The Ultimate Policy Management Software Checklist!
If you are searching for policy management software and are feeling a bit overwhelmed then this purchasing guide will help. This guide is ideal for situations where you have to create an RFP and want to understand what to look for in a policy management system.

Regardless of what technology you use (On-premises vs Cloud) you will need to evaluate a solution against the same set of features. The list below outlines those features and explains how SharePoint (and our own products DocRead and DocSurvey) help fulfill them. If using SharePoint isn't possible for you then I hope this helps when researching other policy management software.
It should be easy to work collaboratively on a policy reducing the need for duplication
Being able to collaboratively work on a new (or existing) policy document is essential. Larger policies can often require input from several people both within the organization as well as outside of it. You should really try to avoid e-mailing the policy around as this results in multiple copies and will make tracking changes extremely hard. Alongside the authoring of the document you will also need a single place to store and tag reference documentation, meeting minutes, discussions, site links, videos and so on.
How can SharePoint and DocRead help?
Microsoft SharePoint offers a plethora of features to assist you here. Document libraries can be used to store the policy alongside all of the supporting documents. Each document can be authored, tagged with metadata, secured, searched for, listed, shared, converted! You name it, SharePoint (and Microsoft Office) have a feature to help in each step. SharePoint is one of the leading document management systems in the World and is backed by the might of Microsoft.
Are your policies read on time and by the right people?
Make compliance simple
It should be possible to give a unique name to a policy making it more identifiable and reducing ambiguity
In large organizations the chances of having 2 documents with the same name is very high. If you were audited (or needed evidence of which particular document had been signed off) then this could prove to be troublesome. It's absolutely key that you can trace who read what, when and which version they accessed.
How can SharePoint and DocRead help?
SharePoint helps tremendously here as each document can be allocated a unique id. This means the risk of ambiguity where two documents are named the same or similarly is reduced. Another benefit of using SharePoint is that the document can be accessed via a URL that doesn’t contain location specific information. This has the advantage that if the document moves, or the URL changes, the link will remain intact. Consequently, integration into other systems is far more reliable. If a document has been signed-off there must be no confusion which version was approved!
Enable and configure unique Document IDs
It should be possible to secure a policy so that only authorized users can access it throughout it's life-cycle
From the day a policy is first created, to the day it is archived a policy should only be accessed and edited by users with appropriate permissions to do so. If a policy falls into the wrong hands at any point in the life-cycle it could be tampered with and amended to mean something entirely different.
How can SharePoint and DocRead help?
Microsoft SharePoint has a very mature security framework. It allows users to be added to groups and given permissions to carry out certain features such as 'edit a document' or 'delete a document'. The security framework also allows permissions to be set at the top-level site container. These site permissions can be automatically inherited all the way down to a document library and individual document.
It should be possible to store multiple versions of a policy so loss of data is not an issue
Although it's imperative that there's only one major version being read and acknowledged at a particular time, it's almost certain that your policy will undergo several iterations or require updating at some point during its life.
How can SharePoint and DocRead help?
SharePoint version management should be configured to allow a history of versions to be easily viewed and restored if necessary. DocRead will also record the exact version number that was acknowledged by staff. As a result, it is easy to see who read which version of what document using DocRead reports.
SharePoint document management features
It should be possible to retrieve a full audit log detailing which users did what with a policy
As a policy is authored and read there should be a full audit history of who changed what and when.
How can SharePoint and DocRead help?
Although not activated by default it's possible to quickly turn on SharePoint's auditing capabilities which effectively log all access to a document by a logged in user.
It should be possible to prevent a policy from being published until key stakeholders have approved it
When a policy is ready to be published it needs to be approved by one or many stakeholders in the organization.
How can SharePoint and DocRead help?
Microsoft SharePoint has a very advanced workflow feature allowing complex approval processes to be orchestrated and audited. The workflow mechanism is also highly extendable so it's a breeze to add extra features / notifications throughout the process.
It should be easy to communicate a new or changed policy to the right groups of users
Once a policy has been authored and approved, it needs to be easy to communicate it to those employees who are required or recommended to read and confirm it.
How can SharePoint and DocRead help?
There are many ways with SharePoint and DocRead that this can be achieved. User Alerts can be configured on the document library containing the updated policy. As changes are made to a policy, SharePoint can automatically notify a set of users.
DocRead for SharePoint provides a more comprehensive mechanism. Using DocRead makes it very simple to assign the document to a group of users, team or department and ask they they read and acknowledge it.
Get your free policy template
It should be possible to assign a user a deadline by which they must read and confirm a policy
When a policy has been communicated and assigned to an employee they should be given a deadline by which they should have read / completed and confirmed the policy.
How can SharePoint and DocRead help?
This isn't directly offered by Microsoft SharePoint but is supplemented brilliantly by DocRead for SharePoint. DocRead allows you to set a 'number of days' that a person has to read and confirm a document by. The countdown starts from the time they enter a team or group, making it ideal for on-boarding and new starters.
Read and Acknowledge Policies with DocRead
It should be easy to track and report on who has and hasn't read a policy
Once a policy has been published into an organization it's often necessary to track the progress of individuals as they access and complete their tasks.
How can SharePoint and DocRead help?
Again, this isn't directly offered by Microsoft SharePoint but is comprehensively implemented with DocRead for SharePoint. DocRead has a fantastic set of reports allowing line managers to view the status of their team's compliance. Policy publishers can also review reports and drill-down by document or person. All reports are also downloadable so can be taken to company compliance review meetings.
Track and Report policy compliance status
It should be possible to tag and classify a policy to make it more discoverable
An organization can have tens of thousands of documents in their document repository, so it's good practice to classify documents to a given taxonomy. This includes policies. Classifying documents in this fashion really helps users find what they need.
How can SharePoint and DocRead help?
SharePoint offers superb facilities to be able to add metadata to a document. This can be achieved on either an adhoc basis or to be centrally managed via the 'managed metadata services'. For a comprehensive overview of this service please click the link below.
Using metadata to classify policies
It should be easy to test a users comprehension
Sometimes the only way to see if a user understands a policy is to set them a test. A policy management system needs to allow for exams, surveys and tests to be presented to the users. If the user is unable to pass the exam they shouldn't be allowed to confirm their reading.
How can SharePoint and DocRead help?
DocSurvey for SharePoint works seamlessly with both SharePoint and DocRead. Once the test or quiz is created and pass mark set, all that's needed is to attach it to the policy. From this point, the user will be presented with the exam when they attempt to sign-off on the reading.
Testing Comprehension of a policy
It should be easy to search and locate a policy in seconds
When an employee needs to discover what their company's stance is on an issue, it should be possible for them to perform a search to easily locate that policy. SharePoint offers a first class Search engine that can be customized to provide the perfect search experience.
How can SharePoint and DocRead help?
One of SharePoint's greatest strengths is its in-built search engine. SharePoint can be configured to cope with best bets, synonyms and also allow you to effect the ranking of a document.
For those that wish to browse (rather than search by Keyword) then metadata navigation can also be utilized to assist finding the correct policy.
It should be possible to set next and last review dates so that the policy can be reviewed and reworked at certain points in it's life-cycle
Once a policy is published, it's unlikely to not need amendments in the future. Staff may not understand it, the law may change, or it may just be out of date. A policy management system should support the review and revise process making it easier to work with.
How can SharePoint and DocRead help?
SharePoint Information Management Policies are very useful for automatically performing actions on a document at some point in the future. Take a look at the article below to find out how to set a reminder to review a document at some point in the future.
How to configure a yearly reminder on a SharePoint document
It should be possible to Archive and convert the policy
Once a policy is no longer needed it should be archived and stored in a place that can be retrieved if the requirement should arise.
How can SharePoint and DocRead help?
SharePoint hasn't always been the best solution at managing an organizations records. If you are still using SharePoint 2010, then article below explains what the issues are and also how they can be mitigated. If you are using later versions of SharePoint then the functionality has matured.
Issues with using SharePoint 2010 for Records Management
It should be possible for staff to request that a new policy is developed
All organizations need a method allowing staff to request the creation of a new policy. This can take the form of a simple e-mail. However the request is submitted, you need to ensure that it is managed and prioritized by the compliance team.
How can SharePoint and DocRead help?
SharePoint allows a list to be developed and filled-in by a user in minutes. Once the request comes in to a SharePoint list, it can be tracked and processed by the entire team. An approval workflow can also be activated as the request lands which results in a confirmation to the requester, as well as an alert for the policy team.
It should be possible for policy writers to develop a policy to a set of published standards and document templates
All policies should be developed to a consistent set of standards. This includes a certain style of writing, look and feel and structure.
How can SharePoint and DocRead help?
SharePoint allows Document Templates to be associated with a content type. To help share the organizations standards (or policy or policies), SharePoint has fantastic document management features that are unrivalled by anything else out there.
If you prefer your policies to be constructed as a web page then SharePoint allows publishing pages to be developed with clearly defined input fields that prompt the author to enter the correct content.