Policy management across an organisation is not always straightforward and can actually be very challenging. There are often multiple business functions involved. There might be confusion about who needs to be doing what in keeping their policies up to date. And even if they do, there may not be an easy way for employees to access and find the policies they need. Overall, the approach to policy management is usually ad hoc and informal and inevitably things fall between the cracks.
Policies aren’t always the most interesting documents to keep up to date or to read. But they are essential in minimising risks, ensuring compliance, and empowering managers and employees to make decisions to enable smooth day-to-day operations. If policy management is broken in your organisation and is exposing you to risks, then it’s time to take some steps.
In this post we look at ten essential best practices that will result in better policy management and can be the start of a more successful approach to managing your policies.
1. Always ensure you have a single source of truth for policies
A perennial problem with policy management is that there is more than one version of a policy circulating. Nobody knows which is the right version, and it is possible that employees will follow out of date guidance. Ultimately having multiple versions of policy documents in circulation not only increases risk but also means employees lose trust in policies and take them less seriously.
Always ensure that you have a single source of truth for your policies. Publish them in only one place and use robust versioning to ensure that when a policy is updated, the new version is the only one available to view. If possible, avoid emailing policies as people will then continue to refer to these without knowing if a policy has been superseded.
2. Establish crystal clear ownership around policies
One of the main reasons that policy management falls down is that there isn’t clarity around who owns a policy and is responsible for updating it. When there isn’t a named person then it policy updates can all too easily get forgotten, everyone assuming that it is someone else’s responsibility. This can even happen within a department; if the “HR department” is set as being the owner of a policy, then updating it can still get missed.
Successful policy management requires clear ownership of policies and what this means in terms of responsibilities. Every policy needs to have a named individual or individuals who own it, and further clarity about who should be updating it and when.
3. Write your policies so that they are clear and digestible
Policies are principally there to be followed, providing essential guidance for employees to support the right actions and decision-making. However, if a policy is written as a twenty-five-page document with very dense text and lots of legal jargon it is highly unlikely that people are going to get past the first couple of paragraphs.
Always write your policies so that they are clear and digestible, so they can actually be followed. Consider also tailoring a policy to different groups – for example translating it into a particular language or having a shorter version for frontline staff that can be more easily digested on a mobile phone.
We do understand that some policies are primarily created for legal and compliance purposes and do sometimes need to be written in legal style, but if this is the case, always create additional guidance that is clear, so employees can easily follow what they need to do.
4. Leverage automation where you can
Managing policies can involve a lot of manual administrative work. For example, somebody might need to remind policy owners to update their policies and then monitor to see who has done it. They might have to track if new hires have read a particular policy as part of their onboarding process and then chase those up who haven’t.
In the past people have had to rely on using emails and spreadsheets, which is inefficient, time-consuming and generally a miserable experience. The administrative overhead involved also means that many organisations cut corners and the approach to policy management is ad hoc or simply doesn’t happen.
Many policy management software solutions have automated features that do much of the heavy lifting around administration, making life easier for policy teams and saving huge amounts of time. Using automation can make policy management much easier, helping remind and track both policy owners and employees on what they need to do.
5. Use employee attestation to support compliance
Policies play an important role in supporting compliance and minimising risk. Employees may be required to read particular policies as part of an onboarding process when they first join, or as an annual process. Sometimes policies are updated, and employees need to digest and understand the change. In some regulated industries it is also necessary to prove to an external body or auditor that there is a process in place to ensure that employees read policies in this way.
The only reliable way to achieve all of the above is through an employee attestation process. This works by an employee acknowledging that they have read and understood a policy, and then having reporting to track progress. This is best achieved through a policy management solution like Xoralia where much of the attestation process is automated and additional features such as personalisation, content targeting, notifications, granular reporting and even additional custom questions help to ensure success and high rates of compliance. The results can even be shown to external regulators and certification bodies.
6. Put in the right approval and review processes
Policies have to be watertight; they must be accurate and up to date. Putting in the right approval and review processes can help ensure this happens. New policies and substantial changes to existing policies should always be reviewed and approved by the necessary stakeholders. Having a regular, diarised review process in place – for example every six or twelve months – can also help ensure that a policy is to date.
Good policy management software should help with both these, using appropriate approval workflow as part of the content management process, as well as automated review dates and reminders for regular reviews.
7. Make your policies easily accessible and findable
Policies are largely pointless if users cannot easily find and access them, ideally at the point of need. Employees are simply not going to waste time on looking for policies that are difficult to locate – they need to be able to find them quickly, with minimal effort and on their preferred device.
The standard way to make policies easy to find is by creating a central policy library where employees can access policies. Most policy management solutions will deliver this, but it doesn’t mean they can then easily find that they need.
With Xoralia we leveraged the powerful Microsoft Search so employees can find what they need through both a general search but also a dedicated policy search. There is also the ability for employees to filter using custom tags to define departments or themes using familiar language specific to your organisation. Because Xoralia is built on SharePoint it also means your policy library can be easily integrated into your SharePoint-based intranet or reached via Microsoft Teams, removing all barriers to access and findability.
8. Standardize naming and numbering
It really helps to standardise the naming and numbering conventions on your policies to drive consistency, so that everyone knows what the policy is, who it is aimed at and if it is the latest updated version. This is important when you have a different policy on the same topic for different locations; for example, there may be an expenses policy for the UK and one for Germany. Reflecting this in the title can help ensure that an employee is confident they have the right document. Having the right title is also key for findability, as this will be displayed in the search results.
9. Use personalization and notifications to communicate changes
One of the most challenging aspects of policy management is communicating changes to employees. It’s hard enough to get their attention for general updates, let alone about a change to a Health & Safety policy. Using elements such as personalisation and targeting, and sending meaningful notifications can make it easier to communicate changes.
For example, an employee might enter your policy library or even your intranet and see a personalised list of the policies they need to read or where there have been changes of note. They might also receive an email reminder of a policy that they need to have confirmed they have read by a certain date. Again, these are all good practices which powerful policy management solutions like Xoralia support.
10. Make life easy for your policy owners
Perhaps this is less of a best practice, and more a general point. Policy owners are usually very busy people with a lot of things on their plate. Making life easier for them by helping them keep their policies up to date will generate both goodwill and the necessary actions.
Using automated reminders, personalised views that display the list of upcoming policies to review, and reporting that shows policy views and mandatory read confirmations, will all help in the overall policy management process.
Following policy management best practices
Following best practices to support policy management is important. Policy management software like Xoralia can help do much of the heavy lifting to help you follow best practices such as establishing one source of truth for policies and making them easily findable and accessible.
Why not arrange a free demo of Xoralia to see how it can help improve policy management in your organisation?
How policy management software can help
We think the best place to store your policies is inside SharePoint. Most companies already have SharePoint as part of their Microsoft 365 subscription. Using SharePoint means you have full control of your policies, and many best practices can be achieved right out of the box. However, there are gaps and certain best practices are hard to achieve.
To fill these gaps, and for best results we recommend using purpose-built policy management software for SharePoint and Microsoft 365.
We’ve developed a dedicated solution called Xoralia (pronounced Zor-ra-lee-a) that will ensure you have the best overall approach to policy management, supporting your users, policy owners and administrators.
We learned all about policy management from many years of building custom solutions for our clients on SharePoint. But we kept coming up against the same challenges, mostly caused by feature gaps in SharePoint. One day, a client asked us to build a policy management tool that filled these gaps. The trouble was, they didn’t have a lot of budget. But we had a good relationship with them and so we decided to collaborate on it provided we got to keep the code. Looking back, it was a pretty simple tool but over the years we have added more features and relaunched it. We’re now on version 3 and our original customer is still using it!
3 benefits you can expect from Xoralia
Make it easy to find policies
Centralised policy library with powerful search and filtering
Reduce administrative burden
Automations and notifications so that all policy tasks are carried out on time
Demonstrate compliance and best practice
Sophisticated tracking and dashboards to drive and measure compliance.
And lots more!
What our clients say
Xoralia drives user engagement and compliance...
The platform's user attestation functionality has been particularly impactful, leading to a remarkable increase from ~50% to 86% in user attestation within a matter of weeks.
Rian Stuart, IT Manager, Twinstream
...simplifies our policy management...
It not only simplifies our policy management, but also enhances our overall compliance posture and has proven to be a significant time-saver for our organization.
Nadja Friedrichs, Vice President of HR, Boyum IT
...single source of truth and access for employees...
We successfully rolled out the tool with a minimal internal learning curve and achieved a 97% read / acknowledgement rate on our first assigned policy.
