How to write a policy and procedure

How to write a policy and procedure

Policies and procedures detail required actions, support decision-making and provide clear guidance for employees. They are essential for minimising risk, ensuring smooth operations, safeguarding employees and customers, supporting compliance and more. Therefore, the wording of a company policy and the way it is written are very important and need to be carefully considered.

We’re sometimes asked how to write a policy and procedure. There’s no absolute standard or definitive process. However, there are several steps that you can follow and some elements to include that will help you to write a policy and procedure.

In this post we’re going to explore exactly how to write a policy and procedure. You can use this a starting point or a checklist the next time you have to draft a new company policy.

How to write a policy and procedure

Most of the time writing company policies involves updating old ones. However, from time to time you might need to write a new company policy from scratch. If a policy is very old and needs replacing but it might actually be easier to write is as new.

Below we detail nine essential steps in writing a new company policy and procedure.

1. Identify the need for a company policy and procedure

The starting point for writing a policy and procedure is to actually identify the need for one. Nobody writes policies and procedures for fun, so you want to make sure there is a genuine requirement.

The need for a particular policy or procedure is usually obvious and most organisations will likely have something already in place such as Health & Safety policy or an Expenses policy. These also might include procedural steps or guidelines, which might be included in the policy or as a separate procedure.

Occasionally, you may identify a need for a new policy or procedure, or the refreshing of an existing document. Typical reasons for the need for a new policy include:

  • New regulatory, compliance or risk requirements.
  • The introduction of a new IT system or application.
  • A key change to operational procedures.
  • A reflection of a new strategic initiative or direction.
  • Attempts to standardise or improve particular processes.
  • Areas where there is confusion among employees.
  • A general initiative to tighten up policies or fill obvious gaps.
  • And more!

2. Decide on the owner and associated roles for your policy

After identifying a need it’s important to identify and agree the people who need to be involved in the policy, namely:

  • the ultimate owner and responsible for the policy
  • who Is going to write the policy
  • who is going to review the policy
  • who is going to approve the policy
  • who needs to be informed about the policy during its creation
  • who needs to be informed about the policy after it is created
  • who is going to update the policy going forward.

Sorting out all these roles upfront will help to ensure you get in the input you need to finalise the policy and avoid issues further down the line. Using a RACI matrix (Responsible, Accountable, Consulted, Informed) can also be a good way to think about all the people who need to be involved.

3. Do any initial discovery to inform the company policy or procedure

Before the writing phase, you may need to do some research and discovery to gather information to help you write the policy or procedure. This might involve:

  • Reviewing existing documentation including strategy documents, user guides and other policies.
  • Speaking to subject matter experts and other relevant stakeholders.
  • Speaking to users, for example by running a focus group or workshop, or conducting interviews.
  • Reviewing any other data that you have within the organisation.
  • Reviewing other policies that might be available as a reference point.

4. Decide on the format and confirm the review and approval process

Before you can start to write your policy, confirm the format of the policy – likely to be a document – but also the review and approval process for its creation. Confirm the approval workflow and the related reviewers and make sure everybody involved is clear about their role. If you’re using an advanced policy management solution like Xoralia you can load the workflow into the tool to automate some of the review process.

5. Use a policy template

Finally, you can start writing your policy and procedure.  It really helps if you have a model policy and procedure for users to use. Typically, this might include a number of different elements:

  • Version, date, people involved and who to contact: Background information on the policy that also helps to identify the policy as “official”.
  • Scope and purpose of the policy: What the policy covers – and sometimes also what it doesn’t cover too and the high-level reason why it is required.
  • Problem statement: Not every policy requires a problem statement, but sometimes it is necessary to illustrate a problem that the policy helps to resolve, and give any related background information.
  • Details of the policy: Adding the actual details of the policy and the related procedural steps will likely be the most substantial part of your policy document.
  • Any related guidelines: You may have some sections that are more guidelines about how to apply the policy, for example for different groups or in different scenarios.
  • Conduct and consequences: If applicable, outline the consequences for people who choose not to follow or ignore the policy.
  • References to related policies: Make sure you include reference to any related policies that employees may also need to refer to.
  • Diagrams or images: Consider adding diagrams or images if they help employees to understand or use the policy – for example using a decision tree.

6. Carry out review and approval process

Once you’ve created the document it’s time to carry out the review and approval process involving the people identified in the second step. Here you can use policy management software like Xoralia to help drive the necessary approval workflows, meaning you can also record an audit trail for the review and approval process. This will then also be set up for subsequent reviews and updates for the policy and tends to reduce the to-ing and fro-ing that can be associated with getting a new policy over the line.

7. Create additional guidelines and assets to support employees

Policies can be quite dry and lengthy, and sometimes are not always easy to read, particularly if they contain legal language. Policies always need to be usable and accessible if you want them to be acted upon!

Sometimes it’s worth creating any additional assets, guidelines and cheat sheets in plain English to help increase policy adoption. Sometimes these assets might be targeted to different groups or use cases, and also link back to the full policy document that they reference and summarise.

8. Make it available and set review dates

A completed policy now needs to be made available for everybody to view. Using Xoralia you can add it to a central policy library, adding custom metadata to make it more findable. You can also set up the next review date and trigger notifications to the necessary people to help keep it up to date.

9. Add mandatory reads and employee attestation if necessary

Depending on the policy and your compliance requirements, you may need to make it mandatory to read and add an employee attestation that they have read and understood the policy. Realistically, you will need a policy management solution like Xoralia that can automate this process and track success.

Making policy management easier for everyone

Ww know that writing policies and procedures isn’t always straightforward, although following many of the steps we’ve outlined in this article will help. Multiple aspects of policy management also be really challenging. It’s one of the reasons that we built the Xoralia policy management solution to help with some of the heavy lifting.

 As Content Formula, a leading intranet and digital workplace consultancy, we spoke to many organisations who needed better ways to manage and distribute their policies. They wanted to leverage the power of SharePoint and integrate policy management into their Microsoft 365-powered digital workplace.

Eventually we built Xoralia, a comprehensive policy management solution that it’s now on its third major release and continues to evolve. For example, we’ve recently added approval workflow features to help teams actually write their policies and procedures.  

And we’re still on a mission to make policy management easier for everyone – helping employees to carry out their roles, supporting managers to make better decisions and enabling organisations to navigate the complexities around risk and compliance.

The story behind Xoralia

Xoralia was built by the team at Content Formula, an intranet and digital workplace consultancy that has built SharePoint intranets for some of the world’s most famous companies. Now, most companies want their policies and procedures on the intranet but they don’t just want to store them there, they also want tools to help better manage them.  Over the years we came across just about every single requirement for a policy management system. As this article above explains, there are gaps in SharePoint and so we never built what in our mind was the perfect policy management system.

However, one of our clients challenged us to build something for them that filled all the gaps but still used SharePoint at the back end. We had a great relationship with them and agreed to share the budget to do this, provided we could then market the solution to others. That was in 2019. We’re now on version 3 of Xoralia and the product has grown and evolved a lot.

How policy management software can help

We think the best place to store your policies is inside SharePoint. Most companies already have SharePoint as part of their Microsoft 365 subscription. Using SharePoint means you have full control of your policies, and many best practices can be achieved right out of the box. However, there are gaps and certain best practices are hard to achieve.​

To fill these gaps, and for best results we recommend using purpose-built policy management software for SharePoint and Microsoft 365.​

We’ve developed a dedicated solution called Xoralia (pronounced Zor-ra-lee-a) that will ensure you have the best overall approach to policy management, supporting your users, policy owners and administrators.​

We learned all about policy management from many years of building custom solutions for our clients on SharePoint. But we kept coming up against the same challenges, mostly caused by feature gaps in SharePoint. One day, a client asked us to build a policy management tool that filled these gaps. The trouble was, they didn’t have a lot of budget. But we had a good relationship with them and so we decided to collaborate on it provided we got to keep the code. Looking back, it was a pretty simple tool but over the years we have added more features and relaunched it. We’re now on version 3 and our original customer is still using it!​

3 benefits you can expect from Xoralia​

Make it easy to find policies​

Centralised policy library with powerful search and filtering​

Reduce administrative burden​

Automations and notifications so that all policy tasks are carried out on time​

Demonstrate compliance and best practice​

Sophisticated tracking and dashboards to drive and measure compliance.​

And lots more!


Xoralia drives user engagement and compliance...

"The platform's user attestation functionality has been particularly impactful, leading to a remarkable increase from ~50% to 86% in user attestation within a matter of weeks.​"

Rian Stuart, IT Manager, Twinstream​


...simplifies our policy management...​

"It not only simplifies our policy management, but also enhances our overall compliance posture and has proven to be a significant time-saver for our organization."

Nadja Friedrichs, Vice President of HR, Boyum IT


...single source of truth and access for employees...​

"We successfully rolled out the tool with a minimal internal learning curve and achieved a 97% read / acknowledgement rate on our first assigned policy."


How to get started with Xoralia​

Step 1: request a demo​

Fill out our form and we will be in touch to arrange a time. You can even book a time yourself.​

Step 2: get a price proposal​

If you think Xoralia is for you ask us for a quote. This will set out any options you may have.​

Step 3: install and launch​

We’ll install Xoralia in your environment (or you can do it yourself). We’ll provide training and support to get you up and running quickly​.

Here's what you'll get

And last but not least:​

Ready to get started?

We use cookies to give you the best experience on our site. By continuing to use our website, you are agreeing to our use of cookies. To find more about the cookies, please see our Cookie notice

You can also read about our Privacy policy

Contact Support

If you have a question about Xoralia software, please fill out the form below and a member of our support team will be in contact with you shortly.