Policy management across an organisation is not always straightforward and can actually be very challenging. There are often multiple business functions involved. There might be confusion about who needs to be doing what in keeping their policies up to date. And even if they do, there may not be an easy way for employees to access and find the policies they need. Overall, the approach to policy management is usually ad hoc and informal and inevitably things fall between the cracks.

Policies aren’t always the most interesting documents to keep up to date or to read. But they are essential in minimising risks, ensuring compliance, and empowering managers and employees to make decisions to enable smooth day-to-day operations. If policy management is broken in your organisation and is exposing you to risks, then it’s time to take some steps.

In this post we look at ten essential best practices that will result in better policy management and can be the start of a more successful approach to managing your policies.

1. Always ensure you have a single source of truth for policies

A perennial problem with policy management is that there is more than one version of a policy circulating. Nobody knows which is the right version, and it is possible that employees will follow out of date guidance. Ultimately having multiple versions of policy documents in circulation not only increases risk but also means employees lose trust in policies and take them less seriously.

Always ensure that you have a single source of truth for your policies. Publish them in only one place and use robust versioning to ensure that when a policy is updated, the new version is the only one available to view. If possible, avoid emailing policies as people will then continue to refer to these without knowing if a policy has been superseded.

2. Establish crystal clear ownership around policies

One of the main reasons that policy management falls down is that there isn’t clarity around who owns a policy and is responsible for updating it. When there isn’t a named person then it policy updates can all too easily get forgotten, everyone assuming that it is someone else’s responsibility. This can even happen within a department; if the “HR department” is set as being the owner of a policy, then updating it can still get missed.

Successful policy management requires clear ownership of policies and what this means in terms of responsibilities. Every policy needs to have a named individual or individuals who own it, and further clarity about who should be updating it and when.

3. Write your policies so that they are clear and digestible

Policies are principally there to be followed, providing essential guidance for employees to support the right actions and decision-making. However, if a policy is written as a twenty-five-page document with very dense text and lots of legal jargon it is highly unlikely that people are going to get past the first couple of paragraphs.

Always write your policies so that they are clear and digestible, so they can actually be followed. Consider also tailoring a policy to different groups – for example translating it into a particular language or having a shorter version for frontline staff that can be more easily digested on a mobile phone.

We do understand that some policies are primarily created for legal and compliance purposes and do sometimes need to be written in legal style, but if this is the case, always create additional guidance that is clear, so employees can easily follow what they need to do.

4. Leverage automation where you can

Managing policies can involve a lot of manual administrative work. For example, somebody might need to remind policy owners to update their policies and then monitor to see who has done it. They might have to track if new hires have read a particular policy as part of their onboarding process and then chase those up who haven’t.

In the past people have had to rely on using emails and spreadsheets, which is inefficient, time-consuming and generally a miserable experience. The administrative overhead involved also means that many organisations cut corners and the approach to policy management is ad hoc or simply doesn’t happen.

Many policy management software solutions have automated features that do much of the heavy lifting around administration, making life easier for policy teams and saving huge amounts of time. Using automation can make policy management much easier, helping remind and track both policy owners and employees on what they need to do.

5. Use employee attestation to support compliance

Policies play an important role in supporting compliance and minimising risk. Employees may be required to read particular policies as part of an onboarding process when they first join, or as an annual process. Sometimes policies are updated, and employees need to digest and understand the change. In some regulated industries it is also necessary to prove to an external body or auditor that there is a process in place to ensure that employees read policies in this way.

The only reliable way to achieve all of the above is through an employee attestation process. This works by an employee acknowledging that they have read and understood a policy, and then having reporting to track progress. This is best achieved through a policy management solution like Xoralia where much of the attestation process is automated and additional features such as personalisation, content targeting, notifications, granular reporting and even additional custom questions help to ensure success and high rates of compliance. The results can even be shown to external regulators and certification bodies.

6. Put in the right approval and review processes

Policies have to be watertight; they must be accurate and up to date. Putting in the right approval and review processes can help ensure this happens. New policies and substantial changes to existing policies should always be reviewed and approved by the necessary stakeholders. Having a regular, diarised review process in place – for example every six or twelve months – can also help ensure that a policy is to date.

Good policy management software should help with both these, using appropriate approval workflow as part of the content management process, as well as automated review dates and reminders for regular reviews.

7. Make your policies easily accessible and findable

Policies are largely pointless if users cannot easily find and access them, ideally at the point of need. Employees are simply not going to waste time on looking for policies that are difficult to locate – they need to be able to find them quickly, with minimal effort and on their preferred device.

The standard way to make policies easy to find is by creating a central policy library where employees can access policies.  Most policy management solutions will deliver this, but it doesn’t mean they can then easily find that they need.

With Xoralia we leveraged the powerful Microsoft Search so employees can find what they need through both a general search but also a dedicated policy search. There is also the ability for employees to filter using custom tags to define departments or themes using familiar language specific to your organisation. Because Xoralia is built on SharePoint it also means your policy library can be easily integrated into your SharePoint-based intranet or reached via Microsoft Teams, removing all barriers to access and findability.

8. Standardize naming and numbering

It really helps to standardise the naming and numbering conventions on your policies to drive consistency, so that everyone knows what the policy is, who it is aimed at and if it is the latest updated version. This is important when you have a different policy on the same topic for different locations; for example, there may be an expenses policy for the UK and one for Germany. Reflecting this in the title can help ensure that an employee is confident they have the right document. Having the right title is also key for findability, as this will be displayed in the search results.

9. Use personalization and notifications to communicate changes

One of the most challenging aspects of policy management is communicating changes to employees. It’s hard enough to get their attention for general updates, let alone about a change to a Health & Safety policy. Using elements such as personalisation and targeting, and sending meaningful notifications can make it easier to communicate changes.

For example, an employee might enter your policy library or even your intranet and see a personalised list of the policies they need to read or where there have been changes of note. They might also receive an email reminder of a policy that they need to have confirmed they have read by a certain date. Again, these are all good practices which powerful policy management solutions like Xoralia support.

10. Make life easy for your policy owners

Perhaps this is less of a best practice, and more a general point. Policy owners are usually very busy people with a lot of things on their plate. Making life easier for them by helping them keep their policies up to date will generate both goodwill and the necessary actions.

Using automated reminders, personalised views that display the list of upcoming policies to review, and reporting that shows policy views and mandatory read confirmations, will all help in the overall policy management process.

Following policy management best practices

Following best practices to support policy management is important. Policy management software like Xoralia can help do much of the heavy lifting to help you follow best practices such as establishing one source of truth for policies and making them easily findable and accessible.

Why not arrange a free demo of Xoralia to see how it can help improve policy management in your organisation?