Policy and procedure management is a critical activity for any organisation. The policies, procedures and associated guidelines that businesses create and distribute to their employees helps drive operations, reduces risks, ensures compliance, supports standards, improves customer service and underpins day-to-day work.
However, the truth is that many organisations don’t really manage their policies adequately. This can lead to out-of-date policies, multiple versions in circulation, policies that are impossible to find, huge administrative overheads and ultimately non-compliance. Policies basically get ignored.
Policy and procedure management software is essential for managing policies at scale. At its core, policy management software:
- helps employees find the policies they need by providing a central point to find and access documents
- provides features to help policy owners keep their policies up to date
- has document management features such as version control
- has employee attestation features so policies are read and understood
- provides automation and reporting to hugely reduce any central administration effort
- ticks various boxes around compliance such as audit trails
- and more!
In this post we’re going to take a deeper dive into the policy management software market, explore some of the factors to consider when selecting a solution, and profiling six leading policy management solutions.
What is the right policy management solution for me?
The policy and procedure management software market and the wider compliance management software market are mature and there is choice to suit different organisations, needs and budgets. That’s good news for organisations and their compliance teams, but it does make it more of a task to pick the solution that is right for you.
Solutions range from very mature solutions that have been around for more than a decade and are often part of a wider suite of Governance, Risk and Compliance (GRC) tools (but still available separately), to more focused standalone solutions that are just orientated towards policy and procedure management. Some of these are newer on the market, including challenger brands like Xoralia, that offer enhanced usability and deep integration with SharePoint.
To a certain extent, most of the leading policy management solutions have a number of common features that cover the core basics of policy management. However, there is difference in the some of the specific details on how these features work, as well as areas such as price point, flexibility and user experience.
How do I select the right policy management software for my organisation?
When you are considering policy management software there are several factors to consider. While these are common to any software selection process, some of them are particularly important to consider for policy management:
- Features: Does the solution meet all my requirements around policy management with the necessary features?
- Findability: Does it make policies easy to find at the point of need, a key consideration that is not always straightforward for employees?
- User experience: Is the solution and intuitive for employees who need to access policies and complete attestation processes? All too often solutions seem built for compliance teams rather than the employees who need to access, read and follow policies.
- Admin experience: Is the solution easy to use for administrators or policy owners, and does it actually help them to successfully keep on top of their policy management tasks? Many solutions are actually complex and quite hard to navigate.
- Reporting: Does the system have all the reporting in place you need to support policy management, employee attestation and more?
- Compliance: Does the system have what you need to support compliance, particularly around audit trials and reporting?
- Integration: Does the solution either integrate with your wider digital workplace (probably Microsoft 365) or with other related Governance, Risk and Compliance (GRC) solutions?
- Vendor: Is the vendor a suitable fit in terms of supporting the solution as well as meeting your expectations of a supplier?
- Roadmap: Is there an active roadmap with investment in the product and potentially the opportunity to request and influence new features?
- Flexibility: How flexible and scalable is the solution to meet your needs and processes? This can be a major consideration.
- Price: Of course, the cost of any software is also always going to be a factor.
Six leading policy management solutions
Of course, there is no right and wrong policy management solution – only the one that is best for you and your needs.
Below are profiles of six leading policy and procedure management software products which illustrate the different kinds of solutions that are on the market, and the kind of features they have.
1. ConvergetPoint
ConvergePoint is a producer of compliance software based on SharePoint. Products cover areas such as contract management, conflict of interests and incident management. Their product range include a policy management solution.
- ConvergePoint ticks the boxes for the core features around policy management with capabilities that focus on policy creation, disseminating policies to employees via a central repository and employee attestation.
- ConvergePoint takes advantage of its integration with SharePoint and Microsoft 365 to allow policy owners to create policies within Word.
- Approval workflow, version control and audit history support policy lifecycle management, with additional features that help content owners with targeted dashboards, notifications and more.
- ConvergePoint’s central policy library means that employees are able to find the policies they need through searching , filtering and browsing options, powered by custom metadata. Access to some policies can also be restricted.
- There is a dedicated “certification module” that drives the employee attestation capabilities, with the ability to add additional quizzes to confirm policies are actually being digested and understood.
- Reporting, analytics and dashboards cover different aspects of policy management, including keeping on top of employee attestations.
- As ConvergePoint is SharePoint-based, employees with a Microsoft ID can gain access via Single Sign-On (SSO), although the integrations aren’t as deep as with other SharePoint-based solutions like Xoralia.
While ConvergePoint has generally good online reviews and is a mature and trusted solution that also integrates with other related compliance software, we have heard some customers that some have found it less user-friendly than some other offerings, and it may not have as active a product roadmap as some other rival solutions.
2. ComplianceBridge
ComplianceBridge is a software vendor producing a range of GRC software products. Many of these different products integrate together to form a “suite” of GRC management tools. This include policy management software that is also available on a standalone basis.
Like many of the other solutions profiled in this article, there are a number of features that help central policy teams manage policies and procedures through the lifecycle:
- Tools to create policies, using appropriate templates, custom approval workflows and more.
- The ability to import documents from Micorosft 365 and Google Docs.
- Version control, the ability to compare versions and automated updated links when a version is updated
- Tools to help different teams collaborate and review policies, as well as automated review reminders to help keep policies up to date.
- Ability to publish and distribute policies from your own Document Management System (DMS) with the ability to target different groups, sub-groups and roles.
- Employee attestation and quiz question features to drive and test policy reads and understanding
- Automated notifications and reminders for employees to review policies.
- Dashboards with real-time reporting to help track employee attestation and other policy management processes, with the ability to export reports.
One of the obvious strengths of Compliance Bridge is its ability to integrate with other GRC products, providing policy management within a wider GRC suite. However, ComplianceBridge is also a very mature product and its feature set tends to be focused on the needs of central policy teams and administrators, rather than the user experience of employees accessing the policies.
ComplianceBridge also appears to have less features specifically focusing on the findability of documents. While it has some integration with Microsoft 365, it is not a SharePoint-based solution like Xoralia which has much deeper 365 integration.
3. DocTract
DocTract is a software company that is focused on producing cloud-based policy management and contract management solutions. The company was founded in 2018.
DocTract’s core product delivers most of the features to cover the hygiene of policy management. The software’s capabilities are positioned around four key areas – policy management, policy distribution, regulation and standards and training & attestation. It includes:
- The ability to manage the policy creation process with an editing interface, templates, version history, custom approval workflows, tools to comment and review the policy and more.
- The ability to publish the policy to different groups, version control and access to previous versions.
- Automated policy reviews with reminders and notifications.
- A search “portal” that is also optimised for mobile with the ability to add custom categories, and also open up to the public via an external-facing website, with the latter a relatively unusual feature.
- Employee attestation features which can be targeted to different groups, with notification and reminders.
- Additional training courses and quizzes wrapped around different policies or collection of policies.
- The ability to map regulations, standards and controls to particular documents and the ability to map “crosswalks” and collections of different policies that belong to a larger manual or compliance process.
- A range of change control features around managing documents when a standard or regulation changes.
- Various built-in analytics and reporting on all the above.
DocTract is very much a tool focused more on the document management aspects of policy management and may be designed primarily around the needs of central policy management teams, rather than the needs of employees who need to access policies in their day-to-day work.
4. NAVEX One PoliyTech
NAVEX One PolicyTech is another mature policy and procedure management solution. It’s produced by NAVEX, a US-based provider of governance, risk and compliance (GRC) software and services. It is available as a standalone product but also integrates with other NAVEX GRC solutions.
NAVEX One PolicyTech includes most of the core features found in other solutions, helping at all stages of the policy management lifecycle, with policies available for employees to access through a central repository.
- NAVEX One PolicyTech supports policy creation with version control, archiving for replacing existing policies, and custom approval workflow in place.
- There are also the requisite employee attestation features for acknowledging polices, with reporting in place to drive up compliance.
- NAVEX One PolicyTech supports14 major languages as standard, and also has some workflow around supporting translations of different policies.
- NAVEX One PolicyTech says it integrates Microsoft 365 and SharePoint to help deliver a federated search experience, although this lacks the level of integration that Xoralia has which is a SharePoint-based solution it its own right.
- Policies can be presented across different sites, which can be branded separately if required.
- NAVEX One PolicyTech has compliance reporting, for example where you map your policies to different compliance standards or areas, and then reflect this in your reporting – such as cybersecurity or HR areas for example.
A back-up feature provides essential offline access to policies if there is outage or similar issue, also supporting business continuity.
5. MitraTech PolicyHub
MitraTech is a software company that produces a range of different software solutions covering workflow automation, the legal sector, human resources and risk & compliance (GRC). MitraTech PoliyHub is the company’s policy management tool among a range of other GRC solutions.
PolichHub covers the fundamentals of policy management:
- Making policies available for employee through a central policy library.
- Policy management lifecycle tools including the ability to create policies within the tool and approval workflow.
- Automated reminders and notifications.
- Target global polices and procedures including in different languages to the right groups.
- Employee attestation features to cover acknowledgement.
- Reporting and analytics including for employee attestation.
- An audit trail across the policy management lifecycle.
- The ability to add custom quizzes to test knowledge gained from policies.
Feedback from online reviews is generally positive in at least covering the basics, however we have heard from customers that it can feel complex to use, and sometimes fall short in some of its features.
One of the things to release about PolicyHub is that is an extremely mature tool. It was first introduced in 2002, although there have been numerous releases. It is currently on version seven. It is possible that some of the interfaces do not feel as modern or as up to date as a more recently launched product like Xoralia.
PolicyHub is also one of multiple GRC tools from MitraTech. This is appealing for customers looking for a more integrated suite of compliance tools. However it is possible that the policy management tool many not have had as much investment or focus compared to other vendors with a less expansive product range.
6. Xoralia
Xoralia is a comprehensive policy management solution supplied by Content Formula, a digital workplace consultancy and vendor with deep expertise in SharePoint, Microsoft 365 and intranets.
Xoralia has some similarities with the other policy management solutions detailed in this piece in that it has all the main features that you’d expect from an enterprise policy management solution.
However, it is a much newer product with an agenda to challenge existing policy management software, by having a rapidly evolving product roadmap while also focusing much more on the user experience for employees, policy owners and admins, and leveraging deep integration with SharePoint.
- Xoralia has a strong emphasis in findability with the central policy library for employees including scoped searches, filters and browsable categories all fed by custom metadata that could reflect an organisational structure, locations, brands or other aspects.
- Xoralia has employee attestation features that can be targeted to different groups or across collections of documents with the required reporting, with the ability to add customs quizzes to embed learning about policy changes.
- As with the other solutions profiled in this post, Xoralia enables policy creation via integration with Word, the creation of multiple approval workflows, and also automatic reminders for regular policy reviews.
- Version control and audit trails are a core feature of Xoralia to remove the threat of duplicate or out-of-date policies, and supporting compliance and transparency.
- One of the key attributes of the product are the different views that are created for different personas, each of which are focused on the information they want to view including required tasks and actions.
- These include dashboards for users, individual policy owners, central admins and even managers who want to track engagement with policies across their team.
- Xoralia is based on SharePoint which means all data is kept within your existing Microsoft 365 tenant, but also it has deep integration with Microsoft Entra ID groups, Power Platform and also Microsoft Teams, to enable easy access and the ability to create custom reporting and automation.
- Xoralia allows employees to view policies through Microsoft Teams, but also uniquely comes with sixteen different web parts targeted at different roles that can be integrated into SharePoint sites or your SharePoint intranet.
- This allows your policies to be easily accessible and found across your digital workplace rather than being stuck in a heavy duty compliance system that nobody wants to use.
- Xoralia comes with a very active roadmap compared to other policy management tools with AI and a host of other features on the near-horizon.
Overall, Xoralia is a product that places much more emphasis on ease of use without compromising on any the policy management features that you need.
Book a free demo
In this article we’ve profiled six leading policy management software solutions, including Xoralia, and covered some of the things you need to consider when selecting a policy management product.
If you would like to find out more about Xoralia, why not book a free demo?
The story behind Xoralia
Xoralia was built by the team at Content Formula, an intranet and digital workplace consultancy that has built SharePoint intranets for some of the world’s most famous companies. Now, most companies want their policies and procedures on the intranet but they don’t just want to store them there, they also want tools to help better manage them. Over the years we came across just about every single requirement for a policy management system. As this article above explains, there are gaps in SharePoint and so we never built what in our mind was the perfect policy management system.
However, one of our clients challenged us to build something for them that filled all the gaps but still used SharePoint at the back end. We had a great relationship with them and agreed to share the budget to do this, provided we could then market the solution to others. That was in 2019. We’re now on version 3 of Xoralia and the product has grown and evolved a lot.
3 benefits you can expect from Xoralia
Make it easy to find policies
Centralised policy library with powerful search and filtering
Reduce administrative burden
Automations and notifications so that all policy tasks are carried out on time
Demonstrate compliance and best practice
Sophisticated tracking and dashboards to drive and measure compliance.
And lots more!
What our clients say
Xoralia drives user engagement and compliance...
The platform's user attestation functionality has been particularly impactful, leading to a remarkable increase from ~50% to 86% in user attestation within a matter of weeks.
Rian Stuart, IT Manager, Twinstream
...simplifies our policy management...
It not only simplifies our policy management, but also enhances our overall compliance posture and has proven to be a significant time-saver for our organization.
Nadja Friedrichs, Vice President of HR, Boyum IT
...single source of truth and access for employees...
We successfully rolled out the tool with a minimal internal learning curve and achieved a 97% read / acknowledgement rate on our first assigned policy.