Regardless of how big your organisation is or what it does, its conduct and operations should be guided by a set of clearly thought-out policies and procedures that are aligned to your corporate strategy.
Your policies shouldn’t just be a collection of documents that your people read once and then forget.
They should be a living, breathing set of guidelines that are updated and adapted as your organisation evolves, to reflect both the way it works and the external environment it operates in.
While this doesn’t mean you need a new policy for every single incident or change, no matter how big or small, it does mean having a regular review process in place to ensure your policies remain accurate, relevant, and effective.
And when your policies do change, communicating them across your organisation and keeping track of who has read, signed and understood them is vital to achieving and maintaining compliance.
A lifecycle approach to policy management is the first step in bringing this about.
A policy management lifecycle guides the process of managing and maintaining policies to ensure they are utilised effectively inside your organisation.
Here, we look at the four distinct phases of the policy management lifecycle and why they are essential.
The policy management lifecycle begins with the creation phase, which comprises the following stages:
The need for a policy is determined at the beginning of the process, usually to address a gap or specific issue. A policy may be required to fulfil a regulatory obligation, support your corporate values/ethics, satisfy a customer or stakeholder demand, ensure you meet industry best practice, or address a risk or liability. To identify your policy needs, your organisation requires an active risk and regulatory intelligence process.
The next stage in the creation phase is to designate a policy owner. Every policy n the company should be assigned an individual or business role who is responsible for it. Even if a code of conduct is implemented across the organisation, someone must be designated as the policy’s owner to ensure that it is implemented correctly.
Writing the policy is the next stage in the creation phase. All your policies should be written in a similar style, format, and language to ensure consistency. They must also be clear and easy to understand by the intended audience.
The creation phase concludes with the approval stage. Before going to publication, the owner sends the draft policy to all stakeholders involved in the approval process, such as your HR or legal teams, senior executives and anyone else with an interest in its creation. The aim here is to ensure that all relevant stakeholders agree that the new policy is appropriate for your organisation before it’s implemented.
The second phase of the policy management lifecycle is communication. Again, it’s split into several stages, which are:
After obtaining approval, the policy should be published, which could be via email, in printed policy manuals or on staff intranet sites. Unfortunately, many organisations have decentralised publication methods, which can make managing policies difficult, especially if there are no adequate controls in place to track who has read and understood them. Best practice here is to use a single online portal, like Policy Central’s platform, which each employee can use to view the latest versions of all the policies that apply to their job role. This makes it easier to disseminate new or updated policies and simplifies the way you can track digital signatures of acceptance and gather evidence of understanding.
In many cases, it’s now no longer sufficient to simply publish a policy. Giving your people the information they need relating to the policy via online or work-based training is the best way of ensuring they are aware of and understand the policy – or changes – and what it means to them.
Once the policy has been published and communicated, and any associated training has taken place, tracking which of your people have read, accepted and understood the policy is crucial. While many of the more traditional processes which do this are manual, time-consuming and paper-based, an online policy management platform, such as Policy Central, can help you track and monitor staff acceptance of key policy documents.
Once a policy has been created and communicated, it enters the management phase, which comprises the following steps:
After each policy is implemented, ongoing monitoring should take place to ensure it’s being adhered to and maintain compliance. Any cases of non-compliance or violation should be recorded and considered each time the policy is reviewed, to help highlight and address any areas of potential risk.
There may be times when your organisation can accept non-compliance. When this is the case, any exceptions should be documented and managed. Each exemption should be allowed only for a specific timeframe and reviewed regularly to validate that it’s still needed.
The final phase of the policy management lifecycle is maintenance, which includes the following stages:
Governance best practice suggests that every policy should be reviewed at least once a year. In the review stage, the policy owner should examine any cases of non-compliance and exceptions granted before deciding whether the policy is authorised to remain in force or needs to be updated or removed if it’s no longer relevant to the organisation.
Every policy – including all its versions – should be archived so that you can provide a complete understanding of the policy’s history if or when required, such as if a regulator asks. This should include how it was written, who read and accepted it, what training was given, and any non-compliance incidents.
Having a well-defined policy management lifecycle will help your organisation to better manage and maintain its policies, to ensure compliance and mitigate unnecessary risk.
Policy Central’s integrated online policy management platform can give you complete control of your organisation’s policy lifecycle. To find out more and book a free consultation, get in touch today.
Electronic document storage is critical to any document management system, but it is only one part of the bigger picture!