In this section we ask a series of questions to assess your current policy management program and practices and
Strongly
Disagree
Policies
Somewhat
Disagree
Undecided/
Unsure
Somewhat
Agree
Strongly
Agree
We Use
Software to
Help with This
Strongly
Disagree
1
Policies
We have policies and procedures that communicate
leadership vision, define our standards of conduct, and
reflect our risk profile.
Enforcement
Alleged misconduct and vioations are investigated,
and policies are promptly and consistently enforced.
Perception
Our employees view our policies and procedures
as integral to our daily operations and the achievement
of our mission.
Culture
Our organizational culture reflects our standards of
conduct and commitment to compliance.
Consequences
Our policies set clear expectations about appropriate
conduct and consequences for violating policies.
2
3
4
5
6
Meta-policy
We have a policy on policies that provides clear guidelines
for the look and feel of policies as well as for processes for
policy creation, formatting, and life-cycle management.
Content
Policies are written in plain, concise language
and are visually accessible.
Properties
Document properties (i.e., title, version, owner, dates,
review interval, and roles) are maintained on each policy.
Links
We link policies to related policies, training materials,
and applicable laws and regulations. Our links are monitored
to avoid broken links or ones that reference old versions
of documents.
Templates
We use templates to preserve a consistent
look and feel across policies.
Assessments
We periodically assess our risks to gauge compliance with
applicable laws, regulations, requirements, and contracts.
Overseer
We have one person (document control administrator)
responsible for overseeing the entire policy management
life cycle for all of our policies.
Documentation
We maintain meticulous records of all policies, statuses,
dates, changes, versions, attestations, exceptions,
and enforcement actions.
Organization
Policies are partitioned, categorized, tagged, and labeled for
distribution and access with a particular audience in mind so
that they can be found easily by the appropriate employees.
Writing
We have clear processes and guidelines for those responsible
for writing or contributing to a policy document.
Review
Policies are reviewed and edited by the appropriate
stakeholders, internal or external subject-matter experts,
and Legal. Changes are documented and consolidated into
a single document.
Approval
Prior to being published, policies must be approved by
the appropriate personnel (executives, department heads,
subject-matter experts, and Legal).
Distribution
Employees are notified of new or updated policies and
are sent periodic reminders as deadlines approach.
Policies are published and displayed where employees can
readily view or access them.
Feedback
Questions, comments, and feedback on policies are
collected and documented.
Updates
All policies are periodically reviewed and updated on time,
according to a schedule.
Version control and archiving
Policies are labeled with a version number, and old versions
are promptly archived.
Awareness
Our employees know where to go to find policies when
needs arise.
Accessibility
Employees have 24/7 access to policies and procedures
from any location.
Applicability
At a glance, employees can see all policies that apply
to their role and any actions required.
Search
Robust search capabilities make finding a policy
quick and easy. Search is not limited to document titles
or exact text matches.
Security
Our policies are visible only to employees with a need to know.
Attestation
Employees are required to signify that they have read
and understood policies. The process of obtaining
employee signatures is not cumbersome to management
or the employee.
Comprehension
Employees are trained on policies, and comprehension of
policies and procedures is evaluated through quizzes, surveys,
or other means.
Reporting
We can easily generate reports measuring employee
readership, attestation, comprehension, policy notifications,
exceptions, and policies in various stages of the life cycle.
Workflow
We have standardized processes for writing, reviewing,
approving, and distributing policies in a timely manner.
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Tracking
Somewhat
Disagree
Undecided/
Unsure
Somewhat
Agree
Strongly
Agree
We Use
Software to
Help with This
Policy Look and Feel
Somewhat
Disagree
Undecided/
Unsure
Somewhat
Agree
Strongly
Agree
We Use
Software to
Help with This
Strongly
Disagree
Policy Life-Cycle Management Practices
Somewhat
Disagree
Undecided/
Unsure
Somewhat
Agree
Strongly
Agree
We Use
Software to
Help with This
Strongly
Disagree
Policy Awareness and Access
Somewhat
Disagree
Undecided/
Unsure
Somewhat
Agree
Strongly
Agree
We Use
Software to
Help with This
Strongly
Disagree
Strongly
Disagree