What is policy lifecycle management?

What is policy lifecycle management?

What is policy lifecycle management?

Policy lifecycle management can be defined as the successful management of a policy from the point at which it is created up to when it is updated to a new version or retired. This includes the processes relating to creating the policy, dissemination to employees, any employee attestation process required and then reviewing it before updating to a new version.

Policy lifecycle management often involves activities carried out by policy authors and owners, and then administrators who are managing the dissemination across the intranet or relevant site as well as the attestation process. Policy lifecycle management software can help with this process, automating many of the tasks.

What are the different stages in policy lifecycle management?

The policies in your organisation are very important – they guide decision-making, minimise risk, support everyday operations, uphold compliance across a variety of different areas and more. Policy lifecycle management is a critical activity in ensuring that your policies are kept up to date and everybody is accessing the latest versions, and that employees are aware of any changes made.

In this article, we’re going to look at what policy lifecycle management is, the different stages involved and how policy lifecycle management software can help.

What are the key stages in the lifecycle of a policy?

Let’s take a closer look at the ten stages involved in policy lifecycle management, particularly when policy lifecycle management software such as Xoralia is involved.

1. Create the policy

First, policy owners must create the policy. This is likely to be an offline process which can involve various different policy owners, stakeholders and owners. It’s likely to be done in a document format, and may have gone through several revisions. In particular, starting a new policy from scratch is not necessarily a rapid process.

2. Upload the document to a library

When a draft policy document is ready, it can be uploaded to a repository ready for dissemination. This is likely to be an appropriate document library within an intranet or SharePoint site, for example.

3. Send the document for review and approval

It’s important to check that the policy document is the correct version, so there will often be some review and approval workflow from appropriate stakeholders to make sure everything has been approved. In practice, reviews will likely have already taken place offline if a new policy has been created from scratch. However, if it is a new version of a policy with only some changes to confirm, then this review and approval workflow stage works very well.

4. Document approved and accessible within the document library

Once the document has been approved for organisational use, it will be displayed in the document library and given a suitable version control number, such as V2.0. Important additional information should also be displayed such as the date and the policy owner, as well as elements like the category. At the same time, the previous version of a policy will be retired.

5. Distribute the document and trigger an attestation process

With the document accessible, it’s now time to distribute the document to the entire organisation or to targeted groups; the latter could be reflected in your Active Directory.

Distributing the new policy could be as simple as drawing attention to it through a communication, but there may also be a need for an employee attestation process whereby all employees must confirm they have read the new policy. This could be because it is important for internal or external compliance, or both. Using software like Xoralia, you can automate the attestation process, with every employee getting a notification and link to the policy and related confirmation form.

You can also ensure that the attestation process is triggered for new starters, for example, who need to review a particular policy as part of their onboarding process.

6. Review attestation status for each employee and chase if required

It’s now time to review the attestation status for each employee and, if necessary, chase them to take action; policy management software will have in-built report to help with this.

If an employee does need to be chased, it can be done through automated reminders if there has been no action after a certain amount of time or by a certain deadline, or a direct message from their line manager.

7. View overall reporting and attestation status for each policy

As more employees confirm they have read the policies, administrators and policy owners can then review the overall attestation status for each one.

8. Meet compliance requirements and report for audit

As admins view the overall attestation status of a policy, they can take action until everybody has confirmed they have read and understood it, meeting any compliance requirements. There should be some reporting to provide confirmation that the compliance has been met, to be used with external third parties for auditing and certification purposes.

9. Review the policy

Policies need to be regularly reviewed so they remain up to date. Ideally, a review period or date should be set to automatically prompt the owner to review the policy and see if it needs an update. At other times, there might be a trigger such as change in legislation or an incident that could prompt a review of policies. During its lifecycle, a version of a policy will go through multiple reviews.

10. Retire and replace the policy

A policy will eventually be replaced by a later version, or sometimes replaced entirely. The lifecycle is then complete.

Policy lifecycle management software can help

Managing policies involves a lot of administration and repeatable tasks, so software can make the process significantly easier to manage. Most policy lifecycle management software has been carefully designed to assist with each stage of the policy lifecycle. Let’s explore the different ways it can help.

Automate a multitude of tasks

Many of the tasks within policy lifecycle management can be automated: tasks like sending out reminders, checking to see if a policy has been read, ensuring policy owners and governing bodies review their policy and issuing version numbers can all be carried out through automation. This helps busy teams save time and be more productive, allowing them to redirect their day to more value-added and less mundane activities!

Provide reminders to owners and employees

One of the automated tasks that policy lifecycle management software helps with is sending out different notification reminders, both to policy owners to review their policies at regular intervals and to employees when a new policy needs to be read, as well as reminders if an employee hasn’t confirmed they have read a required policy. These notifications are essential in driving the lifecycle of the policy.

Scale the process

Checking for and sending out all these reminders and notifications is a nightmare to do manually, as anyone who has ever used a spreadsheet and email will confirm! It’s also a completely unnecessary administrative overhead. Policy lifecycle management software ensures your policy management is truly scalable.

Eliminate mistakes

Keeping on top of policy management versions and employee attestation processes is very fiddly, and errors are probable. Perhaps you missed out a group? Perhaps a version of a policy didn’t update on the intranet? Policy lifecycle management software does much of the heavy lifting and helps avoid mistakes and errors, reducing risk in the process.

Support reporting

Policy management software will automate all the reporting to track policy management, employee attestation and other related processes. Good policy lifecycle management software supports reporting for senior management, policy owners, system administrators and managers responsible for ensuring their division or team read a policy.

Support compliance

Collectively, the reporting, document versioning and audit trails around updating policies and employee attestation processes support regulatory and legal compliance needs, and are crucial to show a third party that you are doing everything you can to ensure employees comply with a policy, for example.

Provide access for everybody

Of course, policy lifecycle management software also ensures everyone has access to your policies, ideally via your intranet or similar employee portal.

Using Xoralia for policy management

Xoralia is a dedicated policy lifecycle management solution based on SharePoint that can help with everything we have described above, supporting you through every stage of the policy management lifecycle. Want to find out more? Then book a demo!

The story behind Xoralia

Xoralia was built by the team at Content Formula, an intranet and digital workplace consultancy that has built SharePoint intranets for some of the world’s most famous companies. Now, most companies want their policies and procedures on the intranet but they don’t just want to store them there, they also want tools to help better manage them.  Over the years we came across just about every single requirement for a policy management system. As this article above explains, there are gaps in SharePoint and so we never built what in our mind was the perfect policy management system.

However, one of our clients challenged us to build something for them that filled all the gaps but still used SharePoint at the back end. We had a great relationship with them and agreed to share the budget to do this, provided we could then market the solution to others. That was in 2019. We’re now on version 3 of Xoralia and the product has grown and evolved a lot.

How policy management software can help

We think the best place to store your policies is inside SharePoint. Most companies already have SharePoint as part of their Microsoft 365 subscription. Using SharePoint means you have full control of your policies, and many best practices can be achieved right out of the box. However, there are gaps and certain best practices are hard to achieve.

To fill these gaps, and for best results we recommend using purpose-built policy management software for SharePoint and Microsoft 365.

We’ve developed a dedicated solution called Xoralia (pronounced Zor-ra-lee-a) that will ensure you have the best overall approach to policy management, supporting your users, policy owners and administrators.

We learned all about policy management from many years of building custom solutions for our clients on SharePoint. But we kept coming up against the same challenges, mostly caused by feature gaps in SharePoint. One day, a client asked us to build a policy management tool that filled these gaps. The trouble was, they didn’t have a lot of budget. But we had a good relationship with them and so we decided to collaborate on it provided we got to keep the code. Looking back, it was a pretty simple tool but over the years we have added more features and relaunched it. We’re now on version 3 and our original customer is still using it!

3 benefits you can expect from Xoralia

Make it easy to find policies

Centralised policy library with powerful search and filtering

Reduce administrative burden

Automations and notifications so that all policy tasks are carried out on time

Demonstrate compliance and best practice

Sophisticated tracking and dashboards to drive and measure compliance.

And lots more!

Testimonials

Xoralia drives user engagement and compliance...

"The platform's user attestation functionality has been particularly impactful, leading to a remarkable increase from ~50% to 86% in user attestation within a matter of weeks."

Rian Stuart, IT Manager, Twinstream

★★★★★

...simplifies our policy management...

"It not only simplifies our policy management, but also enhances our overall compliance posture and has proven to be a significant time-saver for our organization."

Nadja Friedrichs, Vice President of HR, Boyum IT

★★★★★

...single source of truth and access for employees...

"We successfully rolled out the tool with a minimal internal learning curve and achieved a 97% read / acknowledgement rate on our first assigned policy."

★★★★★

How to get started with Xoralia

Step 1: request a demo

Fill out our form and we will be in touch to arrange a time. You can even book a time yourself.

Step 2: get a price proposal

If you think Xoralia is for you ask us for a quote. This will set out any options you may have.

Step 3: install and launch

We’ll install Xoralia in your environment (or you can do it yourself). We’ll provide training and support to get you up and running quickly.

Here's what you'll get

And last but not least:

Ready to get started?

We use cookies to give you the best experience on our site. By continuing to use our website, you are agreeing to our use of cookies. To find more about the cookies, please see our Cookie notice

You can also read about our Privacy policy

Contact Support

If you have a question about Xoralia software, please fill out the form below and a member of our support team will be in contact with you shortly.