|
Topic |
Task |
Function Responsible |
Next Steps |
Completion Date |
|---|---|---|---|---|
|
Policy approval process |
Create “policy on policies” that defines approval process for policies, including any intermediary approval requirements and who has final approval authority | |||
|
Outline policy approval process steps and approval “gates,” including approval by policy owner, Legal, and final approver (e.g., senior management and/or compliance governance committee) | ||||
|
Communicate policy approval policy and process to relevant stakeholders | ||||
|
Policy drafting |
Create standard policy format | |||
|
Identify risk(s) for which a policy is needed (i.e., which risk will this policy help mitigate?) | ||||
|
Determine scope of persons affected by the risk (e.g., size of audience, geographical locations, job functions, departments) to determine policy audience | ||||
|
Identify relevant subject matter expert(s) to assist in drafting of new policy | ||||
|
Create initial draft of policy using standard policy format and identified policy audience | ||||
|
Assign policy owner (may be the subject matter expert) | ||||
|
Circulate initial draft for comment from relevant stakeholders | ||||
|
Create final policy draft and submit through policy approval process | ||||
|
Following approval, determine whether translations will be needed and if so, obtain them | ||||
|
Policy implementation |
Determine appropriate communication method based on urgency and audience, including consideration of any translations needed for communication pieces | |||
|
Create communication plan with rollout dates and effectiveness measures | ||||
|
Draft communication pieces and submit for approval through corporate communications approval process | ||||
|
Once approved, obtain any needed translations | ||||
|
Launch policy communication campaign and assess effectiveness | ||||
|
Ensure new policy is posted to policy library and easily accessible to all affected persons | ||||
|
Policy maintenance |
Create versioning protocol to track revision dates and versions of policies | |||
|
Assign an owner for each policy | ||||
|
Choose a review cadence for review of each policy based on comparative risk | ||||
|
Policy review |
Review policies based on a set review cadence for each (e.g., annually) | |||
|
Ensure subject matter expert/policy owner conducts content review for each policy to ensure adequate risk mitigation | ||||
|
Conduct legal review for each policy to ensure policy language is adequate and current | ||||
|
Document all revisions, including reasoning/basis for each change | ||||
|
Implement versioning protocol to track and communicate current version and replace/archive outdated versions |
Sample Compliance Policy Management Checklist
Don't show this message again