We’ve just launched new features to help you work smarter!
Check them now!
Article

Part 2 - Policy approval in SharePoint

Our Client
Profile
Location:
Size:
Sector:
Focus Areas
No items found.
Technology
No items found.

In brief

  • SharePoint supports a basic 1-Step approval process out-of-the-box.
  • Most policies require more complex approvals including delegated approval
  • Approval Processes may vary for different jurisdictions and departments.
  • Use a Policy Management solution to automate the approval process.
  • Use eSignatures to meet regulatory needs.

Prefer to speak to us about our approach to Policy approval? Book a short call with one of our team to get answers to your questions.

  • Policy Management Series

Policies and controlled documents play a vital role in your organisation’s governance, risk, and compliance (GRC) strategy. In this article, we discuss Policy Approvals, the various approval steps and considerations for delegated / board approvals as well as handling non-material changes.

Policy Express, our solution for SharePoint Policy Management, automates this process, ensuring compliance and reducing administrative effort.

This series explores the key considerations at each stage of the policy lifecycle.

Download Fact Sheet
Download Fact Sheet

Prefer video? No problem, watch a short video on Policy Approval instead.

What is policy approval?

In your organisation, a risk, legal requirement, or standard has been identified, and it has been determined that addressing it with a documented company policy is necessary. This approval requirement can be broadened to include Controlled Documents such as Standard Operating Procedures (SOPs), templates, and forms.

Examples of Policies Include:

  • HR Policy on Working from Home
  • IT Policy on Bring Your Own Device (BYOD)
  • Compliance Policy on Trading Stocks/Shares on Personal Accounts

After a policy has been drafted and consulted upon, it requires agreement from the relevant decision-makers to be confirmed. This typically involves a multi-stage process including input from departmental experts, the head of Quality/Governance, Risk, and Compliance (GRC), and board or committee approval.

Throughout this process, the organisation must track and provide evidence of the approval trail to ensure compliance.

Why are approve policies using SharePoint?

Manually tracking approvals via paper or email is prone to errors and can be time-consuming for quality managers to execute and evidence during an audit. Additionally, policy owners often spend excessive time chasing re-validations, leading to wasted administrative effort.

SharePoint Online offers built-in approval automation capabilities. The "Request sign-off" feature provides a simple and user-friendly approach with several benefits:

  • Identity Validation: Users must be logged into Microsoft 365 to approve a policy, ensuring secure identity verification.
  • Notifications: Users who receive approval requests are automatically notified, streamlining communication.

However, there are some disadvantages to the "Request sign-off" feature:

  • Audit Trail: The document does not maintain an audit trail or version history indicating who approved it and when.
  • Business Rule Validation: When issuing the request, a user can select anyone within the organisation without validating whether the recipient is the appropriate approver.

Approving policies with SharePoint and Power Automate

To enhance the Document Approval capabilities, Microsoft’s workflow automation platform, Power Automate, can be used to create a customised approval process. This allows for:

  • Multi-Stage Process: Constructing a process that includes Review, Approval, and Publishing steps.
  • Audit Log Entries: Capturing entries to track the progress of a policy through each stage.
  • Business Validation Rules: Applying rules to ensure approvals are submitted to the correct individuals, based on factors such as the department responsible for the policy. Policy Express enhances these workflows, providing audit trails and customisable approval stages.

Policy Express, our solution for SharePoint Policy Management, enhances these workflows, providing audit trails and customisable approval stages.

While Power Automate is marketed as accessible to "power users," experience shows that you may quickly require the assistance of a Power Automate expert.

Designing your approval process

For a Policy Approval Process, you need to consider:

Roles:

  • Policy Author
    • Drafts the Policy
  • 1st Level Approver*
    • Subject Matter Expert (SME)
    • Head of Department
  • 2nd Level Approver*
    • Head of Quality / Quality Controller
    • Governance Risk Committee (GRC) Representative
  • Final Approver:
    • Committee Approval
    • Board Approval

    * Normally one of.

    Steps:The typical approval process includes the following stages, which are common in quality workflows:
    • The policy author initiates the approval process.
    • The 1st Level Approver reviews and either approves or rejects the policy.
    • The 2nd Level Approver reviews and either approves or rejects the policy.
    • Final approval is sought from a board or committee.
    • Once approved, the policy is published and circulated.

Variations in approval processes:

Low-Risk Content

For controlled documents that are deemed low-risk, a single-step approval may be sufficient.

Non-Material Changes

For non-material changes, the policy owner may be authorised to issue updates without undergoing the full approval process.

Jurisdictions / Departments:

When multiple departments or jurisdictions manage their policies, different processes may need to be defined for each variation.

Multiple Signatories

In some cases, multiple signatories may be required for a policy stage to be completed, rather than just one.

Building the policy approval process

When designing Policy Approval Steps, consider the following questions:

Who Can Approve the Stage?

  • Restricted: A pre-defined person or group of people.
  • Freeform: The initiator is trusted to assign the appropriate approver.

How Many People?

  • Single Person: One individual approves.
  • Multiple People (One Must Sign): Approval by any one of multiple designated people.
  • Multiple People (All Must Sign): Approval required from all designated people.

Following Step Completion:

  • Update the audit trail.
  • Notify the policy owner that the step is complete.
  • Initiate the next step, if required.

On Completion of the Process:

  • Initiate other workflow actions, such as converting the document to PDF and publishing it to the Policy Library.

Policy Express, our solution for SharePoint Policy Management, simplifies creating approval workflows tailored to your specific requirements.

Organisations operating in various jurisdictions may need to tailor processes according to each jurisdiction's requirements. However, departments within a jurisdiction might follow the same process while involving different stakeholders.

Policy Express's custom approval screen ensures accuracy

What if the policy goes to a board/committee for approval?

Policies are often finalised in a committee or board meeting, as seen in both charities and regulated industries such as banking. Should each board member receive a workflow notification to capture their approval of a policy?

In our experience, decisions made during board meetings are typically documented in the minutes, which are then ratified at the next meeting. Therefore, a board representative can complete the approval workflow on behalf of the board. This approval process should be documented by a representative of the committee.

Should I use an eSignature tool for policy approval?

Using an eSignature tool like DocuSign or Adobe Sign for Policy Approval is beneficial, especially where regulatory compliance, such as in Healthcare in the UAE, requires it.

While Microsoft 365 offers robust authentication and audit trails for most organisations, eSignature tools provide enhanced security, convenience, and legal validity for signing policies remotely and meeting specific regulatory requirements.

Your 3-step plan for implementing SharePoint policy approval

In most organisations, the policy approval process is established before the technical solution, given that:

  • Capture your Policy Approval Process – think about variations based on policy type, department and jurisdiction.
  • Set the expectation the approval process only starts when the consultation has been completed and the policy is ready for approval.
  • Keep it simple – it’s easier to have a representative of a committee approve the policy rather than requesting all must digitally sign it off.

We offer a fixed-fee solution, Policy Express, to automate and record the approval process.

Need help implementing policy approval in SharePoint?

Many organisations can map their existing process to the functionality of our Policy Express solution.

If your needs are more complex, then a consultancy approach can be taken, using our Policy Express solution as a starting point, we’ll work with you to deliver a bespoke solution on a fixed-fee basis.

See how Policy Express can streamline your policy approval process and enhance your governance framework in this short explainer video.

Blog posts

Explore related insights and articles

Transforming policy management compliance with AI
Read more
Article
Part 5 - Collecting policy feedback in SharePoint
Read more
Article
Policy Express delivers compliance in 90 days
Read more
Case Study
Designed by Radiant templates, Powered by Webflow
Stravo-footer-cta-x-icon
This is some text inside of a div block.
Stravo-footer-facebook-icon
This is some text inside of a div block.
Stravo-footer-instragram-icon
This is some text inside of a div block.
Stravo-footer-cta-linkedin-icon
This is some text inside of a div block.