Blog

Policy Approval in SharePoint

Use a Policy Management Solution to automate approval workflow

In brief

  • For simple requirements SharePoint supports a 1-Step process out-of-the-box
  • Multi-step approvals require technical expertise in Power Automate
  • Use Policy Management solution to automate the approval process.
  • In some cases, eSignatures can help meet regulatory needs.

Within your organisation, a risk, a legal requirement or a standard has been identified, and it has been agreed that it should be addressed via a documented company policy. We can expand this approval requirement more broadly to Controlled Documents.

Examples of Policies include:

  • HR Policy on Working from Home
  • IT Policy on Bring Your Own Device (BYOD)

 
Company Policy on Health & Safety A policy author, or authors, has drafted a policy, consulted on its content with the appropriate stakeholders, and now the policy requires agreement from the relevant decision makers to confirm it.

This process could be as simple as the CEO owner manager signing off the policy, or be more complex, with numerous stakeholders approving a policy in multiple stages.

Regardless of the complexity of the process, your organisation needs to track and evidence the approval trail for compliance purposes.

Trying to manually track approval via paper, or email is error-prone, and time-consuming for quality managers/administrators to run and evidence during an audit. Add to that, policy owners require endless chasing when policies are due for re-validation–time wasted on administration.

SharePoint Online has an in-built approval automation capability. “Request sign-off” provides a simple and user-friendly approach with the following benefits:

  • Identity Validation: For a user to approve a policy they must be logged in to
    Microsoft 365
  • Notifications: Users who are recipients of the approval request are notified
    automatically

 

The disadvantages of “Request sign-off” are:

  • Audit Trail: The document does not have an audit trail or version history indicating who approved it and when.
  • Business Rule Validation: when issuing the request, a user can select anyone within their organisation, without first validating whether that recipient is appropriate.

To extend this capability, we can use Microsoft’s workflow automation platform, Power Automate, to create a bespoke approval process, allowing us to:

  • Build a multi-stage process that includes Review, Approval and Publishing steps.
  • Capture audit log entries that can track the progress of a Policy through each stage.
  • Apply Business Validation rules to ensure that approvals are submitted to the right people, based on factors such as the Department responsible for the Policy.

Power Automate markets itself as entry-level, although experience shows that you will quickly need the help of Power Automate Expert.

For a Policy Approval Process, you need to consider:

Roles:

  • Policy Author
    • Drafts the Policy

 

  • 1st Level Approver*
    • SME - Subject Matter Expert
    • Head of Department

 

  • 2nd Level Approver*
    • Head of Quality / Quality Controller
    • Governance Risk Committee Representative
    • Board Approval

 

* Normally one of.

Steps:

We typically see a two-step approval process; the most common quality workflows follow this process:

1. Policy author initiates approval process
2. 1st Level Approver is either:
    a. Manually identified by the author
    b. Systematically identified by one of the Policy’s attributes, such as department
3. 1st Level Approver approves/rejects the policy
4. 2nd Level Approver approves/rejects the policy
5. The policy is Published and circulated

Low-Risk Content
For controlled documents that are deemed low-risk, a single-step approval may be
sufficient.

Non-Material Changes
For non-material changes, the policy owner may be entrusted to issue updates without
going through the approval process.

Jurisdictions / Departments:
Where multiple departments or jurisdiction are managing their policies on a common platform, there may be a need to define different processes for each variation.

When we plan approval steps, we need to answer the following questions:

Who is the Approver?

  • Restricted – A pre-defined person/group of people.
  • Freeform – The Initiator is trusted to assign to the appropriate approver.

How Many People Need to Approve?

  • A Single Person.
  • Multiple people (First Past the Post).
  • Multiple people (All must sign).

Following Step Completion:

  • Update audit trail.
  • Notification to the Policy Owner Step is complete.
  • Second Step if required.

On Completion of Process

  • Initiate other workflow actions such as Convert to PDF and Publish to Policy Library.

An organisation operating in various jurisdictions may find it necessary to tailor processes according to each jurisdiction's requirements, as illustrated below. However, departments within a jurisdiction may adhere to the same process while involving different stakeholders.

Policy Express's custom approval screen ensures accuracy

Policies are often finalised in a committee or board meeting; we see examples of this in both charities and regulated industries such as banking. Should each board member receive a workflow notification to capture their approval of a Policy?

In our experience, board meeting decisions are captured in minutes, which are subsequently ratified at the next meeting. On this basis, a single board representative can complete the approval workflow on behalf of the board.

Microsoft 365 provides user authentication and an audit trail, typically satisfying most organisations needs for traceable evidence of policy approval and accountability.

That said, there are cases where we see the requirement for eSignature (DocuSign, Adobe Sign) integration, often this is where the country’s regulator requires it, such as Healthcare in the UAE.

Delivered on a fixed-fee basis, Policy Express works entirely within your tenant ensuring that no data leaves your environment nor are you dependent on external services. Find out more or book a Discovery Call.

The Sending for Approval Process

Define your Policy Approval Process – think about variations based on policy type, department and jurisdiction.

  • Aim to keep it simple – it’s easier to have a representative of a committee approve the policy rather than requesting all must digitally sign it off.
  • Where committees are involved, use a delegate to execute a digital workflow sign-off.
  • Consider using a solution such as Policy Express to automate and record the approval process.

Many organisations can map their existing process to the functionality of our Policy Express solution.

If your needs are more complex, then a consultancy approach can be taken, using our Policy Express solution as a starting point, we’ll work with you to deliver a bespoke solution on a fixed-fee basis.

Start with a Discovery Call to find out more.

FAQ

Q: Can I use SharePoint to manage Policy Approval?
SharePoint offers a simple out-of-the-box solution for 1-step approvals, multiple approvals can be implemented in PowerAutomate which does require technical expertise.
Q: Where should Policies sit in my Intranet?
Experience shows that a centralised Policy Hub serves end-users better than having to switch between departmental publishing sites for HR, IT etc.
Q: How often should policies be reviewed and updated?
Most Policies are reviewed on an annual or bi-annual basis, that said changes in regulations or employee feedback can drive interim updates.

Author

Rupert Squires

Client Director

2 mins read

View our other blog posts

Click through to see our other blog posts.

Policy Approval in SharePoint 

Policy Approval in SharePoint 

Within your organisation, a risk, a legal requirement or a standard has been identified, and it has been agreed that it should be addressed via a documented company policy. We can expand this approval requirement more broadly to Controlled Documents.

Manage Microsoft Office templates in SharePoint 

Manage Microsoft Office templates in SharePoint 

Utilising templates like Word Letterheads and PowerPoint Sales Proposals is essential for maintaining consistency in document creation. They help enforce branding guidelines, ensure legal compliance, and reduce friction for employees.

Microsoft 365 Copilot Licensing + Pricing

Microsoft 365 Copilot Licensing + Pricing

Microsoft 365 Copilot is an additional purchase as it is not included in any of Microsoft’s licence suites, including the “Hero SKU” Microsoft 365 E5. So, to take advantage of the new AI capabilities offered by Microsoft, you will need to budget for additional investment.

Ask how we can help you:

• First steps in helping your business do this?
• Taking a step back and building your strategy?
• Stuck in the mud and needs help getting out?

Whatever the question, you can expect a response within a business day.

Start your journey to stress-free document management right now