What is policy and procedure management?

Blog

Policy and procedure management is an important activity that helps to minimise risk, support smooth operations, underpin compliance, support decision-making and allows employees to get things done. But the level to which an organisation actively carries out policy and procedure management can vary dramatically, not only from business to business, but across different departments and teams within the same organisation too.

The vast majority of organisations have policies and procedures that describe the “official” view and way of doing things. If there a central, standard and optimised way that these policies and procedures are updated, stored, accessed and reported upon, then it means that policy and procedure management practices are in place.

If the approach is less formalised, uncertain and there are numerous challenges in accessing policies such as there being multiple versions in circulation, then it means policy management is less likely to be practices.

In this post we’re going to explore what policy and procedure management is, why it is important and what exactly is involved. We’ll also touch upon the role that software can play.

What is a policy and procedure?

A policy can be considered to be a document or artefact that states an official position or set of rules relating to a particular topic that need to be referred to and followed by employees. A procedure is a similar “official” set of how to do things – any step or steps that need to be followed in response to complete a particular objective or in response to a particular event.

Within an organisation, policies and procedures need to be followed by employees and are usually available in the form of controlled documents. There may also be related documentation that is also controlled, for example accompanying guidelines or “how to” manuals.

What is policy and procedure management?

Policy and procedure management can be considered to be the active management of policy and procedure documentation within an organisation to ensure that policies and procedures are:

  • Up to date and accurate all the way through their lifecycle.
  • Are housed in an appropriate repository.
  • Can be found and accessed by the people who need to read them, at the point of need.
  • Are followed by employees to minimise risk and ensure compliance, with employees aware of any changes made.
  • Are reported on to meet any compliance requirements
  • And more.

Why is policy and procedure management important?

Actively managing your policies and procedures is critical and has lots of benefits.

Minimises risks
When employees don’t follow particular policies there can be negative consequences with potential levels of risk. Sometimes these risks are not particularly serious, but in some areas such as health and safety, compliance is critical. Actively managing your policies so they are adhered by your employees will help to minimise risks across a wide number of areas from cybersecurity through to reputational management.
Protects employees
Policies and procedures are essential in protecting employees in a number of different ways – establishing health and safety, supporting safeguarding and ensuring employees treat each other with respect, and also protecting employees from accidentally taking actions which could jeopardise their employment or the safety of others.
Supports operational efficiency
Policies and procedures usually encourage employees to work in ways that also support efficiency and drive productivity. When everybody adopts these, it can really drive operational efficiency at scale.
Supports onboarding
Employees need to get themselves up to speed when they first join a company and this invariably means reading and understanding some key policies, some covered in what is effectively the “employee handbook.” Some policies also need to be read for compliance purposes. Effective policy and procedure management means that you are able to control the policies that new employees read, integrate them into an efficient onboarding process that doesn’t overwhelm, and then report on these too.
Drives compliance
Many policies and procedures relate to critical areas of regulatory and legal compliance, for example health and safety, data privacy, professional standards and more. Policy management increases the chance of people following your critical policies and driving compliance. More specifically, mandatory reads and employee attestation further drive levels of compliance and underpins related reporting.
Underpins adoption in the digital workplace
Policies and procedures in some areas will proscribe the use of particular digital workplace tools and applications. Having policies in place can support good digital workplace adoption. There are usually policies around terms of usage too.
Helps everyone get things done
While some policies and procedures are primarily concerned with compliance and risk, others are more operational such as an Expenses policy or your Travel policy. When employees can easily access these and they provide clarity on processes, it can help employees get things done quickly and effectively so they can get on with their working day.
Drives standardisation
All too often large organisations with multiple locations, countries, divisions and departments, often have fragmented processes and different ways of doing things. This can be inefficient and also risky, and organisations are often keen to introduce standardisation, particularly where a business has been built up through acquisition. Having clear documented policies and procedures that everybody can access is an important starting point for standardisation, ensuring everybody has clarity and is working on the same page. This has proved critical in merged organisatins.

What happens when policy management isn’t in place?

When policy and procedure management practices aren’t in place, then there can be various negative consequences:

  • Employees find it difficult to find the policies they need at the right time.
  • Multiple versions of policies end up being in circulation and nobody knows quite what the right version is.
  • People end up emailing different teams or asking colleagues to get policies, which is highly inefficient.
  • Policies simply don’t get updated.
  • Teams have to rely on time-consuming manual processes to monitor onboarding and compliance processes relating to reading policies.

The main consequence is that people simply don’t follow policies and procedures or take them seriously with all the associated risks that follow.

What’s involved in policy and procedure management through the lifecycle?

There are multiple elements involved in policy management through the lifecycle of a policy, from the moment it is created, to the point that policy is withdrawn or replaced. Some of the different stages include:

  • Creation: processes around the creation of the policies, including when they should be crated and who by.
  • Storage and dissemination: finding the right solution that acts as a repository for policies and procedures so documents can easily be accessed by employees at the point of need.
  • Findability and discoverability: making your policies and procedures findable and discoverable through search, browsing and embedding them within processes such as onboarding.
  • Reviews and updating: carrying our reviews of policies and procedures so they continue to be accurate and up-to-date.
  • Communication and change: communicating policies and changes in policies to employees to change and influence behaviours accordingly.
  • Compliance and reporting: meeting any legal, regulatory and compliance requirements through employee attestation processes (mandatory reads) and associated reporting.
  • Governance: establishing clear governance on all the above including ownership of individual policies and procedures to make sure everything happens.

The role that policy management software can play

Policy management software like Xoralia can make all the difference in supporting policy and procedure management in each of the area mentioned above, by partly automating the process and hugely reducing manual effort. For example:

  • Creation: establishing clear ownership and roles for each single policy, as well as approval workflow to help support the creation of new polices.
  • Storage and dissemination: establishing a trusted, central policy library that all employees can access.
  • Findability and discoverability: adding a powerful search layer across your policies as well as browsing options, leveraging custom tags and categories.
  • Reviews and updating: sending out review reminders to policy owners, establishing approval workflow for the replacement, and adding version control to replace a policy once there is a new version.
  • Communication and change: helps you to communicate new and updated policies through personalisation, dashboard views, notifications and the employee attestation process.
  • Compliance and reporting: facilitates mandatory reads, the employee attestation process and adds granular reporting. Xoralia even adds custom quizzes to test to see if employees have really understood the change.
  • Governance: allowing you to hard-bake different aspects of governance into how you manage your policy library.

Overall if you are attempting to introduce policy and procedure management into your organisation, then a policy management solution like Xoralia will make a huge difference. Why not organise a free demo?

How policy management software can help

We think the best place to store your policies is inside SharePoint. Most companies already have SharePoint as part of their Microsoft 365 subscription. Using SharePoint means you have full control of your policies, and many best practices can be achieved right out of the box. However, there are gaps and certain best practices are hard to achieve.

To fill these gaps, and for best results we recommend using purpose-built policy management software for SharePoint and Microsoft 365.

We’ve developed a dedicated solution called Xoralia (pronounced Zor-ra-lee-a) that will ensure you have the best overall approach to policy management, supporting your users, policy owners and administrators.

We learned all about policy management from many years of building custom solutions for our clients on SharePoint. But we kept coming up against the same challenges, mostly caused by feature gaps in SharePoint. One day, a client asked us to build a policy management tool that filled these gaps. The trouble was, they didn’t have a lot of budget. But we had a good relationship with them and so we decided to collaborate on it provided we got to keep the code. Looking back, it was a pretty simple tool but over the years we have added more features and relaunched it. We’re now on version 3 and our original customer is still using it!

3 benefits you can expect from Xoralia

Make it easy to find policies

Centralised policy library with powerful search and filtering

Reduce administrative burden

Automations and notifications so that all policy tasks are carried out on time

Demonstrate compliance and best practice

Sophisticated tracking and dashboards to drive and measure compliance.

And lots more!

Testimonials

Xoralia drives user engagement and compliance...

"The platform's user attestation functionality has been particularly impactful, leading to a remarkable increase from ~50% to 86% in user attestation within a matter of weeks."

Rian Stuart, IT Manager, Twinstream

★★★★★

...simplifies our policy management...

"It not only simplifies our policy management, but also enhances our overall compliance posture and has proven to be a significant time-saver for our organization."

Nadja Friedrichs, Vice President of HR, Boyum IT

★★★★★

...single source of truth and access for employees...

"We successfully rolled out the tool with a minimal internal learning curve and achieved a 97% read / acknowledgement rate on our first assigned policy."

★★★★★

How to get started with Xoralia

Step 1: request a demo

Fill out our form and we will be in touch to arrange a time. You can even book a time yourself.

Step 2: get a price proposal

If you think Xoralia is for you ask us for a quote. This will set out any options you may have.

Step 3: install and launch

We’ll install Xoralia in your environment (or you can do it yourself). We’ll provide training and support to get you up and running quickly.

Here's what you'll get

And last but not least:

Ready to get started?

Policies and procedure in the workplace: The ultimate guide 

Blog

Policies and procedures are essential tools for any workplace, providing a framework for operations and ensuring compliance with legal and regulatory standards. They help establish clear expectations for behavior and performance, thereby promoting a culture of accountability and consistency. Effective policy management includes drafting comprehensive policies, reviewing them regularly, and ensuring they are easily accessible to all employees. This approach helps mitigate risks, improve decision-making, and maintain organizational integrity.

In this post, we’re going to do a deep dive into the world of policies and procedures, looking at what they are, why they are important and how to manage them. We’re not expecting you to love policies and procedures, but we hope by the end of the article you’ll view them a little more positively!

What are policies and procedures?

Policies and procedures are structured sets of principles and rules that provide guidance and standardisation for processes across an organisation.

Policies generally outline the key principles and expectations that guide behaviour and decision-making within a company. In contrast, procedures offer detailed instructions on how to carry out specific tasks or actions. While policies tend to remain consistent, procedures may evolve more frequently as operational needs change. Although they are distinct, the line between policies and procedures can sometimes blur, with documents occasionally containing both elements, as well as related forms, guidelines, and checklists.

Why policies and procedures are important in the workplace?

Policies and procedures are essential for guiding behaviour, standardising processes, and ensuring compliance within the workplace.

Here are some of the key reasons why policies and procedures play a crucial role in maintaining an efficient and compliant work environment:

Helping employees complete tasks and get things done

In any given working day, employees complete multiple tasks, some relating to their role and others to more general processes. Additionally, employees may have to make several decisions during the working week. Policies and procedures provide essential baseline information for employees to get things done and make accompanying decisions.

Standardising processes

Most organisations seek to standardise processes across different divisions, regions and locations in order to drive efficiency, support customer experience, raise standards and provide consistency and simplicity across complex structures and diverse workforces. Having well-defined policies and procedures underpins this standardisation.

Supporting professional conduct

Policies and procedures define expected levels of professional conduct and behaviour, covering multiple aspects of organisational life including treatment of colleagues, interaction with customers, risk management and more. Having these policies and procedures is important for the smooth day-to-day running of any business.

Supporting compliance and certification

There are a range of different policies and procedures that must be followed for regulatory, legal and compliance reasons. Businesses need to enforce these policies, and may also need to show external regulators and other bodies they are doing everything they can to make sure they are followed. The way policies and procedures are managed and disseminated is a major component of this. Similarly, organisations may have to adhere to standards such as ISO 27001ISO 9001 and demonstrate policies are being followed to the relevant certification body.

Minimising risks

It’s not just legal and regulatory compliance that is important – having the right policies and procedures helps minimise risks across other areas, such as:

  • Health and safety: ensuring the wellbeing of employees and third parties, especially in areas such as construction, engineering, manufacturing and mining
  • Brand reputation: helping to preserve business image by supporting good customer service, preventing legal action, ensuring there aren’t data breaches and more
  • Supporting employees: ensuring employees follow the correct procedures to limit their personal risk and liability
  • And many more!

Helping new starters

It can be an overwhelming and even confusing time when a person starts at a new company, with a lot to do and learn. Having clear policies and procedures helps new starters complete onboarding processes and settle in more quickly; in turn, a positive onboarding experience also reduces employee turnover.

Managing change

Organisations are in a constant state of flux, and managing change across the workforce can be hard. Having clear policies and procedures helps manage change and outline new ways of working, both large and small.

Support values and wellbeing

Values and employee wellbeing are increasingly being recognised as important components of employee experience. Ensuring policies and procedures align with company values and provide safeguards for wellbeing can make a tangible difference.

Supporting an employee value proposition

The employee value proposition (EVP) of a company spells out some of its key HR policies and procedures, such as opportunities for career progression, learning and training, flexible working, maternity and paternity leave, pay and benefits and so on. The EVP of an organisation is central to attracting and retaining talent.

Facilitating continuous improvement

Policies and procedures provide a foundation for identifying areas of improvement within the organisation. Regular reviews and updates ensure that processes evolve with changing business needs and industry standards.

Common policies and procedures that every workplace needs

What are some of the common policies and procedures found in the typical workplace? Here are some of the most widespread, and most important.

General conduct

Policies and procedures will present clear expectations about employees’ workplace conduct. This can cover everything from interacting with employees and customers to lifestyle choices outside work, such as use of alcohol and drugs. As part of this, there will also be established processes around misconduct and what happens if it arises, including disciplinary procedures.

Professional conduct

Some businesses have more specific conduct guidelines to cover aspects of professional life, depending on the industry sector. Accountants, lawyers, financial services and the gaming industry, for example, all have regulatory and professional considerations that will impact individual conduct and other organisational procedures.

Regulatory compliance

Some regulated industries also have very specific additional processes they need to carry out relating to regulatory compliance. For example, financial services have a range of policies around advertising, marketing and selling that must be adhered to. Other regulated industries with strict regulatory procedures include pharmaceuticals, healthcare, energy, gaming and professional services.

HR and employment policies

There are a range of other common HR and employment policies such as those regarding maternity and paternity leave, sick pay, absence, career advancement, secondments, performance management and more. These HR policies are often an important reference point for employees during their time at a company, as well as when they are considering whether to join in the first place. As already stated, HR policies are a key part of any employment value proposition (EVP).

Travel and expenses

Most companies will have a travel and expenses policy relating to booking travel and claiming back expenses. This might stipulate the kind of travel that can be booked, how to do it and the approval process required from a manager.

Ordering equipment and other transactions

Organisations will also have policies and procedures relating to other everyday transactions that might involve approval workflow, such as ordering office equipment.

Use of technology and social media

How employees use technology and social media involves a degree of trust. Most organisations have a set of policies and procedures covering acceptable usage of technology and digital channels, both internally and externally.

Health and safety

One of the most important areas of policy and procedure is ensuring the right health and safety measures are in place. In some industries such as mining, engineering, healthcare, construction and energy, these are heavily promoted, and are key priorities at an organisational, team and individual level.

Hybrid and remote work

The pandemic has dramatically increased remote working, and many companies are now figuring out their policies and procedures relating to hybrid work and how they can make these work in the future.

Employee onboarding

As already noted, employee onboarding is crucial and can impact employee turnover. Having the right onboarding policies and procedures in place makes a big difference.

Procurement and due diligence

Procuring new suppliers and providing the necessary checks is essential in establishing successful relationships with suppliers, providing value for money and protecting an organisation’s reputation. As a result, most companies have a range of procurement and due diligence policies and procedures in place.

Policies and procedures management best practices

How should you manage your policies and procedures? There are a range of best practices to follow that will help ensure employees can easily access the latest documents and information, safe in the knowledge that they are accurate and up to date.

Allow easy access for all

Policies and procedures are there to standardise processes and minimise risks, but they also help employees get things done in the best way possible, supporting productivity and underpinning a good employee experience. Ensuring your entire workforce can easily access the right policies and procedure at the point of need is key to them being followed; there should not be groups who do not have access, such as your frontline staff. A central policies and procedures library available through your intranet is a proven model that works.

Ensure a single source of truth

Have just one source of truth for your policies and procedures to avoid issues with multiple versions that cause confusion and result in employees performing the wrong actions. Having multiple versions also undermines employee trust in any central policies and procedures library.

Keep policies and procedures up to date

Policies and procedures must always be kept up to date so they are accurate. Even if changes are small, it’s always best to execute any updates as quickly as possible, minimising the risk of errors down the line.

Keep control over versions

Establishing robust version control over policies and procedures is essential to prevent multiple versions circulating. Having a clear convention for numbering different versions and using the right solution (such as a SharePoint library) will help.

Clear ownership and lifecycle management

Many of the above best practices are achieved by having clear, defined ownership of each policy or procedure, with named individuals responsible for executing the right lifecycle management processes around regular reviews, updating their policy and more.

Make policies and procedures findable

As well as making policies and procedures easy to access, employees also need to be able to find the right information or document when required. Ensuring policies and procedures are findable and discoverable is critical. There are various approaches which help with this, including:

  • Creating a search specific to your policies and procedures library
  • Using tagging to categorise different policies to make them browsable or filterable via search
  • Creating views to filter policies by owner, function, type and topic
  • Using personalisation to show relevant policies and procedures to individual users
  • Including policies and procedures in a wider intranet, enterprise or Microsoft search
  • Using the right titles to accurately indicate policies’ purpose and contents.

Driving personalisation and targeting to ensure variations

Some policies may not be relevant to different groups of employees based on their role, location, level of hierarchy and so on. For example, in large global companies, HR policies often vary from country to country. Leveraging personalisation and targeting to ensure users access the right policies based on their profile will drive relevance and make sure the right policies are followed.

Checking for employee attestation

There are some very important mandatory policies that you will want to ensure everyone reads; sometimes, you will need to demonstrate to external parties that this has been done. These external parties are likely to be regulators or certification bodies, but they can be customers too. Running an employee attestation process where you can track who has read which policy, who has confirmed they have done so or even who has agreed to adhere to what is the best way to achieve this.

Carry out auditing when you need to

Ensure you have some kind of auditing process around your policies and procedures that records who has made changes to policy documentation and when. This helps force policy and procedure owners to take their role seriously, and also demonstrates to regulators and certification bodies that you have a robust approach to policy management.

Making policies readable and digestible

Policies and procedures are there to be used and followed, not ignored. A 50-page document written in “legalese” is never going to be read by your employees, and while it may be important to have from a regulatory, legal, compliance or risk perspective, creating a shorter version that is readable, digestible and actionable is far more likely to result in policies actually being followed.

Allowing access at the point of need

Allowing access to policies and procedures at the right time, directly at the point of need, helps boost adherence. For example, if an employee is making a travel booking, arranging easy access to the travel policy if they need to review it can be useful, even if it is just a link on the requisite form. Similarly, making it simple for your new hires to access the policies and procedures they need to read and attest to during the onboarding process will drive efficiency.

Have an agreed naming convention

Have a standard naming convention in place for your policies and procedures to ensure employees can find the right document and avoid confusion.

How policy management software can help

We think the best place to store your policies is inside SharePoint. Most companies already have SharePoint as part of their Microsoft 365 subscription. Using SharePoint means you have full control of your policies, and many best practices can be achieved right out of the box. However, there are gaps and certain best practices are hard to achieve.

To fill these gaps, and for best results we recommend using purpose-built policy management software for SharePoint and Microsoft 365.

We’ve developed a dedicated solution called Xoralia (pronounced Zor-ra-lee-a) that will ensure you have the best overall approach to policy management, supporting your users, policy owners and administrators.

We learned all about policy management from many years of building custom solutions for our clients on SharePoint. But we kept coming up against the same challenges, mostly caused by feature gaps in SharePoint. One day, a client asked us to build a policy management tool that filled these gaps. The trouble was, they didn’t have a lot of budget. But we had a good relationship with them and so we decided to collaborate on it provided we got to keep the code. Looking back, it was a pretty simple tool but over the years we have added more features and relaunched it. We’re now on version 3 and our original customer is still using it!

How policy management software can help

We think the best place to store your policies is inside SharePoint. Most companies already have SharePoint as part of their Microsoft 365 subscription. Using SharePoint means you have full control of your policies, and many best practices can be achieved right out of the box. However, there are gaps and certain best practices are hard to achieve.

To fill these gaps, and for best results we recommend using purpose-built policy management software for SharePoint and Microsoft 365.

We’ve developed a dedicated solution called Xoralia (pronounced Zor-ra-lee-a) that will ensure you have the best overall approach to policy management, supporting your users, policy owners and administrators.

We learned all about policy management from many years of building custom solutions for our clients on SharePoint. But we kept coming up against the same challenges, mostly caused by feature gaps in SharePoint. One day, a client asked us to build a policy management tool that filled these gaps. The trouble was, they didn’t have a lot of budget. But we had a good relationship with them and so we decided to collaborate on it provided we got to keep the code. Looking back, it was a pretty simple tool but over the years we have added more features and relaunched it. We’re now on version 3 and our original customer is still using it!

3 benefits you can expect from Xoralia

Make it easy to find policies

Centralised policy library with powerful search and filtering

Reduce administrative burden

Automations and notifications so that all policy tasks are carried out on time

Demonstrate compliance and best practice

Sophisticated tracking and dashboards to drive and measure compliance.

And lots more!

Testimonials

Xoralia drives user engagement and compliance...

"The platform's user attestation functionality has been particularly impactful, leading to a remarkable increase from ~50% to 86% in user attestation within a matter of weeks."

Rian Stuart, IT Manager, Twinstream

★★★★★

...simplifies our policy management...

"It not only simplifies our policy management, but also enhances our overall compliance posture and has proven to be a significant time-saver for our organization."

Nadja Friedrichs, Vice President of HR, Boyum IT

★★★★★

...single source of truth and access for employees...

"We successfully rolled out the tool with a minimal internal learning curve and achieved a 97% read / acknowledgement rate on our first assigned policy."

★★★★★

How to get started with Xoralia

Step 1: request a demo

Fill out our form and we will be in touch to arrange a time. You can even book a time yourself.

Step 2: get a price proposal

If you think Xoralia is for you ask us for a quote. This will set out any options you may have.

Step 3: install and launch

We’ll install Xoralia in your environment (or you can do it yourself). We’ll provide training and support to get you up and running quickly.

Here's what you'll get

And last but not least:

Ready to get started?

10 steps for a successful policy and procedure review process

Blog

The regular review of your policies and procedures is a critical element of successful policy management. You need to make sure that policies and procedures remain up to date and in step with any changes – otherwise you increase risks across various different fronts. Policies also start not being trusted and followed. A regular policy review is the best way to achieve this.

However, making sure a proper regular policy review process takes place is not always straightforward. Busy policy owners can get maxxed out, and then cut corners, delay a review or simply forget. In this post we’re going to explore what an effective policy and procedure review process looks like, why it’s important, and the ten steps to take that can help achieve success.

What are the benefits of having a policy and procedure review process?

There are a number of benefits of having a regular policy and procedure review process in place:

  • It helps keep all your policies and procedure up to date in the face of a rapidly and frequently changing world, organisation and regulatory landscape.
  • It helps to minimise risk by ensuring your policies are aligned to your legal and compliance requirements.
  • It supports operational efficiency again by keeping your procedures up to date – sometimes a small change can make a big difference.
  • A review can drive and identify opportunities for process improvement and address areas which might have been missed, either in your overarching policy or your derailed procedures.
  • A review can also help to make improvements to your policy to make it more readable, understandable and actionable for your employees.
  • It will give confidence to employees and stakeholders that a policy is up to date, helping ensure policies are trusted and followed.
  • It helps to keep policy owners mindful that a policy needs to be an up-to-date “living” document, supporting accountability.
  • And more!

When does a policy and procedure review process take place?

There are usually three instances when a policy review takes place:

  1. As part of a regular diarised review, either annually or every six months.
  2. A review that has been triggered by a significant change, for example new regulatory requirements, a risk that has been identified, or the introduction of a new technology platform.
  3. As part of a general overhaul of policies and procedures, for example reviewing a policy with a view to having a more rigid and standardised approach to policy management going forward.

While all these instances sound quite different, the steps you need to follow for each are similar.

What are the ten steps for a successful policies and procedures review?

There is no standard way to review a procedure, but here’s our view of ten steps you should follow for a successful review of your policies and procedures!

  1. Agree on the trigger and process for the review upfront
  2. It helps to define the circumstances that may trigger a review of any policy or procedure and then to have also thought about the process. Having clarity means a review won’t get missed; when the trigger and process are fuzzy and vague, then the review tends to get put to the bottom of the “to do” list and might not even get done.

    Defining the trigger will usually mean deciding on the period for any regular policy review – perhaps every year or six months – and listing the events such as a regulatory change, technology change, strategic pivot or workplace incident that might also prompt a review.

    In terms of the review process, you need to have clarity on who is responsible, who is going to provide input any review and who is going to approve any changes to the policy. This might be obvious in most cases, but some policies and procedures require input from multiple stakeholders.
  3. Gather any data and sources relating to inform changes to the policy
  4. You may well need to have data and background information to help inform whatever changes need to be made. Sometimes this stage can involve some research, and involve speaking with other internal stakeholders, employees and even external experts to get their thoughts and input.
  1. Gather any data and sources relating to inform changes to the policy
  2. You may well need to have data and background information to help inform whatever changes need to be made. Sometimes this stage can involve some research, and involve speaking with other internal stakeholders, employees and even external experts to get their thoughts and input.
  1. Gather data and feedback relating to the policy document itself
  2. It’s also useful to get data and feedback relating to how the policy and procedure is actually written itself. Is it clear? Is it helpful? Is it actionable? Are additional guidelines required? Here policy management software can be useful in providing data and insights into how and when an existing policy is being accessed and used.
  1. Identify what needs to change in the current policy
  2. Having undertaken what is effectively a mini-discovery exercise, it’s useful to identify the areas that need to change in your current policy and procedure document.
  1. Rewrite a first draft
  2. You should now all be set for rewriting the first draft of your policy. Time to get in that extra coffee and then focus on the writing stage.
  1. Initial review from stakeholders from users through to legal experts
  2. If you’ve defined your review process upfront (step 1), you’ll already have an idea on the stakeholders and subject matter experts to get their feedback on your changes. This may include legal and compliance experts – either internal or external – who can check if the new policy is ticking all the right  boxes.

    At this stage – or potentially at step 8 when you’ve incorporated feedback – also consider getting a review from employees who actually are going to use the policy. Can they read it and understand it? Are there improvements to the procedure to consider? Getting this input at this stage can be extremely valuable.
  1. Make any potential changes and submit for approval
  2. You’ve got the feedback and now it’s time to make the changes and prepare a final draft, and then submit this for approval. In terms of the approval hcani, it’s usually important to try and keep this relatively simple; an approval workflow with too many stakeholders involved can mean going around in circles.
  1. Make any revisions until there is final approved draft
  2. Ideally, you may even pass this stage with your policy approved without any changes. However, you may have to go through a number of further revisions if your policy is particularly complex, or involves multiple stakeholders.  In any case, eventually your policy should be approved.
  1. Identify the change management and communications
  2. Creating the new policy is not the end of the process. You’ll need to identify how you’re going to communicate the change. Do all employees need to know about it or just a particular group? Do you need an accompanying employee attestation process where people confirm they have read and understood it? Do you need to embed the new policy into your onboarding process? Giving some thought and preparing necessary communications is important, although this can be done in parallel while you make final revisions.
  1. Make the policy available and enact the change if necessary
  2. Finally, it’s time to make the policy available and issue any communications, and potentially start the employee attestation process. Here a policy management solution like Xoralia can do much of the heavy lifting providing personalised access to polices, initiating employee attestation and more.

How policy management software can help your policy and procedure review process

A robust policy management solution like Xoralia can help at every stage of the review process in a number of different ways.

Provides overall clarity and transparency
At a high level, policy management software provides clarity about the policy review process in establishing who is responsible, when a regular review takes place, any approval workflow and so on. It also supports transparency which in turn drives accountability across policy owners, and makes a policy review more likely to take place.
Provide analytics and data
A policy management solution should give be able to give you some useful data that provides useful insight into your policy, such as views, attestation rates and more. This data could identify a need to make improvements. You should also be able to view any feedback from users about the policy, such as if particular areas are difficult to understand. Overall, your policy management solution should provide data to feed into your review.
Trigger reminders to policy owners
A policy management solution like Xoralia automates elements of policy management. One of the most useful is sending a notification reminder to a policy owner that a regular annual or six-monthly review is due. This consistently proves highly effective as it is very easy for busy policy owners to miss a review date.
Workflow for review
Xoralia can also help you with the associated approval workflow when reviewing the policy so only the right people are actually signing it off. Xoralia also keeps an audit trail of the changes and the workflow.
Manage version control
Having multiple versions of a policy in circulation causes confusion and presents a risk of the latest policy not being followed.  It also undermines user trust, as nobody quite know if the policy they are referring to is the latest one. A solution like Xoralia has robust version control built in so only the latest version can be accessed within a central policy library.
Communicate the change
Xoralia is excellent for communicating the change relating to a policy, providing a personalised view where an employee can see any new policies added that require their attention.  Mandatory reads and employee attestation features can also ensure that the revised policy is read.  An integration with Microsoft Teams also means that employees won’t miss a relevant communication or mandatory read.
Ensure compliance
Reporting on employee attestation means you can manage any associated compliance around a reviewed policy, for example demonstrating to a regulator or third-party certification body that the majority of your employees have confirmed they have read and understood a reviewed policy.

The power of policy and procedure reviews

Reviewing your policies and procedures is essential for keeping everything up to date, minimising risk, supporting better processes and ensuring everyone can find the right policy at the point of need.  When reviewing your polices, it’s critical to follow the right steps. Here, a solution like Xoralia can help do some the heavy lifting, streamlining the review process and making it far more straightforward.  If you want to see how Xoralia can help, why not arrange a free demo?

The story behind Xoralia

Xoralia was built by the team at Content Formula, an intranet and digital workplace consultancy that has built SharePoint intranets for some of the world’s most famous companies. Now, most companies want their policies and procedures on the intranet but they don’t just want to store them there, they also want tools to help better manage them.  Over the years we came across just about every single requirement for a policy management system. As this article above explains, there are gaps in SharePoint and so we never built what in our mind was the perfect policy management system.

However, one of our clients challenged us to build something for them that filled all the gaps but still used SharePoint at the back end. We had a great relationship with them and agreed to share the budget to do this, provided we could then market the solution to others. That was in 2019. We’re now on version 3 of Xoralia and the product has grown and evolved a lot.

3 benefits you can expect from Xoralia

Make it easy to find policies

Centralised policy library with powerful search and filtering

Reduce administrative burden

Automations and notifications so that all policy tasks are carried out on time

Demonstrate compliance and best practice

Sophisticated tracking and dashboards to drive and measure compliance.

And lots more!

Testimonials

Xoralia drives user engagement and compliance...

"The platform's user attestation functionality has been particularly impactful, leading to a remarkable increase from ~50% to 86% in user attestation within a matter of weeks."

Rian Stuart, IT Manager, Twinstream

★★★★★

...simplifies our policy management...

"It not only simplifies our policy management, but also enhances our overall compliance posture and has proven to be a significant time-saver for our organization."

Nadja Friedrichs, Vice President of HR, Boyum IT

★★★★★

...single source of truth and access for employees...

"We successfully rolled out the tool with a minimal internal learning curve and achieved a 97% read / acknowledgement rate on our first assigned policy."

★★★★★

How to get started with Xoralia

Step 1: request a demo

Fill out our form and we will be in touch to arrange a time. You can even book a time yourself.

Step 2: get a price proposal

If you think Xoralia is for you ask us for a quote. This will set out any options you may have.

Step 3: install and launch

We’ll install Xoralia in your environment (or you can do it yourself). We’ll provide training and support to get you up and running quickly.

Here's what you'll get

And last but not least:

Ready to get started?

How policy management software can help

We think the best place to store your policies is inside SharePoint. Most companies already have SharePoint as part of their Microsoft 365 subscription. Using SharePoint means you have full control of your policies, and many best practices can be achieved right out of the box. However, there are gaps and certain best practices are hard to achieve.

To fill these gaps, and for best results we recommend using purpose-built policy management software for SharePoint and Microsoft 365.

We’ve developed a dedicated solution called Xoralia (pronounced Zor-ra-lee-a) that will ensure you have the best overall approach to policy management, supporting your users, policy owners and administrators.

We learned all about policy management from many years of building custom solutions for our clients on SharePoint. But we kept coming up against the same challenges, mostly caused by feature gaps in SharePoint. One day, a client asked us to build a policy management tool that filled these gaps. The trouble was, they didn’t have a lot of budget. But we had a good relationship with them and so we decided to collaborate on it provided we got to keep the code. Looking back, it was a pretty simple tool but over the years we have added more features and relaunched it. We’re now on version 3 and our original customer is still using it!

How policy management software can help

We think the best place to store your policies is inside SharePoint. Most companies already have SharePoint as part of their Microsoft 365 subscription. Using SharePoint means you have full control of your policies, and many best practices can be achieved right out of the box. However, there are gaps and certain best practices are hard to achieve.

To fill these gaps, and for best results we recommend using purpose-built policy management software for SharePoint and Microsoft 365.

We’ve developed a dedicated solution called Xoralia (pronounced Zor-ra-lee-a) that will ensure you have the best overall approach to policy management, supporting your users, policy owners and administrators.

We learned all about policy management from many years of building custom solutions for our clients on SharePoint. But we kept coming up against the same challenges, mostly caused by feature gaps in SharePoint. One day, a client asked us to build a policy management tool that filled these gaps. The trouble was, they didn’t have a lot of budget. But we had a good relationship with them and so we decided to collaborate on it provided we got to keep the code. Looking back, it was a pretty simple tool but over the years we have added more features and relaunched it. We’re now on version 3 and our original customer is still using it!

3 benefits you can expect from Xoralia

Make it easy to find policies

Centralised policy library with powerful search and filtering

Reduce administrative burden

Automations and notifications so that all policy tasks are carried out on time

Demonstrate compliance and best practice

Sophisticated tracking and dashboards to drive and measure compliance.

And lots more!

Testimonials

Xoralia drives user engagement and compliance...

"The platform's user attestation functionality has been particularly impactful, leading to a remarkable increase from ~50% to 86% in user attestation within a matter of weeks."

Rian Stuart, IT Manager, Twinstream

★★★★★

...simplifies our policy management...

"It not only simplifies our policy management, but also enhances our overall compliance posture and has proven to be a significant time-saver for our organization."

Nadja Friedrichs, Vice President of HR, Boyum IT

★★★★★

...single source of truth and access for employees...

"We successfully rolled out the tool with a minimal internal learning curve and achieved a 97% read / acknowledgement rate on our first assigned policy."

★★★★★

How to get started with Xoralia

Step 1: request a demo

Fill out our form and we will be in touch to arrange a time. You can even book a time yourself.

Step 2: get a price proposal

If you think Xoralia is for you ask us for a quote. This will set out any options you may have.

Step 3: install and launch

We’ll install Xoralia in your environment (or you can do it yourself). We’ll provide training and support to get you up and running quickly.

Here's what you'll get

And last but not least:

Ready to get started?

How to write a policy and procedure

Blog

Policies and procedures detail required actions, support decision-making and provide clear guidance for employees. They are essential for minimising risk, ensuring smooth operations, safeguarding employees and customers, supporting compliance and more. Therefore, the wording of a company policy and the way it is written are very important and need to be carefully considered.

We’re sometimes asked how to write a policy and procedure. There’s no absolute standard or definitive process. However, there are several steps that you can follow and some elements to include that will help you to write a policy and procedure.

In this post we’re going to explore exactly how to write a policy and procedure. You can use this a starting point or a checklist the next time you have to draft a new company policy.

How to write a policy and procedure

Most of the time writing company policies involves updating old ones. However, from time to time you might need to write a new company policy from scratch. If a policy is very old and needs replacing but it might actually be easier to write is as new.

Below we detail nine essential steps in writing a new company policy and procedure.

1. Identify the need for a company policy and procedure

The starting point for writing a policy and procedure is to actually identify the need for one. Nobody writes policies and procedures for fun, so you want to make sure there is a genuine requirement.

The need for a particular policy or procedure is usually obvious and most organisations will likely have something already in place such as Health & Safety policy or an Expenses policy. These also might include procedural steps or guidelines, which might be included in the policy or as a separate procedure.

Occasionally, you may identify a need for a new policy or procedure, or the refreshing of an existing document. Typical reasons for the need for a new policy include:

  • New regulatory, compliance or risk requirements.
  • The introduction of a new IT system or application.
  • A key change to operational procedures.
  • A reflection of a new strategic initiative or direction.
  • Attempts to standardise or improve particular processes.
  • Areas where there is confusion among employees.
  • A general initiative to tighten up policies or fill obvious gaps.
  • And more!

2. Decide on the owner and associated roles for your policy

After identifying a need it’s important to identify and agree the people who need to be involved in the policy, namely:

  • the ultimate owner and responsible for the policy
  • who Is going to write the policy
  • who is going to review the policy
  • who is going to approve the policy
  • who needs to be informed about the policy during its creation
  • who needs to be informed about the policy after it is created
  • who is going to update the policy going forward.

Sorting out all these roles upfront will help to ensure you get in the input you need to finalise the policy and avoid issues further down the line. Using a RACI matrix (Responsible, Accountable, Consulted, Informed) can also be a good way to think about all the people who need to be involved.

3. Do any initial discovery to inform the company policy or procedure

Before the writing phase, you may need to do some research and discovery to gather information to help you write the policy or procedure. This might involve:

  • Reviewing existing documentation including strategy documents, user guides and other policies.
  • Speaking to subject matter experts and other relevant stakeholders.
  • Speaking to users, for example by running a focus group or workshop, or conducting interviews.
  • Reviewing any other data that you have within the organisation.
  • Reviewing other policies that might be available as a reference point.

4. Decide on the format and confirm the review and approval process

Before you can start to write your policy, confirm the format of the policy – likely to be a document – but also the review and approval process for its creation. Confirm the approval workflow and the related reviewers and make sure everybody involved is clear about their role. If you’re using an advanced policy management solution like Xoralia you can load the workflow into the tool to automate some of the review process.

5. Use a policy template

Finally, you can start writing your policy and procedure.  It really helps if you have a model policy and procedure for users to use. Typically, this might include a number of different elements:

  • Version, date, people involved and who to contact: Background information on the policy that also helps to identify the policy as “official”.
  • Scope and purpose of the policy: What the policy covers – and sometimes also what it doesn’t cover too and the high-level reason why it is required.
  • Problem statement: Not every policy requires a problem statement, but sometimes it is necessary to illustrate a problem that the policy helps to resolve, and give any related background information.
  • Details of the policy: Adding the actual details of the policy and the related procedural steps will likely be the most substantial part of your policy document.
  • Any related guidelines: You may have some sections that are more guidelines about how to apply the policy, for example for different groups or in different scenarios.
  • Conduct and consequences: If applicable, outline the consequences for people who choose not to follow or ignore the policy.
  • References to related policies: Make sure you include reference to any related policies that employees may also need to refer to.
  • Diagrams or images: Consider adding diagrams or images if they help employees to understand or use the policy – for example using a decision tree.

6. Carry out review and approval process

Once you’ve created the document it’s time to carry out the review and approval process involving the people identified in the second step. Here you can use policy management software like Xoralia to help drive the necessary approval workflows, meaning you can also record an audit trail for the review and approval process. This will then also be set up for subsequent reviews and updates for the policy and tends to reduce the to-ing and fro-ing that can be associated with getting a new policy over the line.

7. Create additional guidelines and assets to support employees

Policies can be quite dry and lengthy, and sometimes are not always easy to read, particularly if they contain legal language. Policies always need to be usable and accessible if you want them to be acted upon!

Sometimes it’s worth creating any additional assets, guidelines and cheat sheets in plain English to help increase policy adoption. Sometimes these assets might be targeted to different groups or use cases, and also link back to the full policy document that they reference and summarise.

8. Make it available and set review dates

A completed policy now needs to be made available for everybody to view. Using Xoralia you can add it to a central policy library, adding custom metadata to make it more findable. You can also set up the next review date and trigger notifications to the necessary people to help keep it up to date.

9. Add mandatory reads and employee attestation if necessary

Depending on the policy and your compliance requirements, you may need to make it mandatory to read and add an employee attestation that they have read and understood the policy. Realistically, you will need a policy management solution like Xoralia that can automate this process and track success.

Making policy management easier for everyone

Ww know that writing policies and procedures isn’t always straightforward, although following many of the steps we’ve outlined in this article will help. Multiple aspects of policy management also be really challenging. It’s one of the reasons that we built the Xoralia policy management solution to help with some of the heavy lifting.

 As Content Formula, a leading intranet and digital workplace consultancy, we spoke to many organisations who needed better ways to manage and distribute their policies. They wanted to leverage the power of SharePoint and integrate policy management into their Microsoft 365-powered digital workplace.

Eventually we built Xoralia, a comprehensive policy management solution that it’s now on its third major release and continues to evolve. For example, we’ve recently added approval workflow features to help teams actually write their policies and procedures.  

And we’re still on a mission to make policy management easier for everyone – helping employees to carry out their roles, supporting managers to make better decisions and enabling organisations to navigate the complexities around risk and compliance.

The story behind Xoralia

Xoralia was built by the team at Content Formula, an intranet and digital workplace consultancy that has built SharePoint intranets for some of the world’s most famous companies. Now, most companies want their policies and procedures on the intranet but they don’t just want to store them there, they also want tools to help better manage them.  Over the years we came across just about every single requirement for a policy management system. As this article above explains, there are gaps in SharePoint and so we never built what in our mind was the perfect policy management system.

However, one of our clients challenged us to build something for them that filled all the gaps but still used SharePoint at the back end. We had a great relationship with them and agreed to share the budget to do this, provided we could then market the solution to others. That was in 2019. We’re now on version 3 of Xoralia and the product has grown and evolved a lot.

How policy management software can help

We think the best place to store your policies is inside SharePoint. Most companies already have SharePoint as part of their Microsoft 365 subscription. Using SharePoint means you have full control of your policies, and many best practices can be achieved right out of the box. However, there are gaps and certain best practices are hard to achieve.

To fill these gaps, and for best results we recommend using purpose-built policy management software for SharePoint and Microsoft 365.

We’ve developed a dedicated solution called Xoralia (pronounced Zor-ra-lee-a) that will ensure you have the best overall approach to policy management, supporting your users, policy owners and administrators.

We learned all about policy management from many years of building custom solutions for our clients on SharePoint. But we kept coming up against the same challenges, mostly caused by feature gaps in SharePoint. One day, a client asked us to build a policy management tool that filled these gaps. The trouble was, they didn’t have a lot of budget. But we had a good relationship with them and so we decided to collaborate on it provided we got to keep the code. Looking back, it was a pretty simple tool but over the years we have added more features and relaunched it. We’re now on version 3 and our original customer is still using it!

3 benefits you can expect from Xoralia

Make it easy to find policies

Centralised policy library with powerful search and filtering

Reduce administrative burden

Automations and notifications so that all policy tasks are carried out on time

Demonstrate compliance and best practice

Sophisticated tracking and dashboards to drive and measure compliance.

And lots more!

Testimonials

Xoralia drives user engagement and compliance...

"The platform's user attestation functionality has been particularly impactful, leading to a remarkable increase from ~50% to 86% in user attestation within a matter of weeks."

Rian Stuart, IT Manager, Twinstream

★★★★★

...simplifies our policy management...

"It not only simplifies our policy management, but also enhances our overall compliance posture and has proven to be a significant time-saver for our organization."

Nadja Friedrichs, Vice President of HR, Boyum IT

★★★★★

...single source of truth and access for employees...

"We successfully rolled out the tool with a minimal internal learning curve and achieved a 97% read / acknowledgement rate on our first assigned policy."

★★★★★

How to get started with Xoralia

Step 1: request a demo

Fill out our form and we will be in touch to arrange a time. You can even book a time yourself.

Step 2: get a price proposal

If you think Xoralia is for you ask us for a quote. This will set out any options you may have.

Step 3: install and launch

We’ll install Xoralia in your environment (or you can do it yourself). We’ll provide training and support to get you up and running quickly.

Here's what you'll get

And last but not least:

Ready to get started?

Using SharePoint for policy and procedure management

Blog

A robust and comprehensive set of policies and procedures play an important role in meeting organisational compliance and minimising risk. However, with continuously evolving laws and regulations, it can often be difficult for policy managers to keep track of multiple document lifecycles and ensure that all employees have been provided with the correct and most up-to-date information in order to do their job and to ensure organisational compliance

Organisations often require an effective policy and procedure management solution that will enable policy managers and administrators to quickly distribute policies to employees, easily obtain attestation and collaborate on policy updates.

Most companies already use Microsoft 365 or certain components of it to fulfill their business processes, but a product that is commonly utilised by organisations for policy document management is Microsoft SharePoint.

Leveraging SharePoint for policy and procedure management offers a robust solution for organizations looking to streamline their document management processes. SharePoint provides a centralized platform for creating, storing, and sharing policies and procedures, ensuring that employees have easy access to the most current documents. With features like version control, workflows, and permissions management, SharePoint helps maintain compliance, enhance collaboration, and improve operational efficiency.

What is Microsoft SharePoint?

Microsoft SharePoint is a website-based collaboration platform that provides an environment for people inside and outside of an organisation to work together. At it’s core, SharePoint can be described as a document management and storage system, that allows the accessing and sharing of information within one centralised location. It also enables organisations to automate their key workflow processes across multiple business areas.

Why SharePoint is ideal for policy and procedure management?

Many organisations now have a digital workplace based on Microsoft 365, using SharePoint Online as the basis for their intranet and document collaboration. This is great news for effective policy management because SharePoint is an ideal base technology for successful policy management.

The key component of SharePoint is it’s document management capabilities. It encompasses a wide variety of functionalities and features that are ideal for managing the lifecycle of controlled documents in an robust and process-driven way, from the creation and dissemination of new policies, through to policy review.

Combined with the other tools available in Microsoft 365, SharePoint offers an advanced and comprehensive policy management solution that will suit organisations of all sizes.

Key reasons to use SharePoint for policy and procedure management

You probably already have SharePoint

Many organisations already have SharePoint bundled with their Office 365 or Microsoft 365 licensing, making it a readily available platform for policy management. Microsoft’s continuous improvements have enhanced SharePoint’s ease of use and speed, making it a familiar tool for document management. Documents can be easily shared, collaborated on, and version control is effective, ensuring a single source of truth—critical for managing policies. Leveraging SharePoint for policy management means your users are already familiar with the system, and it is fully secured and backed up by Microsoft, providing peace of mind.

You can introduce automation and track the policy lifecycle

Lifecycle management is key to successful policy management. SharePoint integrates seamlessly with Power Automate, allowing you to automate workflows and processes around the policy content lifecycle. Create clear ownership, notifications, and workflows to ensure policies are kept up to date and provide views that show admins the status of policies.

Audit trails and version control ensure compliance

SharePoint provides a complete audit trail of changes made to policies and procedures, offering transparency and accountability. You can track updates across versions, showing when and who made changes, which is crucial for compliance and external auditing purposes.

It provides easy access for all employees

Centralised access to policies is crucial. With most organisations using SharePoint for their intranet, project sites, or communication sites, integrating a policy document library into existing channels is quick and easy. This ensures employees can easily access necessary documents, whether through the intranet or Microsoft Teams, which is increasingly central to workplace communication.

You can leverage Microsoft search

Using Microsoft search ensures policies are easily discoverable, helping employees find necessary documents through intranet search functionality. With CoPilot, Microsoft’s AI offering, it’s possible to include policy knowledge and content in AI outputs, further enhancing findability.

You can track usage

SharePoint allows tracking of policy usage, including views and updates. Integration with Active Directory and Power BI enables real-time reporting, supporting effective policy management. Critical data such as mandatory document reads can be tracked, ensuring compliance.

You can target policies

You can integrate with Azure Active Directory and the 365 groups that have been set up to help target policies to the right groups, such as new hires or a function like engineering or sales staff. You can also ensure people access the right policy based on their profile so people in Brazil see a different HR policy to those in France, for example.

What is SharePoint missing?

Although SharePoint is a highly flexible platform that offers many great features for document management, there are some important areas that it doesn’t cover. This means you’ll likely need either some custom development or advanced configuration to make SharePoint into a full policy and procedure management solution.

There are two options you could use to achieve this.

  1. Build functionality using Microsoft’s rich toolset, using tools like Power Automate, Power BI and some clever code. This is not an easy task by an stretch of the imagination, but you’ll have fun along the way and learn a whole lot!
  2. Another way is use to Xoralia policy management software. Xoralia has been built for sharePoint and enables you keep all your policies inside SharePoint and leverage the good stuff like version control, workflows etc, whilst filling the gaps in functionality that SharePoint doesn’t provide.

What gaps does Xoralia policy and procedure management software fill?

Xoralia software is a full policy management solution that provides a comprehensive set of features and functionalities designed to fill the gaps in SharePoint and to provide the sophistication that a robust policy management regime demands. Xoralia policy management software includes:

A central policy library

Xoralia acts as a central policy and procedure library that can be reached via a SharePoint-based intranet or via a SharePoint site. When accessing Xoralia, users are presented with an attractive and intuitive interface that has been designed to help employees find the policy documents they are looking for.

Each policy is listed with details including the title, the owner, the document format, the date it was last updated and any related instructions, such as whether it must be read. These instructions are personalised to the user. A handy summary at the top of the page also lets a user see the number of policies that they have to read.

Auditability

Organisations may need to demonstrate to regulators or other external bodies that they have robust processes in place to manage their policies and that all employees have read policies that are considered to be mandatory. Xoralia leverages the power of SharePoint to provide a complete audit trail of document changes, and also shows clear review policies in place with the ability to track these.

Xoralia can help ensure employees are carrying out mandatory reads. If a policy is mandatory to read, an employee can access the document within the app and confirm attestation once it has been read. It’s built-in report then shows policy owners and admins the percentage of those who have read the policy.

Automated notifications

Notifications ensure that policy owners are reminded to review the policies they own. Xoralia also has a simple dashboard that displays when a policy is due for review or has expired.

Reports for mandatory reads and more

Xoralia comes with powerful tracking and reporting tools. It shows policy owners the percentage of users that have read a policy, whilst administrators can access a more detailed report showing the status of all mandatory reads as well as other information relating to document status.

These reports can help teams to prepare for audits, and help policy managers see when interventions may be necessary.

Strong search facility

It is important for employees to be able to find the right policy quickly and effortlessly. Xoralia includes a strong search facility whereby an employee can enter keywords to find the policy they are looking for. Additionally, employees can filter by different categories including mandatory and non-mandatory reads, the department that owns the policy (IT, HR, Legal etc.) as well as custom tags .

Easy installation and deployment

Xoralia is quick and easy to implement. Because Xoralia can be applied to an existing SharePoint library it means you can easily convert an existing policy library to Xoralia. It can also be deployed from within any SharePoint intranet or other SharePoint site.

The story behind Xoralia

Xoralia was built by the team at Content Formula, an intranet and digital workplace consultancy that has built SharePoint intranets for some of the world’s most famous companies. Now, most companies want their policies and procedures on the intranet but they don’t just want to store them there, they also want tools to help better manage them.  Over the years we came across just about every single requirement for a policy management system. As this article above explains, there are gaps in SharePoint and so we never built what in our mind was the perfect policy management system.

However, one of our clients challenged us to build something for them that filled all the gaps but still used SharePoint at the back end. We had a great relationship with them and agreed to share the budget to do this, provided we could then market the solution to others. That was in 2019. We’re now on version 3 of Xoralia and the product has grown and evolved a lot.

3 benefits you can expect from Xoralia

Make it easy to find policies

Centralised policy library with powerful search and filtering

Reduce administrative burden

Automations and notifications so that all policy tasks are carried out on time

Demonstrate compliance and best practice

Sophisticated tracking and dashboards to drive and measure compliance.

And lots more!

Testimonials

Xoralia drives user engagement and compliance...

"The platform's user attestation functionality has been particularly impactful, leading to a remarkable increase from ~50% to 86% in user attestation within a matter of weeks."

Rian Stuart, IT Manager, Twinstream

★★★★★

...simplifies our policy management...

"It not only simplifies our policy management, but also enhances our overall compliance posture and has proven to be a significant time-saver for our organization."

Nadja Friedrichs, Vice President of HR, Boyum IT

★★★★★

...single source of truth and access for employees...

"We successfully rolled out the tool with a minimal internal learning curve and achieved a 97% read / acknowledgement rate on our first assigned policy."

★★★★★

How to get started with Xoralia

Step 1: request a demo

Fill out our form and we will be in touch to arrange a time. You can even book a time yourself.

Step 2: get a price proposal

If you think Xoralia is for you ask us for a quote. This will set out any options you may have.

Step 3: install and launch

We’ll install Xoralia in your environment (or you can do it yourself). We’ll provide training and support to get you up and running quickly.

Here's what you'll get

And last but not least:

Ready to get started?

Gama Aviation boosts regulatory compliance with Xoralia

Gama Aviation boosts regulatory compliance with Xoralia


Gama Aviation provides global business aviation services and support to individuals, corporations and government agencies. Sectors covered include private jets and air ambulances.

Gama has highly complex global operations in a heavily regulated industry where compliance is king.

It is critical that Gama’s 1300 or so employees have real-time access to policies and procedures on areas such as safety, flight procedures and technical matters, as well as HR, IT and other employee services. Some policies are also country specific.

Previously policies were kept in multiple repositories and managed by many different business functions. It was far from straightforward to find the right policy.

Stakeholders also had no easy way to distribute new policies or let employees know about changes. This made it difficult for the company to fully demonstrate compliance around policy management to regulators.

A central policy library integrated into the SharePoint intranet

When Gama Aviation introduced a Microsoft 365 digital workplace the team seized the opportunity to find a comprehensive policy management solution.

The company had introduced a new SharePoint intranet and saw it as the ideal place for employees to access policies and procedures, all in one, single area.

Any policy management solution had to not only integrate with SharePoint, but also meet Gama Aviation’s complex compliance and reporting requirements.

Ticking the right boxes

After reviewing various products, the team settled on Xoralia as the perfect policy management solution, integrating seamlessly with SharePoint but also ticking the boxes around compliance with features such as employee attestation.

The team had also had an existing successful working relationship with Content Formula, having already delivered their new SharePoint intranet.

Policies that are easily findable and all in one place

Today Gama Aviation employees have one convenient, central repository for all their policies, proving easy, real-time access through the intranet.

At last employees can effortlessly find the latest version of a policy through search or by browsing, regardless of which business function, country or topic it covers.

Employee attestation features essential for compliance

In a regulated industry like aviation, it is essential that business functions can prove that policies are being read. Xoralia’s employee attestation features means that new hires must confirm that they have read and understood key policies.

Similarly, all employees must attest to some key policies each year. Xoralia’s granular reporting means it is possible to track progress and ensure all employees have successfully carried out the annual attestation process.

Helping busy policy owners

Gama Aviation also has a legal requirement to ensure that some policies are reviewed and signed off each year by the appropriate policy owners. Previously, some very busy owners found it hard to keep on top of this process.

Using a combination of Xoralia’s review workflow capabilities and in-built views, life is made easier for policy owners who know exactly when they need to review their policy and get automated reminders.

There is also a clear record of when policies are reviewed and approved, helping drive transparency and accountability.

A fit-for-purpose system that satisfies regulatory requirements

Overasll, Gama Aviation need to show the regulators at the Civil Aviation Authority (CAA) that they have a robust system in place around policy compliance. By introducing Xoralia, Gama Aviation has been able to demonstrate their approach to policy management is fit-for-purpose.

Additionally, Xoralia’s reporting and auditing features prove each year that employees are reading polices while owners are also reviewing their policies appropriately.

Policies available anytime, anywhere…even from the air

Xoralia is optimised for mobile devices. Many of Gama Aviation’s employees don’t sit at a desk, but can access Xoralia wherever they are, either via the Microsoft SharePoint mobile app or the Microsoft Teams app.

Flight crew can also access policies as part of the “electronic flight bag” – a solution that uses an iPad, meaning that Xoralia can even be accessed from the air.

A solution that keeps evolving and improving

As Gama Aviation’s needs evolve. Xoralia has also continued to improve with new features and enhancements across each release.

Book a live demo

Find out more about Xoralia policy management software

During the demo, we'll walk you through Xoralia’s various features and functionality, providing plenty of time for you to ask our experts questions along the way.

Book a demo

What is policy management software?

Blog

Policy management software is a solution designed to streamline the creation, distribution, and management of organizational policies and procedures. This software provides tools for document creation, automated workflows, compliance tracking, and reporting. By centralizing policy management, organizations can ensure that all employees have access to the most up-to-date documents, reduce the risk of non-compliance, and improve overall efficiency. Regular updates and training facilitated by the software help maintain a culture of continuous improvement and adherence to best practices.

In this article, we’re going to take a deep dive into the world of policy management software, looking at why policy management is important, the challenges it throws up, how software can help overcome these challenges and the critical features that can help achieve success.

Why is policy management important?

Policy management is critical. Your employees need easy access to the right policies, procedures and forms so they have the correct information to carry out tasks, perform their roles and make the right decisions. When employees don’t follow the right policies, there are a number of potential risks. Similarly, staff involved in creating or updating policies need to follow robust processes to ensure the right people are consulted in drafting policy, and perhaps also to satisfy regulatory and audit requirements. Outcomes can range from minor to very serious, such as if somebody is not carrying out the right processes relating to health and safety. When policy management is not carried out properly, typical issues include:

  • Failing to be compliant to various regulations, opening an organisation up to regulatory or even legal action
  • Problems relating to brand and reputation, either with customers or the public
  • Inefficiency and lower productivity, caused when actions need to be corrected because people aren’t following the right processes
  • Employees being put at risk, with an organisation failing its basic duty of care for its people.
  • Damaged plant equipment as a result of an employee not knowing correct procedures for use.
  • An organization fails an audit and is fined or loses its licence to operate.

What are the challenges of policy management?

Policy management isn’t always easy. It might sound simple and straightforward, but there are always some associated challenges.

Achieving increasingly complex regulatory compliance

Regulated industries tend to have an increasing number of requirements to minimise risk. Organisations need to achieve complex regulatory compliance, and then demonstrate this compliance to the regulator, often by showing that all employees have read and understood a particular policy, or that policies have been regularly reviewed by the board. The practicalities of carrying this out can be challenging.

Managing documents with multiple versions and multiple stakeholders

Policy management is an ensemble effort. There are usually multiple functions that might manage policies and standard operating procedures, including HR, IT, Finance, Health & Safety, Quality, Legal and more. For each of these functions, there may be multiple policy documents of which there might be multiple versions circulating, especially if users are emailing policies and downloading them to their personal drives. Managing complex policies to effectively minimise risk is not easy.

Training new and existing staff on policies and SOPs

When a person joins a company, they are usually required to read a number of policy documents or standard operating procedures relating to professional conduct, use of IT services or learning safety procedures, for example. Additionally, policies will be updated or introduced from time to time, and it will be necessary for all employees to read these or be aware of the changes.

Let’s be honest – most policies aren’t exactly a riveting read, and when your employees are already maxed out, getting them to digest them can be challenging. Doing this when many of us are still working remotely is even harder.

Tracking employee attestation through policy reads

Even if you can get your employees to access a policy, how do you know they have actually read it, and how do you show a regulator or leader that they have agreed to adhere to it? Keeping track of who has attested to a policy and who needs to be chased is a hugely challenging task that can require a substantial administrative overhead without the right approach.

Keeping documents up to date

Policy owners are very busy, and it can be an effort to get them to keep documents up to date, especially when review and approval is required from multiple people.

policy management challenges

What is policy management software?

Policy management software is a system which helps policy owners and digital workplace teams effectively manage their content throughout its lifecycle, ensuring it is created properly, is up-to-date, accurate and effectively distributed to users. Policy management software covers things like authoring, managing, distribution and tracking, and will usually include features such as content workflow, review and approval controls, document versioning, robust access control, analytics and even search.

What are the benefits of policy management software?

Successful policy management software helps organisations resolve many of the challenges and pain points associated with policy management, delivering several headline benefits.

Minimise critical risks

Fundamentally, policy management software makes employees aware of the policies relevant to them. This minimises risks across many aspects of organisational life, from operating machinery safely to following the right GDPR protocols.

Achieve regulatory and legal compliance

Policy management software can help organisations achieve regulatory compliance by ensuring and demonstrating that employees have read policies and are following procedures accordingly. By following the right policies, you are also minimising the risk of falling foul of legal compliance issues. The good news is that data from policy management software shows that your organisation is doing what it can to enforce policies.

Streamline and automate policy management

As we’ve already established, policy management can involve a significant administrative effort. Organisations can rack up both time and cost in creating new policies, keeping them up to date and tracking readership. There is also the risk of data errors when things are done manually, with many tasks carried out over email and tracked in spreadsheets. Policy management software streamlines and automates aspects of policy management, removing the administrative burden, improving efficiency and reducing costs.

Support policy distribution and collaboration

The great thing about policy management software is that it supports the highly effective distribution of policy documentation, usually by keeping everything in a single central hub. This also supports effective policy collaboration, involving the multiple teams and support functions involved in policy management.

Help line managers keep their direct reports compliant

Line managers often play a crucial role in an organisation's compliance with its policies. They need to ensure their direct reports are reading and understanding policies. Policy management software gives line managers the dashboards they need to track which of their people haven't read policies that affect them and their jobs.

Document control to support trust

Policy management software will almost always incorporate document controls to ensure the right people are responsible for the right documents, and that the latest versions are being displayed. These controls help to drive employee trust in the fact that they are accessing the right policies. This is often refered to as the “single source of truth”.

What are the common features of policy management system?

Successful policy management system has a number of key features and functionality to look out for and consider when choosing software that will best suit your business needs. For more information, see our policy management software – buyers guide.

A central document library

At the heart of policy management software is a central document library that acts as an accessible repository of policy and procedural documents for users. The library might be divided into themes, or areas or owners. The document library will ideally have version control to ensure only the very latest versions of policies are displayed and usually the ability to restrict views to certain documents for different groups of users if necessary.

Powerful search and other findability features

Policy management software should have findability tools to help users find the policies they need including a search and configurable tags for different categories of policy to either refine searches or to browse through policies.

Policy authoring workflows

Policy management software should offer tools that help organisations properly govern the creation of new policies and the regular updating of existing ones. Policy owners and other stakeholders involved in these policy authoring processes need to receive notifications and reminders to help them carry out tasks on time. Workflows should automate the various steps of a workflow, including drafting, reviews, approvals and publishing. Furthermore, everything should be recorded and archived for audit purposes.

Mandatory reads and attestation features

Policy management software should also have features that allow organisations to track the mandatory reads of different policies and establish attestation across targeted groups of employees. Ideally, it should work with existing user groups already used for targeting content and communications within an organisation.

Dashboards, reporting and audit trail

Robust reporting is a key feature of policy management software because organisations need assurances that policy management processes are being observed. Reporting and dashboards should cover all aspects of the policy lifecycle from policy creation through to policy distribution. Different stakeholders need different dashboards. Senior managers and compliance managers need a helicopter view with the ability to zoom into issues. Line managers need to see that their direct reports are compliant. Policy owners need to see that stakeholders are carrying out their tasks in the authoring and updating processes. Some organisations need custom dashboards and a good solution will enable these.

Personalisation

A policy management tool should offer personalisation so that an individual user can see policies (including mandatory reads) relevant to that person, based on their individual profile. There should also be personalised views for policy owners and admins to help manage their policies.

Notifications

Policy management software should also include notifications to help drive adoption and nudge behaviours, both for users involved in employee attestation but policy owners too who need to review the policies they are responsible for.

Strong usability

A good policy management software will be intuitive and easy to use. Employees of all types need to find policies quickly and easily – for example, frontline workers who might not have frequent access to computers in their workplace want simple and quick interfaces with minimal distractions. Policy owners and other stakeholders need software that simplifies and streamlines often complex and cumbersome policy governance processes.

Single Sign-On

A good policy management tool removes barriers to access. Single Sign-On is a must.

What are the features of Xoralia that help policy management?

Xoralia has a number of key features that support policy management. It includes all the common features that you would expect from a robust policy management solution (already detailed above) but also:

User-centric central policy library

Xoralia has a central policy library with all the features required such as version control, personalisation, security-trimming, configurable categories and labels, and a powerful search. The solution combines the full power of SharePoint with strong design to allow users to find the policies they need.

Mobile-ready

Xoralia is designed to provide a great experience on mobile, allowing employees who are on the go or on the frontline access to policies on their smartphone.

Seamless integration with SharePoint and Office 365

Because the base technology for Xoralia is SharePoint, it integrates perfectly with any Office 365 digital workplace, meaning:

  • It’s accessible through your SharePoint intranet
  • It integrates with Microsoft search
  • Policies can be recommended and discussed in Microsoft Teams
  • It can be used with existing SharePoint libraries
  • It can work with Power Automate workflows and Power BI dashboards.

Xoralia also comes with its own set of special web parts that can be deployed into a SharePoint site or across different parts of your intranet.

Automating recurring attestation tasks

Xoralia streamlines multiple policy attestations and acknowledgements. It makes it easy to target policies, onboard new employees and even handles recurring attestations (e.g. the annual read of the health and safety policy). Gone are the days of using spreadsheets and emails to track attestations. Policy owners and compliance managers can simply set it and forget it.

Automating policy authoring workflows

As detailed above, Xoralia has been designed to streamline multiple aspects of policy administration and authoring, including creating new policies and updating existing ones. To do this, Xoralia has powerful, flexible and intuitive workflows. But for added flexibility, organisations can also create completely custom workflows inside Microsoft Power Automate or Nintex if required.

Actionable reporting and tracking

Xoralia provides robust reporting and tracking of employee attestations and authoring workflows to keep everything on track and completed on time. It’s also got dashboards and reporting for compliance managers that want a helicopter view of organisational compliance. Line managers also get dashboards to help them keep an eye on their direct reports attestations. Xoralia is focused on getting the job done and gaining 100% compliance.

Freemium version!

Xoralia is available in two flavours. Freemium and paid for. The free version gives you forever access to the full suite of features but restricts you to managing just one document with Xoralia’s powerful controls. It’s great for small companies or for bigger ones who simply want to give it a trial run.

An exciting product roadmap

Xoralia is constantly being improved and enhanced. At the time of writing (Jan 2024) planned features include:

  • Reporting and dashboarding enhancements
  • Custom workflow builder with workflow templates
  • Custom notifications
  • Collect attestations for SharePoint pages, not just documents
  • AI search
  • AI policy training
  • AI quiz creation
  • And more!

Easy set-up and installation

We’ve designed Xoralia to be installed easily and quickly. With the correct admin permissions, Xoralia can be set up in just a few minutes, whether it’s the freemium or the paid-for edition.

Get in touch!

If you’d like to discuss how you can improve your policy management with Xoralia, then get in touch for a chat and a demo.

Book a live demo

Find out more about Xoralia policy management software

During the demo, we'll walk you through Xoralia’s various features and functionality, providing plenty of time for you to ask our experts questions along the way.

Book a demo

Top 10 policy management best practices

Blog

Policy management across an organisation is not always straightforward and can actually be very challenging. There are often multiple business functions involved. There might be confusion about who needs to be doing what in keeping their policies up to date. And even if they do, there may not be an easy way for employees to access and find the policies they need. Overall, the approach to policy management is usually ad hoc and informal and inevitably things fall between the cracks.

Policies aren’t always the most interesting documents to keep up to date or to read. But they are essential in minimising risks, ensuring compliance, and empowering managers and employees to make decisions to enable smooth day-to-day operations. If policy management is broken in your organisation and is exposing you to risks, then it’s time to take some steps.

In this post we look at ten essential best practices that will result in better policy management and can be the start of a more successful approach to managing your policies.

1. Always ensure you have a single source of truth for policies

A perennial problem with policy management is that there is more than one version of a policy circulating. Nobody knows which is the right version, and it is possible that employees will follow out of date guidance. Ultimately having multiple versions of policy documents in circulation not only increases risk but also means employees lose trust in policies and take them less seriously.

Always ensure that you have a single source of truth for your policies. Publish them in only one place and use robust versioning to ensure that when a policy is updated, the new version is the only one available to view. If possible, avoid emailing policies as people will then continue to refer to these without knowing if a policy has been superseded.

2. Establish crystal clear ownership around policies

One of the main reasons that policy management falls down is that there isn’t clarity around who owns a policy and is responsible for updating it. When there isn’t a named person then it policy updates can all too easily get forgotten, everyone assuming that it is someone else’s responsibility. This can even happen within a department; if the “HR department” is set as being the owner of a policy, then updating it can still get missed.

Successful policy management requires clear ownership of policies and what this means in terms of responsibilities. Every policy needs to have a named individual or individuals who own it, and further clarity about who should be updating it and when.

3. Write your policies so that they are clear and digestible

Policies are principally there to be followed, providing essential guidance for employees to support the right actions and decision-making. However, if a policy is written as a twenty-five-page document with very dense text and lots of legal jargon it is highly unlikely that people are going to get past the first couple of paragraphs.

Always write your policies so that they are clear and digestible, so they can actually be followed. Consider also tailoring a policy to different groups – for example translating it into a particular language or having a shorter version for frontline staff that can be more easily digested on a mobile phone.

We do understand that some policies are primarily created for legal and compliance purposes and do sometimes need to be written in legal style, but if this is the case, always create additional guidance that is clear, so employees can easily follow what they need to do.

4. Leverage automation where you can

Managing policies can involve a lot of manual administrative work. For example, somebody might need to remind policy owners to update their policies and then monitor to see who has done it. They might have to track if new hires have read a particular policy as part of their onboarding process and then chase those up who haven’t.

In the past people have had to rely on using emails and spreadsheets, which is inefficient, time-consuming and generally a miserable experience. The administrative overhead involved also means that many organisations cut corners and the approach to policy management is ad hoc or simply doesn’t happen.

Many policy management software solutions have automated features that do much of the heavy lifting around administration, making life easier for policy teams and saving huge amounts of time. Using automation can make policy management much easier, helping remind and track both policy owners and employees on what they need to do.

5. Use employee attestation to support compliance

Policies play an important role in supporting compliance and minimising risk. Employees may be required to read particular policies as part of an onboarding process when they first join, or as an annual process. Sometimes policies are updated, and employees need to digest and understand the change. In some regulated industries it is also necessary to prove to an external body or auditor that there is a process in place to ensure that employees read policies in this way.

The only reliable way to achieve all of the above is through an employee attestation process. This works by an employee acknowledging that they have read and understood a policy, and then having reporting to track progress. This is best achieved through a policy management solution like Xoralia where much of the attestation process is automated and additional features such as personalisation, content targeting, notifications, granular reporting and even additional custom questions help to ensure success and high rates of compliance. The results can even be shown to external regulators and certification bodies.

6. Put in the right approval and review processes

Policies have to be watertight; they must be accurate and up to date. Putting in the right approval and review processes can help ensure this happens. New policies and substantial changes to existing policies should always be reviewed and approved by the necessary stakeholders. Having a regular, diarised review process in place – for example every six or twelve months – can also help ensure that a policy is to date.

Good policy management software should help with both these, using appropriate approval workflow as part of the content management process, as well as automated review dates and reminders for regular reviews.

7. Make your policies easily accessible and findable

Policies are largely pointless if users cannot easily find and access them, ideally at the point of need. Employees are simply not going to waste time on looking for policies that are difficult to locate – they need to be able to find them quickly, with minimal effort and on their preferred device.

The standard way to make policies easy to find is by creating a central policy library where employees can access policies.  Most policy management solutions will deliver this, but it doesn’t mean they can then easily find that they need.

With Xoralia we leveraged the powerful Microsoft Search so employees can find what they need through both a general search but also a dedicated policy search. There is also the ability for employees to filter using custom tags to define departments or themes using familiar language specific to your organisation. Because Xoralia is built on SharePoint it also means your policy library can be easily integrated into your SharePoint-based intranet or reached via Microsoft Teams, removing all barriers to access and findability.

8. Standardize naming and numbering

It really helps to standardise the naming and numbering conventions on your policies to drive consistency, so that everyone knows what the policy is, who it is aimed at and if it is the latest updated version. This is important when you have a different policy on the same topic for different locations; for example, there may be an expenses policy for the UK and one for Germany. Reflecting this in the title can help ensure that an employee is confident they have the right document. Having the right title is also key for findability, as this will be displayed in the search results.

9. Use personalization and notifications to communicate changes

One of the most challenging aspects of policy management is communicating changes to employees. It’s hard enough to get their attention for general updates, let alone about a change to a Health & Safety policy. Using elements such as personalisation and targeting, and sending meaningful notifications can make it easier to communicate changes.

For example, an employee might enter your policy library or even your intranet and see a personalised list of the policies they need to read or where there have been changes of note. They might also receive an email reminder of a policy that they need to have confirmed they have read by a certain date. Again, these are all good practices which powerful policy management solutions like Xoralia support.

10. Make life easy for your policy owners

Perhaps this is less of a best practice, and more a general point. Policy owners are usually very busy people with a lot of things on their plate. Making life easier for them by helping them keep their policies up to date will generate both goodwill and the necessary actions.

Using automated reminders, personalised views that display the list of upcoming policies to review, and reporting that shows policy views and mandatory read confirmations, will all help in the overall policy management process.

Following policy management best practices

Following best practices to support policy management is important. Policy management software like Xoralia can help do much of the heavy lifting to help you follow best practices such as establishing one source of truth for policies and making them easily findable and accessible.

Why not arrange a free demo of Xoralia to see how it can help improve policy management in your organisation?

Book a live demo

Find out more about Xoralia policy management software

During the demo, we'll walk you through Xoralia’s various features and functionality, providing plenty of time for you to ask our experts questions along the way.

Book a demo

7 reasons to use SharePoint for policy management

7 reasons to use SharePoint for policy management




Pushing out mandatory policies and tracking reads is perhaps the most requested feature in policy management. But before we get into that, let’s look at the other commonly requested features and examine how SharePoint (and Office 365) addresses these.

Having one source of truth for key policies, procedures, forms and other key organisational documents is important. Employees and managers need to regularly access information such as your staff handbook, IT usage policy, holiday request process, social media guideline or supplier due diligence checklist and more and be confident that these are accurate and up to date. In regulated industries such as financial services there can also be strict guidelines for interaction with customers or processes which must be followed to reduce risk.

Most organisations provide access to policies via their intranet but all too often these are:

  • Scattered across different department sites and are hard to find
  • Do not get updated with the very latest version
  • Simply do not get read, even if they are mandatory to read
  • Are not trusted by employees so they request a copy or rely on a version on their own file network or inbox, that may not be up to date.

Policy management is important. Not managing your policies and procedures carefully or making them easily available in one central place leads to risks for organisations and individual employees, as well as inefficiencies. Sometimes it can also be an requirement for industry regulators or other external third parties, and may even be the subject of an external audit.

Seven reasons why SharePoint policy management is the best approach

If your organisation is using Microsoft 365 or SharePoint on-premises, then it makes sense to leverage the power of SharePoint to help better manage your policy documents.

1. SharePoint is likely to be your existing and secure document management solution

If you use SharePoint or SharePoint Online, then that is likely to be at the root of how most people manage documents their documents and files in your organisation. Documents can be easily shared, collaborated on and there is also effective version control, meaning that you can avoid issues such as duplication and ensure there is one source of truth; this is a critical factor in manging your policies. Leveraging SharePoint for policy management also means that your existing users will be already familiar with the system in place used for managing documents. Of course, SharePoint will also be fully secure.

2. You can automate lifecycle management processes

Lifecycle management is absolutely key to successful policy management. For example, you need to make sure that policies have owners who regularly review the documents they are responsible for. SharePoint is excellent from this perspective and you can leverage its integration with Active Directory as well as Power Automate (Flow) to create clear ownership, notifications and workflow to ensure polices are kept up to date and also create views that show admins the status of policies.

3. You can get a complete audit trail

As well as lifecycle management you can also get a complete audit trail of updates to your document, showing when and by whom. This transparency is very important for minimising risks, underpinning accountability, and even for external auditing purposes.

4. You can easily provide access to all

It is critical to provide easy access to policies for your employees. As most organisations already use SharePoint for their intranet or for communication sites, it is easy to integrate a policy document library into the channels that employees already have access to.

5. You can integrate it into your search

Policies also need to be findable and discoverable. Again, most organisations are leaning in on SharePoint or Microsoft search options to allow employees to find what they need. Using SharePoint for policy management means that these documents will be included in your main search, perhaps through the intranet.

6. It can integrate with your wider Microsoft 365 ecosystem

If you are on Microsoft 365 you will likely be using a wide variety of different collaboration and communication tools such as Yammer, Microsoft Teams, Outlook and SharePoint team sites. The obvious integration between a SharePoint-based policy library and the rest of the Microsoft 365 platform means it’s easy to embed and share key policies from the library in the places where every day work happens.

7. You can track usage and get data

Using SharePoint for policy management means it is also possible to track usage and get data on different policies, for example numbers of views or when they were last updated. By leveraging integrations with Active Directory and PowerBI you can also start to create reports and track critical data such as whether a mandatory document is being read and by whom.

But what about mandatory policies and tracking reads? Introducing Xoralia Policies

Overall, using SharePoint for policy management is the way to go. Having deployed many policies libraries on SharePoint and intranets over the years, we decided to combine all our knowledge into an app which can help customers fast track to a secure, user-centric and robust policy management library.

Xoralia Policies is a brand-new app designed, developed, and managed by Content Formula. It provides organisations using Microsoft 365 and SharePoint Online a quick-to-deploy central policy library than can be accessed via a SharePoint-based intranet or SharePoint site. Xoralia Policies can also be installed by on-premises SharePoint customers.

The app is a simple but complete solution that provides:

  • Easy, central access to the latest version of organisational policy and procedure documents for all staff
  • Robust policy management with assigned content owners and regular reviews across different departments and functions
  • The ability to track the progress of mandatory reads for particular documents, as well as other useful analytics
  • All you need for auditing purposes.

Main features

1. An attractive, central policy library

Xoralia Policies acts as a central policy and procedure library that can be reached via a SharePoint-based intranet or via a SharePoint site, such as a communication site. When accessing Xoralia Policies users are presented with an attractive and intuitive interface that has been designed to help employees find that they need.

Each policy is listed with salient details including the title, the owner, the document format, the date it was last updated and any related instructions, such as whether it must be read. These instructions are personalised to the user. A handy summary at the top of the page also lets a user the number of policies that they have to read.

2. Complete auditability

Organisations may need to demonstrate to regulators or other external bodies that they both have robust processes in place to manage their policies but also that all employees have read policies that are considered to be mandatory. Xoralia Policies leverages the power of SharePoint to provide a complete audit trail of document changes, and also shows clear review policies in place with the ability to track these. This should satisfy both your own internal and external auditing requirements.

Xoralia Policies also has the ability to ensure employees are carrying out mandatory reads. If a policy is mandatory to read, employees can access the document within the app and then make a simple declaration confirming once it has been read. In-built analytics show policy owners and admins the percentage of those who have read the policy.

3. Robust policy management with automated notifications

At the heart of Xoralia Policies are robust policy management features to ensure that documents are kept up to date and your library remains the one source of truth for policies. Each policy has an identified owner and a defined regular review period.

Notifications ensure that owners are reminded to review the policies they own; Xoralia Policies also has a simple dashboard that shows a policy owner their policies that are due for review or have expired. Transparent ownership and review information displayed on each policy also encourages accountability.

4. Analytics for mandatory reads and more

Xoralia Policies also comes with powerful analytics. Xoralia Policies shows policy owners the percentage of users that have read a policy, while administrators can access a more detailed analytics dashboard showing the status of all mandatory reads as well as other salient analytics relating to document status, for example. There are options to use Power BI for more detailed and custom reporting.

These analytics can help teams to prepare for audits, making interventions where necessary, but also get a better understanding to building engagement with employees.

5. Strong findability

Findability is critical. Employees want to be able to find the right policy quickly and effortlessly. The app includes a strong search facility where an employee can enter keywords to find the policy they are looking for. Additionally, employees can filter by different categories including mandatory and non-mandatory reads, the function who owns the policy (IT, HR, Legal etc.) as well as custom tags defined by you.

6. Easy set-up and deployment

The app is quick and straightforward to implement. Because Xoralia Policies can be applied to an existing SharePoint library it means you can convert an existing policy library to the app. It can also be deployed from within any SharePoint intranet or other SharePoint site. Simplified Policies takes a few days to implement. Content Formula can handle the whole implementation or work in partnership with your IT function to deploy the app.

7. Options for customisation

If you have special requirements around managing and presenting your policies, there are options for customisation. Call us to discuss.

SharePoint is made for policy management

When it comes to managing your policies and ensuring your employees can find and access them, SharePoint is a strong option. If you’d like more information about using SharePoint for policy management or about Xoralia Policies, and would like a product demo then get in touch!

Book a live demo

Find out more about Xoralia policy management software

During the demo, we'll walk you through Xoralia’s various features and functionality, providing plenty of time for you to ask our experts questions along the way.

Book a demo

How policy acknowledgement reduces cyber risks

How policy acknowledgement reduces cyber risks and protects against cybercrime


Cybercrime is a continuing threat to every business, both large and small. It’s not going away any time soon, and arguably we’re on the cusp of a new wave of issues as generative AI presents new opportunities for cybercriminals.

The damage from cybercrime can be devastating for a business. Recovering from a ransomware attack can lead to everything from lost revenue from disrupted operations to a significant damage to reputation, which can be very serious if you handle customer data. Similarly, data breaches caused by hackers not only lead to reputational damage but also huge GDPR-related fines: for example, both British Airways and Marriott have both received GDPR-related fines of over 20 million Euros each.

Taking active measures to reduce the associated risks of cybercrime has never been more important. While there are some technical approaches that can help, much of the approach that businesses need to take to rests in driving awareness of cyber risks among employees and ensuring employees take the right actions. This is because so many cybercrimes happen due to employee actions with cybercriminals seeking to exploit vulnerabilities and trick them into giving up sensitive data, frequently using approaches such as phishing.

One tactic that makes a significant difference is ensuring that employees understand your cyber policies and procedures, detailing the do’s and don’ts that can help reduce risk. The only way to ensure that your employees are reading and digesting a policy is to get them to acknowledge they have read and understood a policy. Testing them with additional questions can also check that understanding is embedded.

In this post we’re going to explore the role that employee policy acknowledgement plays in reducing cybercrime and how automated policy management software can help.

The importance of having cybercrime policies

Policies and related procedures and guidelines are an important part of organisational life that help reduce risk, increase efficiency, ensure consistency, guide decision-making, set expectations around behaviour and more. Policies represent the “official” line around processes to follow, how to act in certain circumstances and also define what shouldn’t be done. 

Policies around cybercrime are particularly important – not only because of the severity of the risk – but also because employee actions are often a reason that cybercriminals succeed.  

Policies relating to cybercrime could cover topics such as:

  • Use of specific applications at work.
  • Use of unauthorised software for work purposes (shadow IT).
  • Use of laptops and mobile devices (device management).
  • Spotting phishing emails and similar scams
  • Sensible password management.
  • Using workplace technology at home.
  • Handling customer and employee data.
  • Reporting a suspected cybercrime.
  • What to do when there has been a cybercrime.
  • New and emerging threats.
  • And more!

Policies around cybercrime must reflected emerging threats

Another issue is that cybercrime is a fast-moving area. New threats are continually emerging. With generative AI, deep fakes are starting to become a threat, making it even easier for criminals to spoof communications, for example from a CEO. 

Emerging threats require additional vigilance, meaning policies will need to be updated accordingly. Employees will also then need be made aware of any policy updates, and it is imperative that this has been fully understood.

Challenges around achieving employee policy acknowledgement

Unfortunately getting employees to acknowledge they have read and understand a cyber-related policy or update to a policy is difficult, making it significantly harder to reduce the chance of a cyber attack.

Common challenges include:  

  • Employees are already overloaded with information, and even though they are important, policies aren’t always the most interesting documents to read, so it can be hard to get their attention.
  • Sometimes version control isn’t consistently applied so there can be multiple versions of cyber-policies in circulation, causing confusion and a lack of engagement.
  • There is no way to actually see if an employee has actually read a policy, with teams sometimes relying on email to send reminders, for example, and tracking everything on a spreadsheet, which is highly inefficient and prone to errors.
  • Updates in policies are very easy for employees o miss.

The role of automated policy management software in reducing cybercrime

Automated policy management software can help overcome many of the challenges around employee policy acknowledgement by facilitating the process, using automation to drive efficiency, and doing much of the heavy lifting. In this way it can help with efforts to reduce the risk and impact of cybercrime.

Let’s explore some of the features of a robust policy management solution like Xoralia.

  1. Supporting employee policy acknowledgement via attestation

Policy management software offers a straightforward way for employees to acknowledge mandatory policies. By providing easy access to a particular policy through a central hub, employees are asked to confirm they have read and understood a policy via an electronic confirmation or signature. This provides evidence and a digital record that they have done so. Reminders via email notifications can also be set.   

To make policy acknowledgement as easy as possible, the Xoralia solution is based on SharePoint, meaning policy acknowledgement is easily accessible to anyone within your organisation who has a Microsoft 365 account.  It also means policies can easily be found and accessed at any time.

  1. Using targeting for different roles

Different roles may have different exposure to particular cyber risks. For example, some customer-facing staff or staff who work remotely might have special considerations to make about how they handle client data or secure their home wi-fi, for example. A good policy management solution should be able to target particular groups to read particular policies. This will include new starters required to read cyber policies as part of their onboarding process.

With Xoralia, you can target the employee attestation process to different groups based on Microsoft Entra ID profiles, for example.

  1. Providing effortless access to the latest policies

Employees must only have access to the very latest, up-to-date policies. This is extra important with cyber-related policies as it is an area which is both fluid and fast-moving, and policies may be frequently updated. A policy management solution must have robust document versioning in place.

  1. Using quizzes to reinforce learning

Although employees will acknowledge that they have read and understood a policy, adding quiz questions about the policy can help ensure that understanding is reinforced and embedded. Not every policy management solution has additional quiz capabilities, but within Xoralia the “quiz builder” feature means you can create custom questions, set pass marks and more to ensure employees are familiar with critical cyber policies.

  1. Analytics and reporting

Good policy management software has comprehensive analytics and reporting on the employee attestation process, allowing teams to keep track of who has confirmed they have read a policy. Additional reminders or interventions can then be made, ensuring full compliance and creating high awareness of cyber risks.

Using employee policy acknowledgement to tackle cybercrime

Cybercriminals are continually trying to trick employees to give up their data. The more aware that your employees are of cybercrime and the things they can do to reduce the associated risks, the less likely criminals will succeed.

Having robust policies in place and an accompanying employee policy acknowledge process will make a significant difference – all made possible by policy management software like Xoralia. Why not book a free demo to see how Xoralia can help you reduce cyber risks?

Book a live demo

Find out more about Xoralia policy management software

During the demo, we'll walk you through Xoralia’s various features and functionality, providing plenty of time for you to ask our experts questions along the way.

Book a demo

We use cookies to give you the best experience on our site. By continuing to use our website, you are agreeing to our use of cookies. To find more about the cookies, please see our Cookie notice

You can also read about our Privacy policy

Contact Support

If you have a question about Xoralia software, please fill out the form below and a member of our support team will be in contact with you shortly.