Policy Review Process in SharePoint

Take proactive steps to ensure your Policies remain current

In brief

  • Why one policy review schedule is not always the right answer
  • The four different factors that trigger an early policy review
  • Identifying and managing orphan policies to ensure ownership
  • Discover how SharePoint can automate and simplify policy management

Policies provide governance over employee behaviour and decision-making across your organisation. Once drafted, Policies follow a formal approval process, covered previously, and are then published, often with the help of a Policy Management Solution.

Typically, once a policy is approved, that action triggers a timeline for the next review, to ensure that 1 or 2 years down the line the policy is checked that it still achieves the necessary outcomes. That said, the scheduled review process isn't the only thing that can trigger a policy review.

Several factors might call for an earlier policy review, such as:

  • Change in the External Environment: Adjustments in laws or regulatory requirements may render your current policies obsolete or non-compliant.
  • Internal Factors: Changes in the company’s focus, organisational structure, or responsibility for the policy may require a review to ensure policy alignment with the new working environment.
  • Non-Conformance of the Policy: If a policy is not being adhered to, it may indicate that the policy is impractical or misunderstood, prompting a review.
  • Feedback on the Policy: Employee feedback might highlight areas where the policy lacks clarity or effectiveness, necessitating redrafting or refinement.

As a consultancy, we've frequently encountered clients facing the challenge of orphan policies - those without a valid owner or any owner at all. Identifying these policies early is crucial for effective governance.

Detecting leavers can be relatively straightforward. Using Policy Express for SharePoint, the solution generates a report that compares the policy owner with the list of active licensed users in Microsoft 365, highlighting any gaps.

It is more challenging to identify when an owner has changed roles and is no longer responsible for the policy. Ideally, policy ownership should transfer when the current owner relinquishes their responsibilities. However, as a safeguard, providing early awareness of the upcoming policy review should prompt the legacy owner to raise the issue with the overall policy administrator for reassignment. Again, Policy Express solves this by providing configurable reminders – typically starting 90 days out.

Many organisations follow a blanket rule for all policies, typically reviewing them every two years. However, in organisations with a more mature approach to policy management, we observe the following traits:

  • Setting Different Review Periods: Tailoring review periods based on the type and importance of each policy.
  • Varying the Period Based on Approval Workflow: For instance, a policy approved by the board may have a two-year review cycle, while one extended by a manager might therefore require review after one year.
  • Early Policy Review: Conducting reviews sooner when certain conditions are met.
  • Extension Review: Allowing a policy to remain in force for an additional 90 days while further updates are made if agreed upon by the committee.

Sometimes, a policy that has been published passes its review date. The initial response from some is to remove these policies from the user view. However, with a bit more consideration, it's usually better to have an outdated policy in force than to have none.

When a policy has passed its review date, a couple of actions should be taken:

1. The overall Policy administrator should be able to easily report on overdue policies.
2. End-users should be informed when accessing a policy that the review is overdue, as this may have implications for the policy's applicability.

Policy Express assists policy administrators by automatically updating review dates following the approval process and tracking due dates so owners can be proactively reminded before the review date is passed. This ensures that policies remain current, maintaining effective governance across the organisation.

In most organisations, the policy review process often takes a backseat until the policy review is due or an ISO assessor's visit is scheduled! Here's a simple three-step plan to streamline your policy review process:

  • Capture your Policy Review Process: Consider period variations based on policy type and integrate these review periods into the final step of your approval process.
  • Review Administration: Ensuring reviews happen is one of the key challenges. Make this task easier by setting clear responsibilities and using reports to only manage exceptions.
  • Separate the Review and Approval process: Distinguish between the review, which involves the policy owner checking and updating the policy, and the approval, which is the process of getting those updates signed off.

Manually capturing feedback, assigning it to the right person, tracking review schedules, and understanding different rules for various policies is time-consuming for quality managers.

SharePoint Online offers a platform that can support you to:

  • Capture Feedback: Use forms to collect and collate feedback efficiently.
  • Manage Review Schedules: Implement workflows to keep on top of review timelines.
  • Automate Reminders: Set up a series of automated reminders to notify policy owners about upcoming reviews.
  • Produce Reports: Integrate with Power BI to generate comprehensive reports.

However, configuring SharePoint requires technical knowledge and time. If you want to move faster, Policy Express is a fixed-fee solution and can solve these familiar challenges, all within Microsoft 365.

Discover how Policy Express can streamline your policy review process and enhance your governance framework.


Q: How often should I review a Policy?
Common review cycles are 2 years, but a change in the business environment may trigger an earlier review.
Q: What do I base my next review on?
The next review date is normally based on when the policy was last approved – rather than adding 2 years on the last review date.
Q: How often should policies be reviewed and updated?
Most Policies are reviewed on an annual or bi-annual basis. That said, changes in regulations or employee feedback can drive interim updates.
Q: What should happen if a policy review is overdue?
If a policy review is overdue, it's better to keep the outdated policy in force rather than remove it. The policy administrator should report on overdue policies, and users should be informed when accessing them.


Rupert Squires

Rupert Squires

Client Director

2 mins read

View our other blog posts

Click through to see our other blog posts.

Policy Awareness

Policy Awareness

Policy awareness refers to the extent to which employees are informed about the existence and content of organisational policies and procedures.

Policy Approval in SharePoint 

Policy Approval in SharePoint 

Within your organisation, a risk, a legal requirement or a standard has been identified, and it has been agreed that it should be addressed via a documented company policy. We can expand this approval requirement more broadly to Controlled Documents.

Manage Microsoft Office templates in SharePoint 

Manage Microsoft Office templates in SharePoint 

Utilising templates like Word Letterheads and PowerPoint Sales Proposals is essential for maintaining consistency in document creation. They help enforce branding guidelines, ensure legal compliance, and reduce friction for employees.

Ask how we can help you:

• First steps in helping your business do this?
• Taking a step back and building your strategy?
• Stuck in the mud and needs help getting out?

Whatever the question, you can expect a response within a business day.

Curly arrow

Start your journey to stress-free document management right now

blue curly arrow png