Organizations of all types and sizes are researching and implementing Policy Management Systems globally. Traditionally associated with regulated or high compliance sectors, Policy Management is now considered a necessary tool for most organizations to achieve operational effectiveness. How do you know if it is time for your organization to make the investment in a formal solution? We explore the deciding factors in this article.
Topics include:
What is a Policy Management System?
What types of organizations need a Policy Management System?
What size of organizations need a Policy Management System?
Does the number of Policies and Procedures matter?
The impact of a Public Facing Portals
The cost of the wrong Policy Management System
Before you can evaluate if you need a Policy Management System, we need to start with what it includes. Many people think of a Policy Management Software or a Policy Management System as one of two extremes:
As with many things, the answer lies between these two end points. A Policy Management System certainly needs to effectively store your Policies and Procedures, but it also needs to manage the entire lifecycle of each document.
A valid Policy Management solution needs to facilitate each of the follow stages:
When many people think of a Policy Management System, it is usually associated with Regulations and Compliance. This is for a good reason! Most organizations that need to follow specific Regulations, Industry Standards or other compliance requirements have a higher bar for Policy and Procedure effectiveness. This includes controlling the Policy or SOP process, enforcing authorizations, tracking audit trails and confirming effective security controls are in place.
Good governance can help any organization eliminate waste, prevent issues and protect organization continuity through change. Many organizations though, require a higher level of governance and quality assurance that must be put in place. This higher level can be driven from many sources, including:
Any of these drivers can not only determine what Policies and Procedures are in place, but also require an organization to prove that they are effective. In these environments, the process of creating, revising, reviewing, approving, distributing and training for new Policies and Procedures can become very complicated, very quickly. The manual burden to keep up with the requirements can become overwhelming and as a result can drive the need for a Policy Management System well before other organizations that do not fall under any these structures.
Now that we have explored what types of organizations experience a greater need for a formal solution around Policies and Procedures have, we reach the next question. How big does my organization need to be before we need a formal Policy Management System?
The need for effective management of Policies and Procedures can begin as soon as there are 2 people in an organization. This of course does not mean that you need a Policy Management System with only 2 people, simply that the underlying process exists very early on in an organization and only grows
Although there is not a magic number to determine at what size does an organization need a Policy Management System, there are relative benchmarks an organization can apply.
The higher the accountability, the sooner the need for a formal Policy and Procedure solution. Eventually, the level of accountability is no longer relevant and the simple need for processes to be done correctly in a larger organization determines the need for a Policy Management System.
Another method to examine the relationship between the accountability factor and the size of an organization is by breaking the number of individuals involved in the process by role. Each stage in the Policy Management lifecycle can be associated with different roles. Roles are groups of individuals that need to complete a common task or group of tasks. The demands within a given role can determine if the threshold has been met to implement a formal solution.
Let’s look at some examples with roles:
Example 1 has 5 people involved in the creation / maintenance of the Policies and Procedures and 80 people that need access to the published versions. Does example 1 need a Policy Management System? Probably not, as long as there is a system to distribute any Policies and Procedures. The number of authors/collaborators/approvers is small enough to managed manually. In addition, there is no need to track Attestation or Training. Only document access is required, which can be done with a simple file share without security. Are there any benefits to implementing a Policy Management System for this organization? Probably. Well-run organizations understand at an early stage that by implementing tools early on can reduce waste, provide cultural acceptance and stop issues before they even start.
Example 2 has the same number of authors/collaborators/approvers as Example 1, the same number of people that need access to the Published Policies and Procedures, but Example 2 also needs those same people to attest and sign off that they have read and understand each of the documents that applies to them. This has now created a compliance burden and complexity that needs a proper solution in place. Even if there are only 50 documents, 4,000 individual signatures would be needed to track compliance! Does Example 2 need a Policy Management System? Definitely.
In example 3, documents are being distributed in an outside system, such as an intranet which eliminates the need for published document access, attestation and training. Does example 3 need a Policy Management System? Absolutely. The 25 different authors, collaborators and approvers indicates a larger volume of activity that would quickly lead to waste if not controlled by a dedicated solution.
The last item to take into consideration is the number of Policies and Procedures that exist. Typically, this is self-governing measurement. It would be highly unusual for an organization to only have 5 Policies and Procedures, but need to distribute them to over a 100 people. Conversely, needing 25 authors/collaborators/approvers for only 5 Policies and Procedures would be extremely odd.
As a result of the direct correlation between the number of Policies and Procedures to the number of individuals involved in the process, the number of documents can be excluded from the question of whether or not your organization is in need of a Policy Management System.
Beyond the primary drivers discussed in this article, there are could be additional considerations that could warrant an investment in a Policy Management System, even if the other criteria listed is not met.
A public portal distributes policies and procedures to the general public. Public facing portals do not require any logins or security. As a result, any person with an internet browser can access the public facing portal. This creates two unique challenges.
The answer to the first question is dependent on the technology being used to distribute your Policies and Procedures. Although it is possible to deploy a Public Facing Portal without a Policy Management System, the answer to the second question enforces the need to ensure your Public Facing Portal is part of your Policy Management Solution.
The answer to the second question is where a Policy Management System becomes important. There are a number of steps to Publish a document to a Public Portal and make sure it is current.
Following each of these steps is required to ensure the Policies on the Public Facing Portal are correct, current and in the proper location. Deploying a public facing portal for Policies and Procedures without the proper process for preparing documents, creates an unacceptable level of risk.
The selection of the right Policy Management Software or system can have an impact on whether or not it should be implemented in the first place. The primary purpose of a Policy Management System or any software solution, is to provide efficiencies. If the solution that is implemented is too much of a burden on an organization or is mis-aligned with your policy and procedure processes, the negative impact could be greater than the benefits. Below is a list of items to avoid when evaluating Policy Management solutions.
The purpose of this article was to provide some guidance on when manually processes and the simple storage of Policies and Procedures is no longer effective. If your organization falls under any of the definitions covered here, we would recommend investigating the options available for a Policy Management System.
Organizations of all types and sizes are researching and implementing Policy Management Systems globally. Traditionally associated with regulated or high compliance sectors, Policy Management is now considered a necessary tool for most organizations to achieve operational effectiveness. How do you know if it is time for your organization to make the investment in a formal solution? We explore the deciding factors in this article.
Topics include:
What is a Policy Management System?
What types of organizations need a Policy Management System?
What size of organizations need a Policy Management System?
Does the number of Policies and Procedures matter?
The impact of a Public Facing Portals
The cost of the wrong Policy Management System
Before you can evaluate if you need a Policy Management System, we need to start with what it includes. Many people think of a Policy Management Software or a Policy Management System as one of two extremes:
As with many things, the answer lies between these two end points. A Policy Management System certainly needs to effectively store your Policies and Procedures, but it also needs to manage the entire lifecycle of each document.
A valid Policy Management solution needs to facilitate each of the follow stages:
When many people think of a Policy Management System, it is usually associated with Regulations and Compliance. This is for a good reason! Most organizations that need to follow specific Regulations, Industry Standards or other compliance requirements have a higher bar for Policy and Procedure effectiveness. This includes controlling the Policy or SOP process, enforcing authorizations, tracking audit trails and confirming effective security controls are in place.
Good governance can help any organization eliminate waste, prevent issues and protect organization continuity through change. Many organizations though, require a higher level of governance and quality assurance that must be put in place. This higher level can be driven from many sources, including:
Any of these drivers can not only determine what Policies and Procedures are in place, but also require an organization to prove that they are effective. In these environments, the process of creating, revising, reviewing, approving, distributing and training for new Policies and Procedures can become very complicated, very quickly. The manual burden to keep up with the requirements can become overwhelming and as a result can drive the need for a Policy Management System well before other organizations that do not fall under any these structures.
Now that we have explored what types of organizations experience a greater need for a formal solution around Policies and Procedures have, we reach the next question. How big does my organization need to be before we need a formal Policy Management System?
The need for effective management of Policies and Procedures can begin as soon as there are 2 people in an organization. This of course does not mean that you need a Policy Management System with only 2 people, simply that the underlying process exists very early on in an organization and only grows
Although there is not a magic number to determine at what size does an organization need a Policy Management System, there are relative benchmarks an organization can apply.
The higher the accountability, the sooner the need for a formal Policy and Procedure solution. Eventually, the level of accountability is no longer relevant and the simple need for processes to be done correctly in a larger organization determines the need for a Policy Management System.
Another method to examine the relationship between the accountability factor and the size of an organization is by breaking the number of individuals involved in the process by role. Each stage in the Policy Management lifecycle can be associated with different roles. Roles are groups of individuals that need to complete a common task or group of tasks. The demands within a given role can determine if the threshold has been met to implement a formal solution.
Let’s look at some examples with roles:
Example 1 has 5 people involved in the creation / maintenance of the Policies and Procedures and 80 people that need access to the published versions. Does example 1 need a Policy Management System? Probably not, as long as there is a system to distribute any Policies and Procedures. The number of authors/collaborators/approvers is small enough to managed manually. In addition, there is no need to track Attestation or Training. Only document access is required, which can be done with a simple file share without security. Are there any benefits to implementing a Policy Management System for this organization? Probably. Well-run organizations understand at an early stage that by implementing tools early on can reduce waste, provide cultural acceptance and stop issues before they even start.
Example 2 has the same number of authors/collaborators/approvers as Example 1, the same number of people that need access to the Published Policies and Procedures, but Example 2 also needs those same people to attest and sign off that they have read and understand each of the documents that applies to them. This has now created a compliance burden and complexity that needs a proper solution in place. Even if there are only 50 documents, 4,000 individual signatures would be needed to track compliance! Does Example 2 need a Policy Management System? Definitely.
In example 3, documents are being distributed in an outside system, such as an intranet which eliminates the need for published document access, attestation and training. Does example 3 need a Policy Management System? Absolutely. The 25 different authors, collaborators and approvers indicates a larger volume of activity that would quickly lead to waste if not controlled by a dedicated solution.
The last item to take into consideration is the number of Policies and Procedures that exist. Typically, this is self-governing measurement. It would be highly unusual for an organization to only have 5 Policies and Procedures, but need to distribute them to over a 100 people. Conversely, needing 25 authors/collaborators/approvers for only 5 Policies and Procedures would be extremely odd.
As a result of the direct correlation between the number of Policies and Procedures to the number of individuals involved in the process, the number of documents can be excluded from the question of whether or not your organization is in need of a Policy Management System.
Beyond the primary drivers discussed in this article, there are could be additional considerations that could warrant an investment in a Policy Management System, even if the other criteria listed is not met.
A public portal distributes policies and procedures to the general public. Public facing portals do not require any logins or security. As a result, any person with an internet browser can access the public facing portal. This creates two unique challenges.
The answer to the first question is dependent on the technology being used to distribute your Policies and Procedures. Although it is possible to deploy a Public Facing Portal without a Policy Management System, the answer to the second question enforces the need to ensure your Public Facing Portal is part of your Policy Management Solution.
The answer to the second question is where a Policy Management System becomes important. There are a number of steps to Publish a document to a Public Portal and make sure it is current.
Following each of these steps is required to ensure the Policies on the Public Facing Portal are correct, current and in the proper location. Deploying a public facing portal for Policies and Procedures without the proper process for preparing documents, creates an unacceptable level of risk.
The selection of the right Policy Management Software or system can have an impact on whether or not it should be implemented in the first place. The primary purpose of a Policy Management System or any software solution, is to provide efficiencies. If the solution that is implemented is too much of a burden on an organization or is mis-aligned with your policy and procedure processes, the negative impact could be greater than the benefits. Below is a list of items to avoid when evaluating Policy Management solutions.
The purpose of this article was to provide some guidance on when manually processes and the simple storage of Policies and Procedures is no longer effective. If your organization falls under any of the definitions covered here, we would recommend investigating the options available for a Policy Management System.
