What is policy lifecycle management?
- 22 June 2022
- By Dan Hawtrey
What is policy lifecycle management?
Policy lifecycle management can be defined as the successful management of a policy from the point at which it is created up to when it is updated to a new version or retired. This includes the processes relating to creating the policy, dissemination to employees, any employee attestation process required and then reviewing it before updating to a new version.
Policy lifecycle management often involves activities carried out by policy authors and owners, and then administrators who are managing the dissemination across the intranet or relevant site as well as the attestation process. Policy lifecycle management software can help with this process, automating many of the tasks.
What are the different stages in policy lifecycle management?
The policies in your organisation are very important – they guide decision-making, minimise risk, support everyday operations, uphold compliance across a variety of different areas and more. Policy lifecycle management is a critical activity in ensuring that your policies are kept up to date and everybody is accessing the latest versions, and that employees are aware of any changes made.
In this article, we’re going to look at what policy lifecycle management is, the different stages involved and how policy lifecycle management software can help.
What are the key stages in the lifecycle of a policy?
Let’s take a closer look at the ten stages involved in policy lifecycle management, particularly when policy lifecycle management software such as Xoralia is involved.
1. Create the policy
First, policy owners must create the policy. This is likely to be an offline process which can involve various different policy owners, stakeholders and owners. It’s likely to be done in a document format, and may have gone through several revisions. In particular, starting a new policy from scratch is not necessarily a rapid process.
2. Upload the document to a library
When a draft policy document is ready, it can be uploaded to a repository ready for dissemination. This is likely to be an appropriate document library within an intranet or SharePoint site, for example.
3. Send the document for review and approval
It’s important to check that the policy document is the correct version, so there will often be some review and approval workflow from appropriate stakeholders to make sure everything has been approved. In practice, reviews will likely have already taken place offline if a new policy has been created from scratch. However, if it is a new version of a policy with only some changes to confirm, then this review and approval workflow stage works very well.
4. Document approved and accessible within the document library
Once the document has been approved for organisational use, it will be displayed in the document library and given a suitable version control number, such as V2.0. Important additional information should also be displayed such as the date and the policy owner, as well as elements like the category. At the same time, the previous version of a policy will be retired.
5. Distribute the document and trigger an attestation process
With the document accessible, it’s now time to distribute the document to the entire organisation or to targeted groups; the latter could be reflected in your Active Directory.
Distributing the new policy could be as simple as drawing attention to it through a communication, but there may also be a need for an employee attestation process whereby all employees must confirm they have read the new policy. This could be because it is important for internal or external compliance, or both. Using software like Xoralia, you can automate the attestation process, with every employee getting a notification and link to the policy and related confirmation form.
You can also ensure that the attestation process is triggered for new starters, for example, who need to review a particular policy as part of their onboarding process.
6. Review attestation status for each employee and chase if required
It’s now time to review the attestation status for each employee and, if necessary, chase them to take action; policy management software will have in-built report to help with this.
If an employee does need to be chased, it can be done through automated reminders if there has been no action after a certain amount of time or by a certain deadline, or a direct message from their line manager.
7. View overall reporting and attestation status for each policy
As more employees confirm they have read the policies, administrators and policy owners can then review the overall attestation status for each one.
8. Meet compliance requirements and report for audit
As admins view the overall attestation status of a policy, they can take action until everybody has confirmed they have read and understood it, meeting any compliance requirements. There should be some reporting to provide confirmation that the compliance has been met, to be used with external third parties for auditing and certification purposes.
9. Review the policy
Policies need to be regularly reviewed so they remain up to date. Ideally, a review period or date should be set to automatically prompt the owner to review the policy and see if it needs an update. At other times, there might be a trigger such as change in legislation or an incident that could prompt a review of policies. During its lifecycle, a version of a policy will go through multiple reviews.
10. Retire and replace the policy
A policy will eventually be replaced by a later version, or sometimes replaced entirely. The lifecycle is then complete.
Policy lifecycle management software can help
Managing policies involves a lot of administration and repeatable tasks, so software can make the process significantly easier to manage. Most policy lifecycle management software has been carefully designed to assist with each stage of the policy lifecycle. Let’s explore the different ways it can help.
Automate a multitude of tasks
Many of the tasks within policy lifecycle management can be automated: tasks like sending out reminders, checking to see if a policy has been read, ensuring policy owners and governing bodies review their policy and issuing version numbers can all be carried out through automation. This helps busy teams save time and be more productive, allowing them to redirect their day to more value-added and less mundane activities!
Provide reminders to owners and employees
One of the automated tasks that policy lifecycle management software helps with is sending out different notification reminders, both to policy owners to review their policies at regular intervals and to employees when a new policy needs to be read, as well as reminders if an employee hasn’t confirmed they have read a required policy. These notifications are essential in driving the lifecycle of the policy.
Scale the process
Checking for and sending out all these reminders and notifications is a nightmare to do manually, as anyone who has ever used a spreadsheet and email will confirm! It’s also a completely unnecessary administrative overhead. Policy lifecycle management software ensures your policy management is truly scalable.
Eliminate mistakes
Keeping on top of policy management versions and employee attestation processes is very fiddly, and errors are probable. Perhaps you missed out a group? Perhaps a version of a policy didn’t update on the intranet? Policy lifecycle management software does much of the heavy lifting and helps avoid mistakes and errors, reducing risk in the process.
Support reporting
Policy management software will automate all the reporting to track policy management, employee attestation and other related processes. Good policy lifecycle management software supports reporting for senior management, policy owners, system administrators and managers responsible for ensuring their division or team read a policy.
Support compliance
Collectively, the reporting, document versioning and audit trails around updating policies and employee attestation processes support regulatory and legal compliance needs, and are crucial to show a third party that you are doing everything you can to ensure employees comply with a policy, for example.
Provide access for everybody
Of course, policy lifecycle management software also ensures everyone has access to your policies, ideally via your intranet or similar employee portal.
Using Xoralia for policy management
Xoralia is a dedicated policy lifecycle management solution based on SharePoint that can help with everything we have described above, supporting you through every stage of the policy management lifecycle. Want to find out more? Then book a demo!
The story behind Xoralia
Xoralia was built by the team at Content Formula, an intranet and digital workplace consultancy that has built SharePoint intranets for some of the world’s most famous companies. Now, most companies want their policies and procedures on the intranet but they don’t just want to store them there, they also want tools to help better manage them. Over the years we came across just about every single requirement for a policy management system. As this article above explains, there are gaps in SharePoint and so we never built what in our mind was the perfect policy management system.
How policy management software can help
We think the best place to store your policies is inside SharePoint. Most companies already have SharePoint as part of their Microsoft 365 subscription. Using SharePoint means you have full control of your policies, and many best practices can be achieved right out of the box. However, there are gaps and certain best practices are hard to achieve.
To fill these gaps, and for best results we recommend using purpose-built policy management software for SharePoint and Microsoft 365.
We’ve developed a dedicated solution called Xoralia (pronounced Zor-ra-lee-a) that will ensure you have the best overall approach to policy management, supporting your users, policy owners and administrators.
We learned all about policy management from many years of building custom solutions for our clients on SharePoint. But we kept coming up against the same challenges, mostly caused by feature gaps in SharePoint. One day, a client asked us to build a policy management tool that filled these gaps. The trouble was, they didn’t have a lot of budget. But we had a good relationship with them and so we decided to collaborate on it provided we got to keep the code. Looking back, it was a pretty simple tool but over the years we have added more features and relaunched it. We’re now on version 3 and our original customer is still using it!
3 benefits you can expect from Xoralia
Make it easy to find policies
Centralised policy library with powerful search and filtering
Reduce administrative burden
Automations and notifications so that all policy tasks are carried out on time
Demonstrate compliance and best practice
Sophisticated tracking and dashboards to drive and measure compliance.
And lots more!
Testimonials
Xoralia drives user engagement and compliance...
"The platform's user attestation functionality has been particularly impactful, leading to a remarkable increase from ~50% to 86% in user attestation within a matter of weeks.
Rian Stuart, IT Manager, Twinstream
...simplifies our policy management...
"It not only simplifies our policy management, but also enhances our overall compliance posture and has proven to be a significant time-saver for our organization."
Nadja Friedrichs, Vice President of HR, Boyum IT
...single source of truth and access for employees...
"We successfully rolled out the tool with a minimal internal learning curve and achieved a 97% read / acknowledgement rate on our first assigned policy."
How to get started with Xoralia
Step 1: request a demo
Fill out our form and we will be in touch to arrange a time. You can even book a time yourself.
Step 2: get a price proposal
If you think Xoralia is for you ask us for a quote. This will set out any options you may have.
Step 3: install and launch
We’ll install Xoralia in your environment (or you can do it yourself). We’ll provide training and support to get you up and running quickly
Here's what you'll get
-
Central policy library
-
Search and filter tools
-
Mandatory read policies with attestations
-
Quizzes
-
Notifications and alerts
-
Employee dashboard
-
Line manager dashboard
-
Works on mobile, in Teams and SharePoint
-
New policy creation workflows
-
Policy update workflows
-
Review and approval gates
-
Policy version history
-
Compliance dashboard
-
Audit trail
-
Full reporting
And last but not least:
-
Professional implementation service and support
-
Evergreen software – frequent updates and improvements
-
Comes with our "it just works" support warranty – we’ll fix any bugs, often before you even notice