We’ve just launched new features to help you work smarter!
Check them now!
Article

Part 6 - Policy Review Process in SharePoint

Our Client
Profile
Location:
Size:
Sector:
Focus Areas
No items found.
Technology
No items found.

In brief

  • Why one policy review schedule is not always the right answer
  • The four different factors that trigger an early policy review
  • Identifying and managing orphan policies to ensure ownership
  • Discover how SharePoint can automate and simplify policy management

Prefer to speak to us about our approach to the policy review process? Book a short call with one of our team to get answers to your questions.

Policy management series

It is widely recognised that an effective policy review process is essential for ensuring that policies remain compliant with organisational needs. In this article, we discuss how to plan and implement a streamlined policy review process in SharePoint, taking into account the needs of various stakeholders.

This series explores the key considerations at each stage of the policy lifecycle.

Download Fact Sheet
Download Fact Sheet

Prefer video? No problem, watch a short video on Policy Reviews instead.

What is the policy review process?

Policies provide governance over employee behaviour and decision-making across your organisation. Once drafted, Policies follow a formal approval process, covered previously, and are then published, often with the help of a Policy Management Solution.

Typically, once a policy is approved, that action triggers a timeline for the next review, to ensure that 1 or 2 years down the line the policy is checked that it still achieves the necessary outcomes. That said, the scheduled review process isn't the only thing that can trigger a policy review.

Triggers for early policy review

Several factors might call for an earlier policy review, such as:

  • Change in the External Environment: Adjustments in laws or regulatory requirements may render your current policies obsolete or non-compliant.
  • Internal Factors: Changes in the company’s focus, organisational structure, or responsibility for the policy may require a review to ensure policy alignment with the new working environment.
  • Non-Conformance of the Policy: If a policy is not being adhered to, it may indicate that the policy is impractical or misunderstood, prompting a review.
  • Feedback on the Policy: Employee feedback might highlight areas where the policy lacks clarity or effectiveness, necessitating redrafting or refinement.
    With Policy Express, our solution for SharePoint Policy Management, policy reviews can be triggered by changes in external laws, internal shifts, or non-conformance, ensuring compliance and relevance.

Managing orphan policies

As a consultancy, we've frequently encountered clients facing the challenge of orphan policies - those without a valid owner or any owner at all. Identifying these policies early is crucial for effective governance.

Detecting leavers can be relatively straightforward. Using Policy Express for SharePoint, the solution generates a report that compares the policy owner with the list of active licensed users in Microsoft 365, highlighting any gaps.

It is more challenging to identify when an owner has changed roles and is no longer responsible for the policy. Ideally, policy ownership should transfer when the current owner relinquishes their responsibilities. However, as a safeguard, providing early awareness of the upcoming policy review should prompt the legacy owner to raise the issue with the overall policy administrator for reassignment. Again, Policy Express solves this by providing configurable reminders – typically starting 90 days out.

Using Policy Express, our solution for SharePoint Policy Management, organisations can easily generate reports identifying policies lacking ownership by comparing active users in Microsoft 365 with policy owners.

How often to review policies

Many organisations follow a blanket rule for all policies, typically reviewing them every two years. However, in organisations with a more mature approach to policy management, we observe the following traits:

  • Setting Different Review Periods: Tailoring review periods based on the type and importance of each policy.
  • Varying the Period Based on Approval Workflow: For instance, a policy approved by the board may have a two-year review cycle, while one extended by a manager might require review after one year.
  • Early Policy Review: Conducting reviews sooner when certain conditions are met.
  • Extension Review: Allowing a policy to remain in force for an additional 90 days while further updates are made if agreed upon by the committee.

What to do when a policy review date is passed

Sometimes, a policy that has been published passes its review date. The initial response from some is to remove these policies from the user view. However, with a bit more consideration, it's usually better to have an outdated policy in force than to have none.

When a policy has passed its review date, a couple of actions should be taken:

1. The overall Policy administrator should be able to easily report on overdue policies.
2. End-users should be informed when accessing a policy that the review is overdue, as this may have implications for the policy's applicability.

Your 3-step plan for your policy review process

In most organisations, the policy review process often takes a backseat until the policy review is due or an ISO assessor's visit is scheduled! Here's a simple three-step plan to streamline your policy review process:

  • Capture your Policy Review Process: Consider period variations based on policy type and integrate these review periods into the final step of your approval process.
  • Review Administration: Ensuring reviews happen is one of the key challenges. Make this task easier by setting clear responsibilities and using reports to focus on managing exceptions.
  • Separate the Review and Approval process: Distinguish between the review, which involves the policy owner checking and updating the policy, and the approval, which is the process of getting those updates signed off.

Need help with policy review in SharePoint?

Manually capturing feedback, assigning it to the right person, tracking review schedules, and understanding different rules for various policies is time-consuming for quality managers.

SharePoint Online offers a platform that can support you to:

  • Capture Feedback: Use forms to collect and collate feedback efficiently.
  • Manage Review Schedules: Implement workflows to keep on top of review timelines.
  • Automate Reminders: Set up a series of automated reminders to notify policy owners about upcoming reviews.
  • Produce Reports: Integrate with Power BI to generate comprehensive reports.

However, configuring SharePoint requires technical knowledge and time. If you want to move faster, Policy Express is a fixed-fee solution and can solve these familiar challenges, all within Microsoft 365.

See how Policy Express can streamline your policy review process and enhance your governance framework in this short explainer video.

Blog posts

Explore related insights and articles

Automating policy compliance and approvals with Policy Express
Read more
Case Study
Part 5 - Collecting policy feedback in SharePoint
Read more
Article
Part 2 - Policy approval in SharePoint
Read more
Article
Designed by Radiant templates, Powered by Webflow
Stravo-footer-cta-x-icon
This is some text inside of a div block.
Stravo-footer-facebook-icon
This is some text inside of a div block.
Stravo-footer-instragram-icon
This is some text inside of a div block.
Stravo-footer-cta-linkedin-icon
This is some text inside of a div block.