Policy management best practices 

Every governance, risk and compliance person, regardless of the type of business they work for, wants their policies to be read and understood by their employees, customers and suppliers. 

But let's face it - most employees probably aren't engaging with your policies. Afterall, you wouldn't be getting so many repeated mistakes and issues if they had really read and understood your policies. 

Kate Armitage, Product Quality Assurance Manager at Qualsys has earned a reputation for making even the driest of subjects interesting and thought-provoking. 

So when it comes to creating Qualsys's policies, she's always got a strategy for raising awareness, getting everyone onboard and making real business improvement. 

In this article, Kate has shared 7 top tips for creating policies that are effective and engaging.

 Kate armitage - quality manager-718280-edited.jpg

1) Establish a process for creating policies

Create a process for creating policies. You can do this within our Document Manager software (see image below). 

Policies within our software.png

Determine what policies are needed. Typical business policies: 

  • Electronic device policy
  • Flexible working policy
  • Risk management policy
  • Quality policy
  • Information security 
  • Business continuity and disaster recovery planning
  • Ethical policy
  • Equal opportunities policy
  • Data protection policy 
  • Health and safety policy

Standardise a template for the processes and procedures. This way there is a common look and feel to all the documentation. Here is our privacy policy example. 


2) Don't do it on your own

All of your policies should have an official owner. But that doesn't mean you have to do everything. For example, get relevant departments to be part of the approval cycle before the policy goes live. Below is an example of how this works in our software. 

Approval path example.png

Give employees ownership, assign responsibility and create the processes and procedures with the staff members who are doing the work. This way your team feel involved and empowered and more likely to share any ideas or risks. 


3) Link between policies

Create good links between different policies and documents where relevant. This will encourage users to read around and you can improve views of your policies by up to over ten times.

 Qualsys process interaction map.png

Image: Example of Qualsys's policy map 


4) Make your policies really simple

Good communicators make themselves look smart. Great communicators make their audiences feel smart.

First, read this. Now the rule is to keep your policies as simple as possible.



5) Cater for different learning styles 

When you're writing a policy, first and foremost you are becoming a teacher. Good teachers cater to different learning styles. For example, create process flow diagrams to support the written processes or a visual representation often aids understanding, or, if you have the time, create a video / webinar or audio recording to go with the written policy.  


6) PDCA 

Always remember that as well as planning and implementing the policies, that you are also discussing and reviewing the processes during your audit schedule. 

 auditing software and quality management.png

7) Use our software to manage all of your policies

Your policies should not be dispersed, nor should they only exist on paper. You need a system which provides a framework for managing and controlling your policies. Our software enables you to manage the entire life cycle of your policies. 

See our policy management module in action. 


What you should do now

Try our Stakeholder engagement template for a free step-by-step guide to getting your team engaged with quality. 

 Stakeholder Engagement toolkit


Topics: ISO 9001, Policy management

Share your thoughts on this article