The Ultimate Policy Management Software Checklist!
If you are searching for policy management software and are feeling a bit overwhelmed then this purchasing guide will help. This guide is ideal for situations where you have to create an RFP and want to understand what to look for in a policy management system.
Regardless of what technology you use (On-premises vs Cloud) you will need to evaluate a solution against the same set of features. The list below outlines those features and explains how SharePoint (and our own product DocRead) help fulfill them. If using SharePoint isn't possible for you then I hope this helps when researching other policy management software.
It should be easy to work collaboratively on a policy reducing the need for duplication
Being able to collaboratively work on a new (or existing) policy document is essential. Larger policies can often require input from several people both within the organization as well as outside of it. You should really try to avoid e-mailing the policy around as this results in multiple copies and will make tracking changes extremely hard. Alongside the authoring of the document you will also need a single place to store and tag reference documentation, meeting minutes, discussions, site links, videos and so on.
How can SharePoint and DocRead help?
Microsoft SharePoint offers a plethora of features to assist you here. Document libraries can be used to store the policy alongside all of the supporting documents. Each document can be authored, tagged with metadata, secured, searched for, listed, shared, converted! You name it, SharePoint (and Microsoft Office) have a feature to help in each step. SharePoint is one of the leading document management systems in the World and is backed by the might of Microsoft.
Check out our blog post on this for more details:
Are your policies read on time and by the right people?
Make compliance simple
It should be possible to give a unique name to a policy making it more identifiable and reducing ambiguity
In large organizations the chances of having 2 documents with the same name is very high. If you were audited (or needed to prove which particular document had been signed off) then this could prove to be troublesome. It's absolutely key that you can trace who read what, when and which version it was.
How can SharePoint and DocRead help?
SharePoint can help greatly here as each document can be allocated a unique id. This means the risk of ambiguity where two documents are named the same or similarly is reduced. Another benefit of using SharePoint is that the document can be accessed via a URL that doesn’t contain location specific information. This has the advantage that if the document moves, or the URL changes, the link will remain intact. Consequently, integration into other systems is far more reliable. If a document has been signed-off there must be no confusion which version was approved!
Check out this Microsoft support article for more details:
Enable and configure unique Document ID
It should be possible to secure a policy so that only authorized users can access it throughout it's life-cycle
From the day a policy is first created, to the day it is archived a policy should only be accessed and edited by users with appropriate permissions to do so. If a policy falls into the wrong hands at any point in the life-cycle it could be tampered with and amended to mean something entirely different.
How can SharePoint and DocRead help?
Microsoft SharePoint has a very mature security framework. It allows users to be added to groups and given permissions to carry out certain features such as 'edit a document' or 'delete a document'. The security framework also allows permissions to be set at the top-level site container. These site permissions can be automatically inherited all the way down to a document library and individual document.
You can find more information on how to configure SharePoint permissions on this Microsoft Support article:
Customize permissions for a SharePoint list or library
It should be possible to store multiple versions of a policy so loss of data is not an issue
Although it's imperative that there's only one major version being read and acknowledged at a particular time, it's almost certain that your policy will undergo several iterations or require updating at some point during its life.
How can SharePoint and DocRead help?
SharePoint version management should be configured to allow a history of versions to be easily viewed and restored if necessary. DocRead will also record the exact version number that was acknowledged by staff. As a result, it is easy to see who read which version of what document using DocRead reports.
Check out our blog post on this for more details:
SharePoint document management features
It should be possible to retrieve a full audit log detailing which users did what with a policy
As a policy is authored and read there should be a full audit history of who changed what and when.
How can SharePoint and DocRead help?
Although not activated by default it's possible to quickly turn on SharePoint's auditing capabilities. These will effectively log all access to any document by a logged in user.
Check out this blog post on this for more details:
It should be possible to prevent a policy from being published until key stakeholders have approved it
When a policy is ready to be published it needs to be approved by one or many stakeholders in the organization. This is necessary so that each stakeholder has signed off on the terms expressed in the policy.
How can SharePoint and DocRead help?
Microsoft SharePoint has a very advanced workflow feature that allows for a complex approval processes to be orchestrated and audited. The workflow mechanism is also highly extendable so it's a breeze to add extra features / notifications throughout the process.
Check this Microsoft Support article for more information on how to create approval workflows with power automate:
Create and test an approval workflow with Power Automate - Power Automate | Microsoft Learn
It should be easy to communicate a new or changed policy to the right groups of users
Once a policy has been authored and approved, it needs to be easy to communicate it to those employees who are required or recommended to read and confirm it.
How can SharePoint and DocRead help?
There are many ways with SharePoint and DocRead that this can be achieved. User Alerts can be configured on the document library containing the updated policy. As changes are made to a policy, SharePoint can automatically notify a set of users.
For a more comprehensive mechanism, DocRead for SharePoint makes it very simple to assign the document to a group of users, team or department and ask they they read and acknowledge it.
Take a look at this link for more details:
How DocRead for Office 365 makes compliance simple
You may also be interested in our guide that explains how to manage Internal Communications with SharePoint.
Get your free policy template
It should be possible to assign a user a deadline by which they must read and confirm a policy
When a policy has been communicated and assigned to an employee they should be given a deadline by which they should have read / completed and confirmed the policy.
How can SharePoint and DocRead help?
This isn't directly offered by Microsoft SharePoint but is supplemented brilliantly by DocRead for SharePoint. DocRead allows you to set a 'number of days' that a person has to read and confirm a document by. The countdown will start from the time they enter the team or group, making it ideal for on-boarding and new starters.
Take a look at this link for more details:
How DocRead for Office 365 makes compliance simple
It should be easy to track and report on who has and hasn't read a policy
Once a policy has been published into an organization it's often necessary to track the progress of individuals as they access and complete their tasks.
How can SharePoint and DocRead help?
Again, this isn't directly offered by Microsoft SharePoint but is comprehensively implemented with the DocRead Compliance Cockpit. DocRead offers excellent dashboards that help compliance managers check the progress of policy reading tasks. They can drill-down into details by document, person, library, group or audience.
Take a look at this link for more details:
It should be possible to tag and classify a policy to make it more discoverable
An organization can have tens of thousands of documents in their document repository, so it's good practice to classify documents to a given taxonomy. This includes policies. Classifying documents in this fashion really helps users find what they need.
How can SharePoint and DocRead help?
SharePoint offers superb facilities allowing metadata to be added to a document. This can be achieved on either an adhoc basis or centrally managed via the 'managed metadata services'. For a comprehensive overview of this service please click the link below.
Using metadata to classify policies
It should be easy to search and locate a policy in seconds
When an employee needs to discover what their company's stance is on an issue, it should be possible for them to perform a search to easily locate that policy. SharePoint offers a first class Search engine that can be customized to provide the perfect search experience.
How can SharePoint and DocRead help?
One of SharePoint's greatest strengths is its in-built search engine. SharePoint can be configured to cope with best bets, synonyms and also allow you to effect the ranking of a document.
For those that wish to browse (rather than search by Keyword) then metadata navigation can also be utilized to assist finding the correct policy.
Take a look at our blog on this for more details:
It should be possible to set next and last review dates so that the policy can be reviewed and reworked at certain points in it's life-cycle
Once a policy is published, it's unlikely to not need amendments in the future. Staff may not understand it, the law may change, or it may just be out of date. A policy management system should support the review and revise process making it easier to work with.
How can SharePoint and DocRead help?
Any SharePoint library that has a Date Column allows user to set a reminder against that column. This means that you can add a new Date column to the library containing your policies and call it “Review Date” and then configure SharePoint to remind you to review the policy a few days before the “Review Date”.
For more information on how to work with reminders have a look at this Microsoft post:
Set a reminder flow - Microsoft Support
It should be possible to Archive the policy and provide effective record management history
Once a policy is no longer needed it should be archived and stored in a place that can be retrieved if the requirement should arise.
How can SharePoint and DocRead help?
SharePoint hasn't always been the best solution at managing organizations records but things have improved from SharePoint 2016 onwards. You can find more information about Records management with SharePoint on this Microsoft page:
Implement Records Management - Microsoft Support
It should be possible for staff to request that a new policy is developed
All organizations need a method allowing staff to request the creation of a new policy. This can take the form of a simple e-mail. However, you need to ensure that the request is managed and prioritized by the compliance team.
How can SharePoint and DocRead help?
SharePoint allows a list to be developed and filled-in by a user in minutes. Once the request comes in to a SharePoint list, it can be tracked and processed by the entire team. An approval workflow can also be activated as the request lands which results in a confirmation to the requester, as well as an alert for the policy team.
It should be possible for policy writers to develop a policy to a set of published standards and document templates
All policies should be developed to a consistent set of standards. This includes a certain style of writing, look and feel and structure.
It should be possible for policy writers to develop a policy to a set of published standards and document templates
All policies should be developed to a consistent set of standards. This includes a certain style of writing, look and feel and structure.
How can SharePoint and DocRead help?
SharePoint allows Document Templates to be associated with a content type. To help share the organizations standards (or policy or policies), SharePoint has fantastic document management features that are unrivalled by anything else out there.
If you prefer your policies to be constructed as a web page then SharePoint allows publishing pages to be developed with clearly defined input fields that prompt the author to enter the correct content.
You can find more information about SharePoint Content Types on this Microsoft support page:
Introduction to content types and content type publishing - Microsoft Support