What is SOP management software and how does it help?
Standard Operating Procedures (SOPs) provide important guidelines for employees on how to complete key activities. Multiple organisations across different sectors are reliant on employees correctly following SOPs to enable smooth day-to-day operations. However, there can sometimes be associated challenges, including ensuring that employees can access all the SOPs they need, and all that SOPs are up to date. Here, SOP management software such as Xoralia can make a huge difference.
In this post we’re going to do a deep dive into Standard Operating Procedures (SOP) and how to manage them. We’re going to cover what SOPs are, some typical examples of SOPs and the typical challenges that teams can encounter. We then cover what SOP management software is, how it can help overcome some of the issues in managing SOPs, and the particular features in Xoralia that help.
What are Standard Operating Procedures (SOPs)?
A Standard Operating Procedure (SOP) is a set of instructions and guidelines that provide the clear and authoritative detail around how to carry out particular activities and tasks. An SOP can often be very detailed, for example establishing a number of steps on what to do.
Why are SOPs important?
SOPs bring a lot of value to organisations. They can help to:
- Ensure smooth day to day operations.
- Drive efficiency and minimise risk, for example ensuring processes are carried out safely.
- Standardise processes across larger organisations.
- Help show external authorities such as certification bodies and professional associations that particular standards are being met.
- Help employees learn about and train in particular processes.
- Provide clarity and precision to decision marking and employee actions.
- Be a structured way to manage changes to operating procedures, so employees get to know about the change.
What is SOP management software?
SOP management software is a family of applications that help organisations to manage and distribute their SOPs, often doing much of the heavy lifting around administration, content management and access, while also reducing many of the associated challenges.
SOP management software can be considered as a type of policy management software. For example, a SOP management software solution like Xoralia can also be used to manage more general policies too.
What is different between managing SOPs and managing policies?
There are lots of similarities between managing SOPs and managing more general policies. However, there are some particular characteristics of SOPs that do make some of the challenges more pertinent. For example, SOPs tend to be more detailed than some general policies, have more regular changes that need to be digested by employees, and need to be referred to more often. They also need to be accessed from anywhere, for example when employees are out in the field or by frontline employees working in a factory.
What are some typical examples of SOPs?
There are many examples of SOPs across multiple industries, for example:
- Handling and escalating a customer complaint in a call centre.
- Regular maintenance of a piece of heavy machinery in a factory.
- Discharging a patient from hospital.
- Doing necessary background checks on a new customer.
- Auditors signing off on a set of accounts.
All of these processes and many more may be captured in SOPs.
What are some of the challenges with managing SOPs?
There are a number of particular challenges associated with managing SOPs.
Real-time access for everyone from anywhere
SOPs can relate to multiple business processes and areas so it very likely that everyone in an organisation will need to have access to your SOPs. Moreover, an employee will often need access when they are carrying out a particular activity. This could apply when they are off-site, or in a facility where there is not easy access to a desk.
Creating real-time access to SOPs from anywhere and at any time is not always straightforward, particularly if when there are frontline employees relying on mobile devices or if some SOPs are particularly sensitive with stringent security requirements.
Multiple documents with multiple versions for multiple different roles
Because SOPs can cover so many different processes and get updated regularly it can mean that there are often multiple versions of a SOP. Moreover, there may also need to be variations of a SOP dependent on the audience – for example, procedures might differ from country to country due to regulatory difference, or a SOP might need to be in multiple languages. Moreover, some SOPs are specific to different roles.
Finding the right SOP can therefore be an issue leading to multiple versions being in circulation with users struggling to know if they have the very latest version and the one that is relevant to their role and location. At best this is confusing, at worst highly risky, if employees follow the wrong procedures detailed in a SOP that has been superceded.
Managing frequent changes
SOPs focus on the detail around operations. There are potentially a lot of frequent changes to each SOP which means it can be hard for policy owners to keep everything up to date. It can be equally difficult for employees to keep on top of any changes, as well as know which is the latest version of a SOP they are accessing.
Communicating some changes and not others to the right people
SOPs are not documents that are kept up for the sake of it – they are there to be used – and it’s important to keep employees up to date about any changes. Ensuring these are communicated to employees is essential – but actually how you communicate that effectively is difficult – and also knowing which changes to communicate about is also key. Not every minor amendment will need to be communicated, for example.
Showing external parties that SOPs are managed but also understood
Sometimes it’s important to show to external third parties that you take a robust approach to managing your SOPs. For example, this could be a certification body that is performing an audit for ISO 27001 or a professional regulator who wants to know about your approaches to risk, learning and more. But sometimes just saying that you have SOPs in place is not enough and you need to demonstrate that you have a robust, systemic approach to managing and accessing SOPs. This is not always straightforward to show – having a solution with employee attestation reporting can help and shows intent.
Multiple SOP owners across the organisation
Managing SOPs can involve many people across your organisation who either contribute to or own an SOP. Having so many people involved from a wide number of different business functions can be challenging. Some may not always keep their SOP as up to date as they should do, while who is involved will change frequently as people move to new roles or leave your organisation. Sometimes an SOP might be owned by a team but it’s not always clear which member of that team is ultimately responsible, and updates get forgotten.
Inevitably this means SOPs get out of date or are not properly looked after, and central teams hoping to maintain a place for SOPs to be made available will have their work cut keeping on top of everything.
Not integrated into your wider digital workplace
SOPs need to be accessible for all employees at the point of need. However, sometimes they are not available directly in the flow of work or easily findable because they are housed in a repository that is not integrated directly into the wider digital workplace, likely to be based on Microsoft 365.
This creates barriers to accessing SOPs – for example, if your SOPs are kept in a separate database that requires another log-in, it means users may not be able to find SOPs in their main enterprise search. They also may be deterred from accessing them as they have to authenticate, and any view may be not optimised for mobile access.
How can SOP Management software like Xoralia help?
A SOP management solution like Xoralia can help with many of the challenges associated with Standard Operating Procedures.
A central SOP library available anywhere, anytime
One of the most important elements of using SOPs is to have one place that employees can easily access all SOPs. Xoralia leverages SharePoint to establish a clear, trusted SOP library that can be reached by any employee with a Microsoft 365 license. SOPs are available from anywhere and at any time, including from mobile devices, meaning they can be reached at the point of need, from the office, out in the field, on the factory floor and working from home.
Seamless integration with your Microsoft 365 digital workplace
Xoralia provide a central place to find and manage SOPs that is easy to access and even easier to use. Because the solution is based on SharePoint it means your SOP library is seamlessly integrated with your Microsoft 365-powered digital workplace and therefore can be accessed via Single Sign-On and potentially from your SharePoint intranet and Microsoft Teams. This means SOPs are available in the flow of work with an experience that is also optimised for mobile.
Excellent findability via search and custom browsing plus personalisation
Good findability is critical for distributing SOPs. If an employee can’t easily find the right SOP they may give up or end up missing the right item. Xoralia has excellent findability, allowing for SOPs to be integrated into your wider Microsoft search, as well as using custom tagging and metadata to both search and browse within the SOP library using meaningful terms and parameters, such as by department or owner. The experience is also personalised so employees can find the SOP that is relevant to their location, role and language.
Version control and targeting that scales
Xoralia has built in version control based on SharePoint, eradicating many of the challenges associated with having multiple versions. Crucially this is version control that also scales, taking into account the volume of SOPs and changes that can happen in busy, complex and global organisations.
SOP lifecycle features to support multiple stakeholders
Managing SOPs is not always carried out in time by busy, maxxed-out policy owners, or where there is ambiguity over ownership. Xoralia has built-in SOP lifecycle features to help policy owners providing clear ownership for policies with the appropriate access control, automated notifications and workflow to regularly review policies, clear views and reporting for owners so it easier for them to manage their policies and more.
A solution like Xoralia not only makes it easier for policy owners to manage policies, but also motivates them because they know employees trust and use the SOP library, and also establishes some accountability.
Robust ways to communicate changes to targeted groups
One of the most challenging aspects of managing SOPs is how to ensure that employees are made aware of any relevant changes. Xoralia does much of the heavy lifting here, leveraging existing Microsoft 365 groups and profile data to provide targeted notifications and views of SOPs that have changed, as well as employee attestation features where employees must acknowledge they have read and understood a SOP.
Flexibility and built-in automation within Xoralia also means you can decide when to issue a significant update to a particular group rather than multiple minor changes within a SOP. You can also “set and forget” by automating the communication around employee attestation for a SOP, for example repeating on an annual process or for new joiners.
Employee attestation features that ask additional questions
Sometimes it is necessary to go further than ask employees just to acknowledge they have read a SOP – you also need to know they have truly digested its contents or the relative change. Xoralia has built in additional quiz questions so you can also test whether a user has understood the SOP contents, helping to truly embed change.
Data analytics and reporting
Metrics, analytics and reporting are essential for managing SOPs and the associated employee attestation process effectively. Xoralia has robust data analytics and reporting – for example, a new report allows line managers to see which mandatory SAPs have been read and understood by their team. This reporting can also be extremely valuable in demonstrating your robust approach to SOP management for external third-parties in processes such as ISO certification.
Need help with managing your Standard Operating Procedures? Arrange a Xoralia demo!
We know how important managing SOPs is, but it can be tricky. A solution like Xoralia can reduce the challenges, save time and do much of the heavy lifting. Why not arrange a free Xoralia demo to see it in action?
Document controls in ISO 9001: meeting the requirements
ISO 9001 is one of the most important and popular international standards. It helps organisations demonstrate their commitment to quality management and have all the right processes and approaches in place to make it happen. Each year hundreds of thousands of companies around the world seek certification in ISO 9001 and go through the required audit process.
One element that is critical for ISO 9001 is having the right documents and related controls in place to support quality management processes. But implementing document controls and demonstrating that they are in place is not always straightforward and realistically organisations may need to invest in additional software to support ISO 9001.
In this post we’re going to explore what needs to be done to get the right document controls in place for ISO 9001. First, we look at what ISO 9001 and why it’s so important. We then look at the specific requirements around documents controls in ISO 9001 and some of the associated challenges. Finally, we look at how policy management software like Xoralia can help.
What is ISO 9001?
ISO 9001 is the international standard for Quality Management Systems (QMS) and helps to define what needs in place to achieve certification. The standard recognises organisations that take a process-led approach to quality management in order to consistently provide products and services that meet both regulatory and customer requirements.
ISO 9001 is published by the International Standards Organisation (ISO), with the current version dating from September 2015.
Why is ISO 9001 important and what are its benefits?
ISO 9001 is a major standard with over two million organisations worldwide certified. It is critical for many organisations as it recognises their commitment to quality, which is important to customers, suppliers and regulators; some successful commercial relationships may even be conditional on ISO 9001 being in place. The fact that the standard is recognised across borders also makes it essential.
ISO 9001 is particularly important for sectors such as manufacturing, construction, technology, engineering, healthcare and more.
Beyond certification, implementing ISO 9001 has major benefits in helping to establish the quality of goods and services, driving efficiency, supporting good customer service, minimising risks, standardising approaches, providing clarity for staff over specific processes and more.
What is document control in ISO 9001?
Documents play a crucial role in the life of organisations. Documents contain details of policies and related information. They provide records of decisions that have been made. Documents represent the “official” line of what to do and are everyday essential reference points for employees.
Within a Quality Management System there is an emphasis on doing things in a particular way to guarantee quality. But employees will need to have access to the right documents with the right information at the right time. Unsurprisingly in ISO 9001 there is an emphasis on having document controls in place to ensure that any relevant documents are up to date, have accurate information, are accessible an dmore.
The need to have “documented information” and the control of documented information are specifically referenced in the standard and is therefore an area that organisations must address in able to get certified.
What ISO 9001 document controls need to be in place?
The ISO 9001 standard is very detailed and requires a lot of very specific actions to gain certification. The area relating to documented information and document controls are covered in section 7.5, and points 7.51 to 7.53. Richard Keen at Endeavour Technical provide a very helpful overview of these sections of ISO 9001, detailing what the standard requires relating to document controls.
In essence it covers the documented information that you need to maintain and retain for ISO 9001 documented information, and additional needs such as the importance of staff fully understanding the type of documents that need to be controlled and how.
Clause 7.5.3 is specifically dedicated to the “Control of Documented Information” and includes (among other things) the need to:
- Have controls in place to approve, review, update, identify changes and provide access to relevant documents , effectively all through their lifecycle.
- Make relevant documents available at the point of use.
- Have a suitable format to for the documents.
- Provide adequate protection and security, including access control.
- Have the right approach to document retention in place.
- And more!
What are some of the challenges with document control in ISO 9001?
Maintaining document controls is not always as straightforward as it should be with some associated challenges. These challenges are relatively common in organisations but organisations seeking ISO 9001 accreditation needs to show that they are tackling these.
- Lack of formality and clarity: Stakeholders simply aren’t clear on what needs to be done relating to document controls, sometimes because there are no formal procedures available or they are too loosely applied. Clearly ISO 9001 requires a far more formal approach with clarity over what everybody needs to do.
- Lack of buy-in: Some stakeholders within the business don’t fully buy-in for the need for document controls so don’t manage their documents in the way that they should.
- Version control: Version control is not consistently applied so there can be multiple versions of the same document in circulation, with some that are out of date, and confusion about which is the latest one. ISO 9001 cannot be applied when there are multiple versions of documented information.
- Access control and security: Access and security controls are not fully applied to documents, usually unintentionally. The ISO 9001 standard requires security and access control to be addressed.
- Documents not up to date: Document owners don’t keep their documents up to date, either because they have forgotten to or don’t see it as a priority.
- Documents are not easily available: Documents are not easily accessed by the people who need to reference them, often because there is no established or trusted central repository. ISO 9001 requires documents of controlled information to be readily available at the point of use.
- Changes are not recognised: Even if changes are made to a document – for example to a policy or a procedure - then this is not communicated or recognised by the people who need to know about what that change is.
- There is no approval process in place: Some documents should have an approval process in place but this isn’t there either because it is not clear who the approver should be, or the workflow relies on sending the right emails which isn’t very reliable. ISO accreditation would need to cover approval of the relevant documents.
How can policy management software help with ISO 9001 document control
Policy management software can help with many of the general challenges associated with controlling documents must be addressed for ISO 9001 certification. For example, a robust policy management software solution like Xoralia:
Additionally, investing in a solution like Xoralia helps to demonstrate that you are doing what you can to put the right documents controls in place for ISO 9001. It also provides clarity for both documents owners and staff to they know what they need to do to support ISO 9001 and reflects its importance, ensuring all stakeholders pull their weight.
How Xoralia helped LifeArc achieve ISO 9001 accreditation
When LifeArc needed to establish ISO 9001 accreditation they needed a quick solution to urgently improve the access employees have to information security policies and procedures. With a rapidly approaching ISO 9001 audit, LifeArc urgently implemented Xoralia and got it live within 72 hours, helping them to achieve certification. You can read more in the LifeArc case study.
Document controls for ISO 9001 accreditation
Having the right document controls in place is critical for ISO 9001, but there can be associated challenges that are experienced by many organisations. Investing in policy management software like Xoralia can make a huge difference in establishing the right document controls and get you on the path to achieving ISO 9001 accreditation.
5 key steps to enhance workplace policy compliance
Most organisations have policies that help to minimise risk, influence decision-making and instruct employees to follow the right processes and procedures. In more risk averse or regulated industries, the number of policies may be very extensive; different functions such as the IT security team or the department tasked with Health & Safety are also likely to have more policies in operation than others. However, the level to which managers and employees actually follow these policies can vary dramatically, with some organisations and teams wondering what they can to do to improve the level of compliance.
If employees do comply with your policies, then multiple benefits are possible, from better customer service to a stronger safety record to more standardised business processes. If your policies are ignored and not followed, then there are multiple risks.
In this post we’re going to do a deep dive into policy compliance and the steps you can take to improve levels of compliance.
What is policy compliance?
Policy compliance can simply be defined as the level to which your managers and employees follow the procedures and guidelines covered in your policies. For this to be able to happen, two things need to happen. Firstly, employees need to be able to access the right policies so they know what to comply with. Secondly, there needs to be some way of measuring the level of compliance, so you can then take action to increase it.
Why is policy compliance so important?
Policy compliance is essential for a number of reasons, including:
- Ensuring your organisation is complying with different laws and regulations.
- Keeping employees safe, and support health and wellbeing.
- Protecting the data of employees, customers and suppliers.
- Supporting key organisational processes and maintaining standards.
- Driving efficiency and supporting productivity.
- Delivering the very best customer service.
- Standardising processes across different teams, departments, and locations.
- And many more!
How can we achieve policy compliance?
- Making policy compliance a strategic priority
- Getting your policies up to date
- Removing barriers to accessing your polices
- Introducing employee attestation processes
- Making policy compliance sustainable.
Let’s look at each of these steps in more detail and some of the individual things you need to do within them.
1. Making policy compliance a strategic priority
Making policy compliance happen requires it to be an organisational priority, ideally leading to a “culture” of compliance.
Get leadership buy-in
Generally, increasing policy compliance needs be a top-down effort where it is clear to employees that senior leaders expect them to follow the policies that are in place. It is worth getting leadership buy-in to ensure that they are on side with a view to improving policy compliance. If your C-suite backs you it is easier to align any messaging, influence the actions of individual stakeholders and policy owners, and also make the case for investing in any required policy management solutions such as Xoralia.
Get commitment from stakeholders and policy owners
Responsibility for enforcing policies and increasing compliance is an ensemble effort and devolved across different business functions. For example, your HR function will be driving compliance for people-related policies, and your IT team will be doing the same for technology-related policies and so on. Increasing policy compliance throughout your organisation is dependent on their actions and buy-in; the good news is that they are usually keen to enforce policies and should support any push to drive up compliance.
Tie policies to existing risk, compliance or strategic efforts
Policies don’t exist in a vacuum – they are there for a reason, including to minimise risk and compliance efforts, or achieve wider strategic aims. Most of the time a link between a policy and a wider aim is obvious, such as a series of health & safety policies and ensuring there is a spotless safety record. At other times this might not be the case, for example policies that support employee retention. Where possible, ensure policies are tied to wider strategic aims, so there is a strong reason for compliance, both in the eyes of the stakeholder managing the policy, and the employee who needs to follow the policy.
2. Getting your policies up to date
Policy compliance can be only increased with a set of policies that are up to date, and are perceived by employees as being up to date. Without this, policies are more likely to be ignored.
Establish clear ownership
Policies require active management, so they are kept up to date. This is very difficult without clear ownership. Ensure every policy has a named individual as an owner who is responsible for keeping it up to date, encouraging accountability. Sometimes policies are owned by a department such as HR, but having a specific person is usually necessary, as it is surprising how some policies can get left behind, for example if a person within that department leaves.
Get policies up to date
You can’t expect managers and employees to follow policies if they are not kept up to date or if there are multiple versions circulating. Therefore, any initiative to increase compliance must start with policy owners reviewing and getting their policies up to date as a baseline and clearly identifing these as the very latest versions. Policy owners also need to commit to keeping their policies up to date. Here the policy lifecycle tools in a solution like Xoralia where policy owners get regular reminders to review the policies that they are responsible for can really help.
3. Removing barriers to accessing your polices
To encourage compliance, make it as easy as possible for employees to find and access your policies by removing any unnecessary barriers.
Establish a central library and one source of truth
The easiest way to ensure policies can be easily found is having a central library where everyone can access them, for example through your intranet. This library should also provide one source of truth so there aren’t competing versions of the same policy, but also the facility to link to documents there so an HR policy could be accessed from the HR section of your intranet, for example. A solution like Xoralia, is based around establishing a central library and one source of truth, opening up your policies to everyone.
Make policies findable
Policies also need to be findable to drive compliance. Having a central policy library goes a long way to improve findability but policies also need to be easily findable through any Microsoft, SharePoint or intranet search. Within your library, having a specific policy search with meaningful filters such as a policy area (e.g. HR, Health & Safety, IT security etc.), as well as the ability to browse through policies, will help employees find what they need. Again, these are all capabilities that are rolled into the Xoralia product.
In large, global organisations or businesses with complex structures or multiple locations, there will be some policies that apply to some parts of the business and not to others. Using personalisation and audience targeting – usually based on Microsoft Entra ID profiles – is the best way to ensure only employees see the policies that are relevant to them.
Use inclusive language with guidelines
Some policies are created for two reasons – firstly to be followed by employees, secondly as a fall-back to satisfy risk concerns and contractual areas. Because of the second reason, some policies tend to be long-winded documents written in “legalease” with pages and pages of small print. These are extremely unlikely to be read and followed. Therefore, policies should always be written so they can be understood and are clear, usually with guidelines and summaries with the essential points.
Many organisations have a global and diverse workforce, with multiple languages and where some employees will have accessibility needs. It pays to have policies which are written in an inclusive and accessible way, and translated if necessary.
4. Introducing employee attestation processes
Introducing an employee attestation process that requires employees to acknowledge they have read and understood a policy is critical for compliance; this is done by usually confirming on the policy similar to agreeing to Terms & Conditions, or even using an e-signature.
Introduce attestation processes
Introducing an employee attestation for policies is critical for compliance. There are multiple reasons for this; by introducing attestation it shows employees that policy compliance is expected, and it also introduces the opportunity to report on and improve compliance. Attestation ensures that organisations are intentional about raising compliance, and this focus will reap results.
Use reporting to track success
Employee attestation provides teams with a tangible way to measure the level of compliance. Granular reporting can also tell you who hasn’t completed the process, so you can then make appropriate interventions and communication to improve the level.
Use notifications and targetng
Using automated notifications to remind people to either start a new employee attestation process or send them another reminder, as well as targeting to ensure these go to the right groups, makes the employee attestation process far more efficient. These features are all hard-baked into Xoralia’s policy management solution.
Of course, employee attestation doesn’t’ guarantee compliance. In Xoralia we also include a feature for employees to have to answer questions about a policy to show that they have actually read it. This is another feature that is helping to drive policy compliance.
5. Making policy compliance sustainable
Policy compliance isn’t a one-time effort. It needs to be ongoing and truly sustainable; several factors can help make this happen.
Policy management is important but aspects of its administration are not the most interesting or engaging activity; if done completely manually it is time-consuming and not the best use of anybody’s time. The good news is you can use automation to do some of the heavy lifting including notifying employees about polices, running most of the employee attestation process, compiling reports, resetting annual attestation processes and more. This is why so many organisations invest in policy management software that uses automation to save time, increase efficiency and making policy compliance actually sustainable.
Support policy owners
Policy compliance relies on policy owners keeping their documents up to date, but sometimes despite the best intentions, they don’t carry this out. Making it easier for your policy owners to manage their policies can increase the chances of ongoing compliance; automated review notifications, clear views of the policies a person owns and similar features can make a difference. Again, these are all features we’ve built into Xoralia.
Embed in employee onboarding
Employee onboarding usually involves employees having attest to different policies. Embedding policy compliance into your onboarding programme will save time and support ongoing compliance. If your policy management solution supports personalisation, you should be able to target policies to new starters and even automatically run the relative attestation process for any person joining your organisation.
How Xoralia supports policy compliance
- Establishes a central policy library with search and browsing options.
- Supports clear ownership of policies and supports owners through the policy management lifecycle.
- Ensures there is one source of truth for policies, establishing the employee trust that is important for compliance.
- Automates the employee attestation process, so you can “set and forget”, but also includes quizzes to really embed compliance.
- Has all the reporting required to monitor and improve policy compliance.
- Uses automation and personalisation to do much of the heavy lifting of all the above.
- Effortlessly integrates with your Microsoft 365 digital workplace and SharePoint intranet.
If you’re serious about improving policy compliance, then investing in a solution like Xoralia is essential. Why not book a free demo?