10 reasons to use SharePoint for policy management

Policy management and compliance is something every company has to deal with at some point. Even the smallest of organisations have policies and procedures that they need employees to read, acknowledge and subsequently sign up to.

Governance activities also creep into day to day company management; HR, accounting, finance, and third party collaboration all create paperwork that needs due attention. The good news is that many organisations already have the right system in place to deal with policy management and compliance, but they often don’t realise it. The name of that system? Microsoft SharePoint.

Many organisations are already using SharePoint as a document management system without realising that it can also be a powerful compliance and policy management tool. 

The secret to success is knowing how best to utilise the out of the box features and when to use third-party add-ons to supplement its functionality. 

This post will look at the ten requirements of a good policy and compliance system and how to use SharePoint to deliver them.

Collaborative environment

A well-written policy is usually the result of teamwork. As well as multiple authors, policies tend to involve discussions and reviews with key business stakeholders across multiple departments.

SharePoint is designed from the ground up to be a collaborative environment. At its core is the concept of self-contained sites where each site has its own set of users, permissions, documents, tasks, discussions and more. You can use SharePoint to create dedicated policy sites where users collaborate to create and review specific policies. Once those policies are ready to be published, they can be moved to a Policy Portal as a read-only document and targeted to the relevant users.

Policies need a unique name or ID number

By their very nature, policies tend to be unique. They address a specific point, process or set of users. SharePoint offers a document ID service, which assigns a unique reference to a policy from the moment it is created. This has the additional benefit of giving every document a unique URL that can be tracked or linked.

Policies should only be created and modified by policy owners

Policies should be authored, reviewed and approved by a specific group of business stakeholders. One of SharePoint’s core strengths is its permissions model, which uses a combination of authentication and access control. Users can be assigned specific permissions individually or as part of a group allowing documents, or policy sites, to be accessible only to particular users.

Policies need to be version controlled 

All policies need to be subject to version control, allowing them to be updated and maintained over the lifetime. Version control is also vital to ensure users read the correct version of a given policy.

SharePoint supports major and minor version control out of the box. Major versions ensures there is always a clearly labelled ‘latest version’ for publication. Minor versions are invaluable during the policy creation or editing process to indicate that the policy is still in a draft mode and not ready to be published to a broader audience.

It should be possible to track the audit history of a policy

Many policies are valid for several years. Along with version control, it is essential to audit their history and check who created them, review them, and modify them. It’s also vital to record when changes are made and when the different versions are published.

SharePoint records a history of all document versions, who was responsible for the changes and when

A policy should only be published when all relevant stakeholders have formally approved it

The collaborative nature of policy-making means that a formal approval process is an essential feature of any policy management system. A policy is generally only deemed ‘live’ when stakeholders have signed it off. 

SharePoint supports several approval and publishing controls via its powerful workflow engine that allows almost any combination of approval processes to be created and rigorously enforced.

Is your SharePoint content read on time and by the right people?

DocRead can help

It should be possible to save policies as read-only formal records

Once a policy has been published, it is often required to make it read-only and store it as a formal record for auditing and governance purposes.

SharePoint supports powerful Records Management functionality out of the box, allowing documents to be made read-only and moved to a bespoke ‘Records Centre’.

It should be possible to target policies to users for formal acknowledgement

Once a policy is created and published, it's ready for circulation to its wider audience. This audience will need to acknowledge reading the policy and a record of this acknowledgement stored for audit purposes..

Our DocRead add-on for SharePoint builds on the out of the box SharePoint functionality to provide a full policy management solution. It adds the ability to assign documents to users for mandatory reading and acceptance.

It should be possible to track and report on who has and hasn’t read a policy

Once a policy is circulated for acknowledgement, it is essential to track which users have and haven’t signed up.

DocRead supports extensive reporting and tracking, making it simple to understand who has read and accepted a policy.

Test for user's understanding

Signing off on reading a policy is often only half the job. Many organisations want to reassurance that users have understood the policy details.

DocSurvey complements DocRead by adding advanced survey and questionnaire functionality to SharePoint. In-depth intuitive surveys can be assigned to users to quiz their understanding.

The ultimate buyer's guide to policy management software

Do you need to evaluate a new system to manage your policies and procedures but are struggling to know what to look for?

There are so many factors that go into the decision making process - we've developed a detailed guide to help you!

You may also like: