Best Practices For Policy management _ Blog Header
Best Practices For Policy management _ Blog Header

Best Practices for Policy Management

Lauren Jackson |

Like the many gears that keep machinery running efficiently and working together, an effective policy management program involves many moving parts. Trying to wrangle these parts on your own, without help from a software solution, is no longer an option.

Sure, you can try. Sure, you can devote hours of effort manually piecing together everything regulators require to prove compliance – only to do it all over again when regulations change. Sure, you can throw thousands of dollars, if not more, at staff time annually to try and make this happen.

Or you could implement a system that automates all this for you, while saving you overhead and labor costs.

The one thing you cannot do is turn a blind eye and refuse to take action any longer. In this 24 hour, watchdog news cycle, where compliance breaches can break reputations (and stock prices) in a matter of hours, it’s time to get with the compliance program and protect yours.

It’s time to step up to proactively protect your organization, your employees and ultimately yourself, from compliance breaches. Maybe some part of you knew that already, but you don’t know how to move forward. That’s okay, we have a tool – not to mention a dedicated staff – that can help you progress towards your goal. We can guide you through the process.

The best place to start building your policy management strategy is with the best practice wheel:

Policy Management Best Practice Wheel

The wheel, like any effective policy management program, is cyclical because the starting point is a point you should continuously return to and cycle through on a consistent basis. There’s no start and finish because, with the way regulations stack up these days, no compliance program is ever completely done. That’s why it’s important to automate as many policy management practices as possible so you can keep up.

As you search for a policy management solution, be sure to find one that can guide your efforts and take care of each of these spokes on the wheel for you. At every step of the way, an effective policy management solution – such as Mitratech’s PolicyHub – will help automatically tick these best practice boxes off for you. This type of solution supports you through the entire policy lifecycle.

So what do each of these spokes mean? Let’s break these steps down a little further, starting with the Develop phase.


To create an effective policy management program, you need to create a centralized repository where you can develop, create and maintain policies. This single source of truth should serve as the hub to keep all your policies easily accessible in one area. You need to develop a hub where an audit trail follows behind everything like breadcrumbs follow a hungry two year old eating a baguette.


With a central hub for all policies, being able to continuously monitor your policy management program becomes easy and intuitive. You can set an automated workflow for each policy created and make sure the right people review the right policies at the right time before a policy goes live to a wider audience.  

Version control ensures that your approvers only see the most recent version of a policy, which makes getting the document to management for reviews and approval, and gaining senior level buy-in, a simple process.


A policy management solution lets you publish your policies quickly and get them in front of the right people in an easy-to-use fashion. It helps you set up flows that trigger automatically based on what you’ve decided is the right way to communicate, and only goes to the people who need to understand and attest to a certain policy. This makes sure you aren’t wasting employees’ time, since the software sends relevant policies only to the specific job titles that need them.


The affirmation is the ethical element in the best practice wheel, as well as a key factor in running reports and audits on your compliance program. This is the step where, with the right tool in place, management can gain real time views into who has accepted which policies, which version of that policy and when.

Including this affirmation helps enforce your compliance program from the top down. This step makes it clear to employees why a specific policy is important to your organization, to your leadership team and clarifies why it is presented to certain employees. This step enables employees to understand the core principles of an organization and gives them the opportunity to opt into those policies, ethics and values. This aligns everyone from leadership down to the most entry-level employees.

Assess Knowledge

Policies will never work properly if the people who create them don’t have insight into whether or not they’re communicating effectively. It’s therefore critical that leadership knows if employees understand their policies and procedures. The only way to gain this insight is to assess an employee’s knowledge through an exam.

A true knowledge assessment should consist of two parts. The first part happens right after an employee completes their training, when they take a test on what they read and learned. These assessments let you immediately test an employee’s understanding. If they don’t understand, these assessments provide insight into where leadership needs to fill the knowledge gap. If the knowledge gaps occurs because a policy was poorly written, leadership can remediate, review and change the procedure as needed, all within the same system.  

The second type of assessment could include a survey taken months after the initial policy review. Surveys help leadership determine if the knowledge their policies attempted to communicate in theory work in practice.

For example, if the original policy focused on bribes, you could send a periodic survey asking employees if they received any gifts recently, where the gift originated from and what the total value was.

Assessing the knowledge and understanding of your employees helps determine if your policy management program is effective, and helps you take steps to remediate your program if it’s not.

Report and Audit

Ultimately, regulators want to see evidence that your compliance program is effective. Through your policy management solution, you should be able to quickly understand if your organization is protected, if you can prove that employees understand and comply with regulations and whether you published your policies in a timely fashion.

In other words, you should be able to wrap up everything you’ve done and demonstrate your program’s effectiveness by providing a full report, including a report on your surveys and test results.


At this point, you might wonder why you can’t just handle this on your own, using an ad hoc combination of various software. Many people try to manage policies their own way, arguing that they don’t need a software solution to do this for them.

The simple truth is, traditional, ad hoc methods don’t provide you with the robustness and level of detail you need to prove your compliance to today’s regulators. If you really look at the level of granularity and detail most regulators ask for, self-created systems simply aren’t effective.

While not all regulators agree on the details of compliance, most regulators across the world do agree that the foundation of an effective compliance program is policy management. And policy management is something you can start implementing today – one spoke on the wheel at a time.

Find out more about how our policy management solution can help your company adhere to best practices in compliance. Connect with us today.