email iconEmail
June 30, 2020

Three Pillars of Compliance

Every organization has liability. It can result in lawsuits, fines, disrepute, and more, but liability stems from three things. Or more accurately, the absence of three things.

In an era of increasing regulatory scrutiny, you need well-defined policies, processes, and procedures. These three pillars, working in unison, mitigate risk and protect your organization from the unknown. They keep your employees accountable to ever-evolving industry standards and regulations. They shape organizational culture.

Policy, process, and procedure form a system for maintaining compliance. Each is important and helps create a unified whole. The trick is finding a tool that gives you control of all three.

If you can’t easily create, store, update, distribute, and track your policies, then they are largely worthless. If employees can’t easily search for and access important documents anytime, anywhere, then your system isn’t serving its purpose.

That’s where policy, process, and procedure tools come in. The best tools serve as a policy management system, connecting all three pillars.

Imagine compliance as a building. Policies, processes, and procedures are the three pillars holding it up. Your policy management system is the foundation, supporting the pillars and creating a living connection between them. The pillars can exist without the foundation, but they won’t be as efficient or secure and, in the end, the building’s structural integrity will be compromised.

Few organizations lack a foundation altogether, but many foundations are compromised. In other words, their policy management tool doesn’t adequately support or maintain compliance. Examples include paper-based systems (filing cabinets, binders, etc.) and mixed media systems that combine paper and digital (shared internal drives, Google Drive, email, etc.).

If you’re currently using one of these ineffective systems, it’s important to understand why they’re ineffective and what you could be doing differently. Read up on that here.

In this article, we’ll skip ahead to 7 tools that can store, connect, and control your policies. But first, let’s explore the differences between policy, process, and procedure.

Policy vs. Procedure vs. Process

Policy, process, and procedure—the trifecta for your policy management system. Together, they eliminate mistakes and provide a roadmap for day-to-day operations.

We’ve all heard and used these terms a lot. Like many, you’ve probably even used them interchangeably. And that’s a concern, because they’re each different. What is the difference between policy, process, and procedure? Glad you asked.

Policy

Policies are a set of guidelines that drive policies and procedures. They outline your organization’s plan for tackling certain issues. Maybe you’ve seen firsthand how policies influence culture, communicate expectations, and guide operations. Here are some attributes of a strong policy:

  • Clear, concise, and simple language
  • Explains the rule, not how to implement the rule
  • Easily accessible by staff at all times
  • Represents a consistent, logical framework

Process

Processes explain how to achieve a desired outcome, whether that be a product or service. They fit within your organization’s policies and explain how something works at a high level. Wondering what makes for a good process?

  • Clearly communicated company-wide
  • Can be modeled visually in a flowchart
  • Explains who is responsible for each step
  • Lists out what tasks need to be performed

Procedure

Procedures explain a specific plan of action for carrying out a policy or process. Whereas policies and processes are generally higher level, procedures get into the details. They tell employees how to respond in certain situations. Here are some attributes of a strong procedure:

  • Clear, concise, and simple language
  • Addresses how/when to implement policy/process
  • Takes user insight into account
  • Requires ownership by users

Manage Policies Like a Pro

Sign up now to get resources, best practices, and more to your inbox.

Thank You

You'll receive our next newsletter soon.

Three Pillars, Working Together

How do these three pillars work in unison? Let’s use Antonio’s, a fictional Italian restaurant, as an example. Antonio’s policies define the guidelines of being a restaurant—rules and regulations about things like food storage, restaurant hygiene, employee benefits, and time off.

Antonio’s processes fall under these policies, explaining food delivery dates, menu options, head chef and line cook responsibilities (i.e. food prep, meats, pasta, salads), hostess duties, and how the tables are grouped by wait staff. These processes, though high level, help employees understand their responsibilities while providing a bird’s-eye view of how their tasks impact the system as a whole. At Antonio’s, this has empowered employees, creating a sense of ownership and accountability.

Antonio’s also has procedures that detail their policies and process: how to request time off, how hosts assign tables, recipes and ingredients for meals, and how to clean the kitchen for closing.

For Antonio’s, and for your organization as well, policy, process, and procedure play an integral role in adhering to regulations and industry best practices.

Even if you have the three pillars in place, you still need a strong foundation to support and connect them. Finally, it’s time to explore some tools that will help you manage and control your policies, processes, and procedures.

Review of 7 Policy, Process, and Procedure Tools

Now that we understand the difference between policy, process, and procedure, let’s review several policy management systems so you can build your compliance on a strong foundation.

There are many tools on the market and some are expensive (time & money), so be sure to do your homework. Regardless of which one you choose, the right solution should ultimately save you time and money.

Generally speaking, the tools listed below fall into three categories: policy management, document management, and content providers. We’ll talk through the differences later in this article, but for now let’s explore some tools (in no particular order).

1. SharePoint

Microsoft SharePoint is a system for document storage and management. As a platform, SharePoint is super customizable, meaning if you have the expertise and time, it can be tailored to meet your organization’s needs.

Key Features
As part of Microsoft Office, SharePoint integrates with the entire Office suite, so you can easily use Word, Excel, and PowerPoint. It lets you manage document security, track changes in a limited capacity, and go paperless.

  • Centralized storage
  • Microsoft Office integration
  • Collaboration & sharing
  • Document security
  • Scalable and customizable
  • Mobile functionality

Potential Drawbacks
SharePoint has limited out-of-the-box functionality. Most organizations can’t simply buy the platform and start using it. SharePoint takes significant setup and will require help from a developer, if not an entire IT team, to customize the platform for your needs. Even if you have an in-house developer, getting the most out of SharePoint, and maintaining it, often takes a developer experienced with SharePoint specifically.

Oftentimes, SharePoint is built “good enough” upfront but quickly becomes outdated. Why? Because updates and improvements require IT tickets, which are often delayed in lieu of other IT requests deemed more critical.

Lastly, the platform has limited search functionality, making it difficult to quickly access policies.

Final Review
Unless you have a proficient SharePoint developer or IT department with efficient processes, SharePoint won’t be the best fit for your organization. For many companies, SharePoint requires staff training—the more customized it is, the more training will be required. From a cost and time perspective, it’s not cheap if you have more than a few employees.

2. ConvergePoint

ConvergePoint is a compliance management solution built on top of SharePoint. Each of their products extends SharePoint functionality, one being policy management. They serve mid to large-size companies with 100+ employees.

Key Features
ConvergePoint’s policy management solution fills some of the gaps in SharePoint, letting you create, review, approve, distribute, and track policies. The solution comes with three modules: Policy Creation, Policy Library (Distribution), and Policy Acknowledgement.

  • Centralized storage
  • Custom workflows
  • Version control
  • Role-based access
  • Search & reports
  • Microsoft integration
  • Expiration notifications
  • Real-time dashboards

Potential Drawbacks
ConvergePoint is only useful if your organization is already using or interested in using Microsoft SharePoint. They cater to larger businesses (only a drawback if you’re an SMB).

Final Review
If you’re already using SharePoint, ConvergePoint may be the right solution for you. But do your research and explore alternatives before going all-in on SharePoint. Instead of making an inefficient system more functional with ConvergePoint, you may consider a different platform altogether.


Free 5-Day Course on Policy Writing

Give us 5 days, and we’ll help you write better policies. Sign up now to get an email course with free downloads/templates.

Thanks for signing up.

Your welcome email will be arriving shortly.



3. Box

Box is a cloud-based document management tool built for small to midsize businesses (SMBs). Their user interface (UI) is clean, simple, and clear, making the system easier to use. Box integrates with Adobe, Slack, G Suite, Office 365, Salesforce, and many more applications.

Key Features
Box for Business extends functionality beyond cloud storage and file-sharing by adding features for synchronization and collaboration. Here are some additional features for your document management and security needs:

  • Centralized storage
  • Automated workflows
  • Unlimited storage (for most plans)
  • Unlimited users (for most plans)
  • File-sharing & collaboration
  • Version history
  • App integrations
  • Security controls

Potential Drawbacks
Box does document management well. Though there may be some workarounds, it wasn’t built for managing accreditation or audits. Neither was it built for managing and tracking employee training. Box’s mobile app allows for file-sharing and policy access but is somewhat limited beyond that.

In a PCMag review of Box, they found navigation to be on the slower side with limited online editing functionality. External users are limited to read-only permissions, and you can’t edit documents directly in Box. Instead you have to edit them on your desktop or in Microsoft Word Online.

Final Review
If you’re looking for a broad, cloud-based system for document management, then Box may be right for your organization. They have four reasonably-priced plans for businesses, so you can find the one that’s right for your budgetary and document needs. But if you need a platform built to manage and connect policies, training, and accreditation, you may consider looking elsewhere.

4. PMAM HCM

PMAM is a Human Capital Management system, helping organizations develop their workforce through three primary solutions: Knowledge Integration, Policy Management, and Performance Appraisal. Their platform has functionality for both accrediting bodies and individual organizations preparing for accreditation.

Key Features
Since they outsource their software development overseas, PMAM is able to make frequent updates to their product. It’s also one of the more affordable policy management options available.

  • Centralized storage
  • Workflow management
  • Accreditation and audit
  • Version control
  • Version comparison
  • Revision and approval process
  • Testing functionality
  • Training management

Potential Drawbacks
Outsourcing has its pros and cons. While outsourcing dev allows for a more affordable product and frequent updates, PMAM’s software is less user friendly as a result. PMAM outsources its training resources overseas as well, resulting in grammatical mistakes and less consistent quality customer support. If your training resources aren’t professionally crafted by subject matter experts and you’re not receiving reliable support, it can be difficult to onboard and troubleshoot problems down the line.

Final Review
It comes down to your organization’s needs and priorities. If price is a key deciding factor and your non-negotiables don’t include ease of use, quality training resources, and customer support, then PMAM may be the right choice.

5. PolicyTech by NAVEX Global

NAVEX Global is a compliance and risk management solution, serving private sector businesses. While NAVEX has many products, ranging from Ethics & Compliance Training to Third Party Risk Management, we’ll focus today on PolicyTech, their cloud-based policy management solution.

Key Features
As GRC software, PolicyTech provides centralized storage for policy management. Companies across various industries use PolicyTech to manage their GRC-related documents and mitigate risk.

  • Centralized storage
  • Workflow automation
  • Access control
  • Audit-ready reporting
  • Policy violations reporting
  • Acknowledgement tracking
  • Microsoft integration
  • Mobile functionality

Potential Drawbacks
PolicyTech is considered by some to be cumbersome and difficult to use. For example, there’s no way to compare document revisions while updating them. With PolicyTech, you’re unable to map a single document to multiple standards, and there’s no list/display for which documents are attached to each standard.

PolicyTech doesn’t let you move files from one folder to another, so you have to recreate them in another folder. Although there are pre-existing roles you can assign within the system (writers, reviewers, approvers), you can’t customize admin rights.

Furthermore, only one person can own a file, making it difficult to delegate work if the file owner is on sick leave, vacation, or swamped with other work. As a large, global company with 1,150+ employees and 14,000+ customers, you may not receive the same consistent level of support you’d receive elsewhere, especially as an SMB, which makes system maintenance challenging.

Final Review
PolicyTech was designed for corporations. So if you’re looking for GRC software for your enterprise, PolicyTech might be the right solution. But if you need more dynamic and flexible policy and accreditation management that’s easy to use, especially if you’re in the public sector, you should look elsewhere. On the fence? NAVEX offers a 14-day free trial, so you can explore the software for yourself.

6. Lexipol

Lexipol is a risk management solution and content provider serving the public safety sector. They offer state-specific policies that are researched, written, and regularly updated by subject matter experts.

Key Features
Lexipol delivers its content through a cloud-based system with an integrated training component. Here are some of its core features:

  • Centralized storage
  • Policy creation
  • Policy consulting
  • Daily training bulletins
  • Policy distribution
  • Policy acknowledgement
  • Current policy reporting
  • Mobile access

Potential Drawbacks
Lexipol is optimized for policy, so it may not be ideal for full content management (subpoenas, BOLO’s, memos, directives, maps, etc.). With a focus in policy creation, Lexipol lacks complete policy management functionality (custom testing, discussion boards, full text search, etc.). So depending on your needs, Lexipol may be best used in combination with a more comprehensive policy and training platform.

Final Review
If you’re primarily looking for a content provider with some policy management functionality, Lexipol may be a good option for your company. Keep in mind that outsourcing policy creation to a third party like Lexipol outsources a degree of control as well. If you need a more complete policy solution, or if you’re in the private sector, consider looking elsewhere.

7. PowerDMS

PowerDMS is a policy management software that creates a living connection between your policies, training, and accreditation. Forged in the public safety sector, PowerDMS now serves 3,500+ public and private sector organizations worldwide with secure, cloud-based policy solutions.

PowerDMS is known for its industry-leading customer service. With a U.S. based customer success team and a 97% customer satisfaction rating, they work with you to solve your toughest compliance challenges in a timely manner.

Key Features
PowerDMS allows for policy creation, version control, distribution, attestation tracking, and more. This data is grouped with each respective policy to create a library of living documents. Built with policy managers in mind, it lets you customize admin rights, easily move files between folders, and much more.

While PowerDMS was built for policy management, it can be used for a variety of content (subpoenas, BOLO’s, memos, directives, maps, etc.). Each of the features listed below is supported via online training courses, called PowerDMS University, and training bootcamps.

  • Centralized storage
  • Automated workflows
  • Acknowledgement tracking
  • Real-time notifications
  • Version control
  • Access control
  • Powerful search
  • Side-by-side comparison
  • Integrations (Office, Adobe, G Suite)
  • Mobile functionality

Potential Drawbacks
PowerDMS is not a content provider, but they do have content partners they can connect you with, as well as a tool for subscribing to relevant policy content from publishers.

Final Review
Between their easy-to-use policy, training, and accreditation management system and industry-leading customer support, PowerDMS is a strong option. Schedule a free demo to learn more.

Revolutionize How You Manage Policies

Get a free demo to see how PowerDMS can save you time, money, and headaches.

Reserve Demo


How to Choose Your Policy Management Tool

Now that we’ve reviewed 7 policy management tools, how do you choose the right one? There’s a lot to think about.

Between onboarding and upfront costs, choosing the wrong software is expensive. What’s the “wrong” software? It doesn’t check every box on your list of non-negotiables, creating gaps in your compliance. These cracks could lead to wasted time due to software inefficiencies. They could lead to fines, lawsuits, and reputational damage due to lack of employee accountability.

Even the most affordable solution becomes more expensive long term if it doesn’t meet your organization’s needs. That’s why thoroughly researching your options pays dividends.

Start by creating a list of non-negotiables. Compare your criteria to the feature list and drawbacks from the reviews above, then eliminate options that don’t meet your criteria. While the reviews in this article provide many unique insights, they are not comprehensive, so make sure to supplement your research with other reviews and articles. Once you have a shortlist of options, sign up for demos and free trials.

Here are 12 common criteria that may or may not be non-negotiables for your organization:

  • Cost-effective: delivers a quick return on your investment
  • Central storage: a single source of truth for all your policies
  • Easy to use: an intuitive UI that a variety of users can easily use
  • Training: quality resources and support for onboarding and maintenance
  • Access control: powerful search and control over user permissions
  • Acknowledgement: tracking who has received and signed policies
  • Testing: customizable tests to verify employee comprehension
  • Workflows: advanced workflows to collaborate across your organization
  • Version control: a single version of each policy and archiving functionality
  • Security: protection from internal and external security threats
  • Mobile: ability to access and interact with policies from any device
  • Integration: intuitive integration with your favorite programs

In this article, we’ve reviewed both policy and document management systems, but what is the difference and which one do you need? Keep reading to find out.

Difference Between Policy & Document Management

“Policy management” and “document management” are often used interchangeably. While they may be similar, there is a distinct difference.

A policy management system can be used for document management, but it doesn’t work as well the other way around. Let us explain.

Document management is an automated way of storing, organizing, managing, and tracking electronic documents (Box is the system we reviewed, but there are dozens flooding the market). Document management is usually limited to records and business files, lacking key functionality for documents that govern employee behavior (i.e. policies).

You may be wondering, “Couldn’t I simply store policies in a document management system?” Yes, but the best systems take policy management a step further.

Policy management shares many of the same features, but it is designed for policies. In other words, it doesn’t just store, organize, manage, and track policies. It creates a thriving ecosystem where policy, training, and accreditation all connect and inform one another. It brings compliance to life, so you can map single documents to multiple standards and prepare for assessments.

Take your return to work policy as an example, assuming you need to create or update yours in the wake of COVID-19. With the best policy management software, this is how updating your return to work policy will look:

  • Update the policy without having to leave the software, using a preferred program like Microsoft Word or Adobe.
  • Customize workflows so key stakeholders can collaborate on the update and get automatically notified when it’s their turn to review.
  • View a side-by-side comparison of the published version and the new draft with all changes highlighted, making it easy for collaborators to review and approve updates.
  • Disseminate the updated policy to your remote or in-office workforce, create a custom test for comprehension, and track acknowledgements.
  • Experience control over a single, living version of the policy, with useful data like signature and version history included.
  • This and more is possible with the right policy management software. But be careful and do your research, because not all platforms are created equal. In fact, very few do everything mentioned above while maintaining ease of use.

    PowerDMS is the exception. As the gold standard for policy management, PowerDMS does everything listed in the section above and more.

    Sign up for a demo today to learn how PowerDMS can revolutionize policy management at your organization.

Reserve Your Free Demo Today

Discover how PowerDMS can manage and connect your policies, training, and accreditation.

Thank you

We'll reach out to you shortly to see how we can help.