Manage Policies and Procedures in SharePoint – Q&A

No matter what size your organization, at some point you will need to ensure that certain employees read and acknowledge policies and procedure documents – for example company policies, risk assessments or employee manuals. Depending on your organization, industry and compliance regulations the list of documents can seem endless. Creating a document, managing its distribution and monitoring acceptance is a simple enough process to understand but can introduce enormous complexity in a very short space of time.

Q: In your opinion what are the main challenges that companies face when they need to publish important Policies within their organisation?

1.     Getting the right people to read the right document!

As soon as a company policy is approved and published you generally need to ensure that the relevant employees have chance to read it. Publishing the document on your company intranet site is a great start but how do you know who has visited the page? Sending paper copies ensures that employees receive it but does nothing to improve your carbon footprint. Using a separate document management system just means that you have to duplicate your document and workflow into several systems. Using the Cloud means you have to trust third parties with your potentially sensitive information and also suffers from the same duplication issues as using a third party system.

DocRead was created for SharePoint to allow organisations to maintain control over their own documents and allow document publishers to target specific items to specific groups of employees. Items that need to be distributed to employees (company policies, documents, training videos, web pages etc.) can remain safely and efficiently stored in SharePoint Document libraries. Once stored, relevant groups of employees / target audiences can access and view the information and then self-certify that they have done so and understood the contents. By selecting the correct group of employees for each document, you can easily ensure that the information is targeted to only the people who need to know about it. Each employee is notified of their required reading and also provided with a simple process to allow them to read and confirm the policy.

2.     Keeping up to date with new starters / secondments / promotions / leavers

The simple task of ensuring that the right people read the right document can be quite challenging in dynamic corporate environments. Employees can quickly move between departments, projects, earn promotions or receive benefits that require them to be compliant with a different set of company policies. Ensuring that the correct corporate and HR policies (as well as both project and team documents) are issued when an employees’ circumstances change is a task in itself.

To solve this common problem, DocRead’s ‘SmartMove’ technology does just that. Once you have associated the correct group of employees with the correct company document, DocRead intelligently monitors the membership of your groups to ensure that everyone is always allocated the correct policies. A new employee may be added into several different groups (for example ‘All Employees’, ‘Finance’, ‘Located in Building A’) and will be automatically issued with the relevant reading tasks associated with those groups. Effectively you can ‘set it and forget it’ until the policy comes up for review.

3.     Ensuring employees read the document.

Once you’ve distributed your policy (via snail mail, email or via DocRead) you generally need to receive some sort of confirmation stating that it’s been read. Paper based approaches need an ‘acknowledgement form’ to be filed for future reference (how many times have you searched through a massive pile of paper looking for a specific response, only to find it missing!). Read receipts can be used on email, but are not great if you need to work out which 5 people out of the 1000 sent have not replied.

DocRead reports display the reading status of all reading tasks and allow you to quickly and efficiently search to find out who has read what and when. Via the reports, it is possible to identify delinquent employees who have not read specific documents by the deadline you set. This allows compliance staff to monitor the performance of specific documents. Overdue email reminders are optionally sent to those employees who have not completing their reading tasks within the given timescales.

4.     Can you be sure that an employee understands a policy?

OK, so you’ve written a fabulous Records Management Policy and sent it to those records managers who need to read and acknowledge it. You begin to receive acknowledgments, but how do you know that the employees have truly understood the purpose and meaning of the content?

Currently DocRead offers a very effective way for an employee to attest that they understand a policy. Once the employee has self-certified that they agree to the terms within the policy a receipt is generated for both employee and employer. In many cases this is sufficient. The employer has issued the right policy to the right employee at the right time. However, some employers want to go one step further and gain assurance that the employee really does understand the policy. To meet this additional requirement we built DocSurvey. DocSurvey allows competency based questions (quizzes) to be attached to policies. After the employee has read the policy or document, they must achieve the required pass rate before being able to confirm they have read the policy and complete the task. Results from the quiz can also be used to gather feedback on a policy, so that it can be fed back into a future review. For example, if 90% of employees are failing question 7, you may wish to rewrite that area of the policy. DocSurvey reports allow this detail to be analysed.

Q: How can I make my policies easier to find in SharePoint?

SharePoint is generally used by organizations for document management and organizations generally have lots (and I mean LOTS) of documents. So how do you find the proverbial ‘needle in a haystack’. Once a policy is stored in a SharePoint document library there are a few key features that can be used to easily identify the item you want:

1.     Document Metadata – It’s very easy to fall straight back into old habits by using folders within document libraries. Folders should be avoided as much as possible because they force a document to be classified as one type of thing. Placed in a specific pigeon hole if you like – unless you can remember which pigeon hole you used you can waste precious time searching for your document. For example, if a First Aid policy was stored in a ‘Health and Safety Docs’ folder, it cannot then also be stored in a ‘Policy documents’ folder without creating a duplicate – and you have then created a new problem wondering which document is the correct version! Using folders make people need to understand the brain of the person filing it – “where would they put it?”

Metadata solves this problem. Metadata allows a publisher to tag / classify a policy with as many different meaningful descriptions as necessary. Our First Aid policy could be tagged with both ‘Health’ and ‘Policy’ descriptions. Once the tags are defined, it’s then easy to navigate to the correct groups of documents using metadata navigation built in to SharePoint. However,  it’s important that Tags be governed appropriately so that there aren’t thousands being used. This can be done at an organization level using the Managed metadata and taxonomy features in SharePoint.

2.     Search – One major feature of SharePoint that greatly improves a person’s ability to find a policy is to use SharePoint search. The beauty about search is that a user doesn’t have to have any knowledge of where the document is stored. They simply need to type some keywords in the search box and a list of potential results will pop-out. The other great benefit is that search results are security trimmed before the user sees them. This means that only results that a user has permission to see will be displayed. There are some great features such as ‘synonyms’ and ‘best bets’ that can also help the user find your policies.

3.     My Reading List – DocRead web parts can be placed in prominent places on the company intranet or on places like a user’s MySite. When the user navigates to this page they are presented with their own personal reading list of company documents and policies that they are required to read and accept.

Q: Why did you develop DocRead as an add-in for SharePoint rather than creating a standalone product?

SharePoint is now used in 79% of Fortune 500 companies and is used for document management more than anything else. It is Microsoft’s fastest selling server product ever! It now generates 2 billion dollars’ worth of revenue and if it was a company it would be in the top 10 of the world’s largest. Many organizations are either in the process of moving their documents to SharePoint, or have already done so. Given that so many organizations are already managing their documents in SharePoint why learn, train users and pay for another external document and content management system? Using a different system would cause documents to be duplicated and managed separately which itself would cause more headaches around version control and document management. The beauty of using SharePoint for policy management is that you can continue to use all of document management tools you are familiar with and use DocRead to fill in the gaps to make it a great way to make staff conscious of the documents that are important to them. 

Modern organizations of today often want to be able to offer their employees a much richer experience than simple plain office documents allow. As SharePoint can be extended is so many ways, it’s now very easy to create a web page containing videos, images, text or flash presentations. Richer content pages can offer a far more effective approach in educating users as to the purpose of a policy. Of course, once these different types are content are added, DocRead can easily send them out to your users.

Q: How can I define employee groups within my organisation?

Employee groups can dissect the organisation in many different ways – by department, level of seniority, skill set, possession of company equipment and project groups to name but a few. Each group can be required to read different company policies and any employee could be a member of many groups at any one point in time. You could be a Finance Manager based in New York, the Fire warden for your floor in office building A, with a company mobile phone, laptop and company car.

Traditionally, email distribution lists would be manually created and maintained. So in the example above you would need to create email groups for the Finance department, Managers, employees based in New York, Fire Wardens building A, Mobile phone users, Laptop users and Company Car owners. Members of each group would be individually selected and added to the group. Every time a new mobile phone was issued the receiver would need to be manually added to the mobile phone user group so all new emails would be sent to them. But what about older emails and other information already sent to the original members of the group?

In SharePoint you can organise employees into common groups in one of two ways:

  1. SharePoint Groups: These are created in a similar way to the email groups described above. You individually identify the people who should be members.
  2. SharePoint Audiences: These are dynamically created based on a set of rules – you create the rules e.g. ‘everyone in the finance department’ and then SharePoint works out who meets the rules and adds those people to the group. Audiences rely on the information (attributes) contained in a users’ Active Directory profile – should the members profile change in AD then the audience membership will dynamically change as well, no further updates or amendments are required. Once created, audiences can be used to target content, making user personalisation possible.

DocRead can then be used send the document (e.g. Use of Company Mobile Phone Equipment), to a SharePoint Group or Audience (e.g. ‘Mobile Phone users’) and allow them a certain number of days to read and confirm it.

Q: How can I use SharePoint to manage the life-cycle of a Policy?

SharePoint and DocRead have all of the necessary features to manage the life-cycle of a policy or procedure.

  1. To create and review the policy a simple ‘Team’ site can be created and secured for the Policy Team to produce the policy. This site can be used to not only store the policy itself, but also all of the related work surround it, such as meeting notes, supporting documentation, task lists and calendars.
  2. Once the policy is ready for approval standard SharePoint document library features such as approval workflows can be utilised to request the relevant stakeholders approve the policy.
  3. Once approved and published the policy is then copied to the main Intranet where it is assigned to the relevant group of employees with DocRead.
  4. The Policy publisher can then track the performance of the policy and find out who has and has not read the policy via DocRead reports.
  5. Once the policy is live – it’s vital that it’s regularly reviewed for accuracy and to ensure it still fits any regulatory influences. This review phase could result in several major changes to the policy which results with the need for it to be re-distributed with DocRead. One specific challenge is how to remind the policy team that a review is due. To do this we recommend using Pentalogic’s Reminder Web Part.
  6. Eventually most policies will need to be archived at some stage and SharePoint allows a simple document retention policy to be defined which will cause the document to be ‘sent to the recycle bin’, or ‘declared as a record’. Putting strong governance procedures in place at the time the document is published, ensures that employees won’t be asked to read unnecessary policies and that SharePoint isn’t full of unwanted documents.

Q: My policy needs to be accepted on a regular basis. Can this be simplified?

Many policies need to be regularly reviewed and formally accepted by employees. This is easily achieved using the ‘Reset task’ function in DocRead. This effectively draws a line underneath the original task and closes all outstanding reading assignments. New reading tasks linked to the latest version of the document are sent to the relevant employees and the tracking process starts all over again.