10 reasons to use SharePoint for policy management
Policy management and compliance is something every company has to deal with at some point. Even the smallest of organisations have policies and procedures that they need employees to read, acknowledge and subsequently sign up to.
Governance activities also creep into day to day company management; HR, accounting, finance, and third party collaboration all create paperwork that needs due attention. The good news is that many organisations already have the right system in place to deal with policy management and compliance, but they often don’t realise it. The name of that system? Microsoft SharePoint.
Many organisations are already using SharePoint as a document management system without realising that it can also be a powerful compliance and policy management tool.
The secret to success is knowing how best to utilise the out of the box features and when to use third-party add-ons to supplement its functionality.
This post will look at the ten requirements of a good policy and compliance system and how to use SharePoint to deliver them.
Policies need to be created in a collaborative environment
A well-written policy is usually the result of teamwork. As well as multiple authors, policies tend to involve discussions and reviews with key business stakeholders across multiple departments.
SharePoint is designed from the ground up to be a collaborative environment. At its core is the concept of self-contained sites where each site has its own set of users, permissions, documents, tasks, discussions and more. You can use SharePoint to create dedicated policy sites where users collaborate to create and review specific policies. Once those policies are ready to be published, they can be moved to a Policy Portal as a read-only document and targeted to the relevant users.
Policies need a unique name or ID number
By their very nature, policies tend to be unique. They address a specific point, process or set of users. SharePoint offers a document ID service, which assigns a unique reference to a policy from the moment it is created. This has the additional benefit of giving every document a unique URL that can be tracked or linked.
Tired of reminding staff to read your company policies?
DocRead can help
Policies should only be created and modified by policy owners
Policies should be authored, reviewed and approved by a specific group of business stakeholders. One of SharePoint’s core strengths is its permissions model, which uses a combination of authentication and access control. Users can be assigned specific permissions individually or as part of a group allowing documents, or policy sites, to be accessible only to particular users.
Policies need to be version controlled
All policies need to be subject to version control, allowing them to be updated and maintained over the lifetime. Version control is also vital to ensure users read the correct version of a given policy.
SharePoint supports major and minor version control out of the box. Major versions ensures there is always a clearly labelled ‘latest version’ for publication. Minor versions are invaluable during the policy creation or editing process to indicate that the policy is still in a draft mode and not ready to be published to a broader audience.
It should be possible to track the audit history of a policy
Many policies are valid for several years. Along with version control, it is essential to audit their history and check who created them, review them, and modify them. It’s also vital to record when changes are made and when the different versions are published.
A policy should only be published when all relevant stakeholders have formally approved it
The collaborative nature of policy-making means that a formal approval process is essential. A policy is generally only deemed ‘live’ when stakeholders have signed it off.
SharePoint supports several approval and publishing controls via its powerful workflow engine that allows almost any combination of approval processes to be created and rigorously enforced.
Are your policies read on time and by the right people?
DocRead can help
It should be possible to save policies as read-only formal records
Once a policy has been published, it is often required to make it read-only and store it as a formal record for auditing and governance purposes.
SharePoint supports powerful Records Management functionality out of the box, allowing documents to be made read-only and moved to a bespoke ‘Records Centre’.
It should be possible to target policies to users for formal acknowledgement
Once a document has been created and published, it is ready for circulation to its wider audience. This audience should then be asked to acknowledge and sign off on their acceptance formally.
Our DocRead add-on for SharePoint builds on the out of the box SharePoint functionality. It adds the ability to assign documents to users for mandatory reading and acceptance.
It should be possible to track and report on who has and hasn’t read a policy
Once a policy has been circulated for acknowledgement, it is essential to track which users have and haven’t signed up.
DocRead supports extensive reporting and tracking, making it simple to understand who has read and accepted a policy.
It should be possible to test how much of a policy users have understood
Signing off on reading a policy is often only half the job. Many organisations want to reassurance that users have understood the policy details.
DocSurvey complements DocRead by adding advanced survey and questionnaire functionality to SharePoint. In-depth intuitive surveys can be assigned to users to quiz them on their understanding.
How do you know your policies are fully understood?
DocRead can help