’t expect managers and employees to follow policies if they are not kept up to date or if there are multiple versions circulating. Therefore, any initiative to increase compliance must start with policy owners reviewing and getting their policies up to date as a baseline and clearly identifing these as the very latest versions. Policy owners also need to commit to keeping their policies up to date. Here the policy lifecycle tools in a solution like Xoralia where policy owners get regular reminders to review the policies that they are responsible for can really help.

3. Removing barriers to accessing your polices

To encourage compliance, make it as easy as possible for employees to find and access your policies by removing any unnecessary barriers.

Establish a central library and one source of truth

The easiest way to ensure policies can be easily found is having a central library where everyone can access them, for example through your intranet. This library should also provide one source of truth so there aren’t competing versions of the same policy, but also the facility to link to documents there so an HR policy could be accessed from the HR section of your intranet, for example. A solution like Xoralia, is based around establishing a central library and one source of truth, opening up your policies to everyone.

Make policies findable

Policies also need to be findable to drive compliance. Having a central policy library goes a long way to improve findability but policies also need to be easily findable through any Microsoft, SharePoint or intranet search. Within your library, having a specific policy search with meaningful filters such as a policy area (e.g. HR, Health & Safety, IT security etc.), as well as the ability to browse through policies, will help employees find what they need. Again, these are all capabilities that are rolled into the Xoralia product.

Use personalisation

In large, global organisations or businesses with complex structures or multiple locations, there will be some policies that apply to some parts of the business and not to others. Using personalisation and audience targeting – usually based on Microsoft Entra ID profiles – is the best way to ensure only employees see the policies that are relevant to them.

Use inclusive language with guidelines

Some policies are created for two reasons – firstly to be followed by employees, secondly as a fall-back to satisfy risk concerns and contractual areas. Because of the second reason, some policies tend to be long-winded documents written in “legalease” with pages and pages of small print. These are extremely unlikely to be read and followed. Therefore, policies should always be written so they can be understood and are clear, usually with guidelines and summaries with the essential points.

Many organisations have a global and diverse workforce, with multiple languages and where some employees will have accessibility needs. It pays to have policies which are written in an inclusive and accessible way, and translated if necessary.

4. Introducing employee attestation processes

Introducing an employee attestation process that requires employees to acknowledge they have read and understood a policy is critical for compliance; this is done by usually confirming on the policy similar to agreeing to Terms & Conditions, or even using an e-signature.

Introduce attestation processes

Introducing an employee attestation for policies is critical for compliance. There are multiple reasons for this; by introducing attestation it shows employees that policy compliance is expected, and it also introduces the opportunity to report on and improve compliance. Attestation ensures that organisations are intentional about raising compliance, and this focus will reap results.

Use reporting to track success

Employee attestation provides teams with a tangible way to measure the level of compliance. Granular reporting can also tell you who hasn’t completed the process, so you can then make appropriate interventions and communication to improve the level.

Use notifications and targetng

Using automated notifications to remind people to either start a new employee attestation process or send them another reminder, as well as targeting to ensure these go to the right groups, makes the employee attestation process far more efficient. These features are all hard-baked into Xoralia’s policy management solution.

Use quizzes

Of course, employee attestation doesn’t’ guarantee compliance. In Xoralia we also include a feature for employees to have to answer questions about a policy to show that they have actually read it. This is another feature that is helping to drive policy compliance.

5. Making policy compliance sustainable

Policy compliance isn’t a one-time effort. It needs to be ongoing and truly sustainable; several factors can help make this happen.

Use automation

Policy management is important but aspects of its administration are not the most interesting or engaging activity; if done completely manually it is time-consuming and not the best use of anybody’s time. The good news is you can use automation to do some of the heavy lifting including notifying employees about polices, running most of the employee attestation process, compiling reports, resetting annual attestation processes and more. This is why so many organisations invest in policy management software that uses automation to save time, increase efficiency and making policy compliance actually sustainable.

Support policy owners

Policy compliance relies on policy owners keeping their documents up to date, but sometimes despite the best intentions, they don’t carry this out. Making it easier for your policy owners to manage their policies can increase the chances of ongoing compliance; automated review notifications, clear views of the policies a person owns and similar features can make a difference. Again, these are all features we’ve built into Xoralia.

Embed in employee onboarding

Employee onboarding usually involves employees having attest to different policies. Embedding policy compliance into your onboarding programme will save time and support ongoing compliance. If your policy management solution supports personalisation, you should be able to target policies to new starters and even automatically run the relative attestation process for any person joining your organisation.

How Xoralia supports policy compliance

In this article, we’ve covered what you need to do to drive policy compliance. Virtually all of the steps that we’ve mentioned are supported by policy management software like Xoralia, that:
 
  • Establishes a central policy library with search and browsing options.
  • Supports clear ownership of policies and supports owners through the policy management lifecycle.
  • Ensures there is one source of truth for policies, establishing the employee trust that is important for compliance.
  • Automates the employee attestation process, so you can “set and forget”, but also includes quizzes to really embed compliance.
  • Has all the reporting required to monitor and improve policy compliance.
  • Uses automation and personalisation to do much of the heavy lifting of all the above.
  • Effortlessly integrates with your Microsoft 365 digital workplace and SharePoint intranet.

If you’re serious about improving policy compliance, then investing in a solution like Xoralia is essential. Why not book a free demo?

Book a live demo

Find out more about Xoralia policy management software

During the demo, we'll walk you through Xoralia’s various features and functionality, providing plenty of time for you to ask our experts questions along the way.

Book a demo
Subscribe to our newsletter to get the latest software updates and information about Xoralia
SharePoint policy management software
Linkedin Twitter Youtube
About
Product info
Built for:
  • Microsoft SharePoint
  • Microsoft Office
  • Microsoft Teams
© Copyright 2021-2024 Content Formula Limited. All rights reserved.
© Copyright 2021-2023 Content Formula Limited. All rights reserved. Cookie notice  |  Privacy policy  |  Xoralia license terms  |  Sitemap
PHP Code Snippets Powered By : XYZScripts.com

We use cookies to give you the best experience on our site. By continuing to use our website, you are agreeing to our use of cookies. To find more about the cookies, please see our Cookie notice

You can also read about our Privacy policy

got it

Contact Support

If you have a question about Xoralia software, please fill out the form below and a member of our support team will be in contact with you shortly.