Vendor Checklist Blog Post Header
Vendor Checklist Blog Post Header

A 10-Point Checklist for Picking a Policy Management Software Vendor

Scott Bamford |

In my last post, I talked about the momentum we’re seeing behind a growing demand for better governance, a culture of ethics & compliance, and greater accountability. And how this wave of change was driving the need for best-practices-based policy and procedure management like never before.

Perhaps you’ve been trying to manage this whole lifecycle process manually with spreadsheets, documents, emails, written and verbal follow-ups, manual reports, et cetera. The likely result? You’ve reached your patience and frustration threshold.

Sooner or later, most people end up at a point where they realize that wrangling all the complex layers of policy and procedure management manually is:

  • Time-consuming
  • Costly
  • Inefficient
  • Error-prone
  • Loaded with risk

Let’s face it, with today’s complex business operations, global expansion, and the ever-changing legal, regulatory and compliance environments, a best-practices-based policy and procedure management technology solution is vital to enable an organization to effectively develop and maintain the wide gamut of policies and procedures it needs to govern with integrity and defensibility.

The right policy and procedure technology more than pays its way

The right policy and procedure management technology solution can provide significant value and ROI. First of all, it can dramatically reduce the complexities and the potential for errors involved in all the various aspects of policy & procedure management. Then you’ve got the cost savings due to the increase in operational efficiency, not to mention the reduction of compliance risks and associated regulatory fines.

Finally, it provides you with a way to build an ethical and defensible compliance program, which also happens to be one of the foundational pillars of reducing any potential for reputational brand damage.

Key filters in shopping for a solution?

When you’re looking for a policy and procedure management technology solution, it’s plain at first glance that not all solutions are created equal. The range of supported functionality can be dramatically different among all the products on offer out there.

One filter you should adopt? Find a solution that provides full lifecycle management of your policies and procedures: policy creation, automated review and approval, intelligent publication, attestations and knowledge assessments, and automatic compliance health reports and audit trails. This is what we call best-practices-based policy and procedure management. Once you’ve found some a range of solutions that support it, you’ll want to get a demo of each product.One filter you should adopt? Find a solution that provides full lifecycle management of your policies and procedures: policy creation, automated review and approval, intelligent publication, attestations and knowledge assessments, and automatic compliance health reports and audit trails.

This is what we call best-practices-based policy and procedure management. Once you’ve found some a range of solutions that support it, you’ll want to get a demo of each product.

Look for a solution that’s easy and intuitive and will require very minimal end-user training. If it’s too complicated for end users, they just won’t use the product. That, of course, goes against the entire logic of investing in a product that’s supposed to make things easier.

There’s nothing worse than rolling out new software to hundreds or thousands of users, only for them to find that it’s so complex they either refuse to use it, or load up your IT department with a mountain of help desk tickets. Or even both.

Make it easy on your admins

Let’s also talk about the administrator aspect of the software, because this is also extremely important – but it’s sometimes overlooked. You want to make sure that the product is easy and intuitive for administrators, as well as end users.

Administering the product should not require any IT intervention, and ought to be based on simple point-and-click, drag-and-drop operations. As with your end users: if it’s too complicated and non-intuitive for administrators, they simply won’t use it.

You’re picking a provider, not just the product

Let’s say you’ve done your homework and you’ve found a few technology solutions that support best-practices-based policy and procedure management, and you’re happy with what you saw in the demos. Now what?

Choosing the software means you’re also establishing a relationship with the provider behind it, and lending them your trust and confidence. This means that your decision should not only be based on the features and functions of the product, but should also be based on factors and characteristics around the vendor.

What are they? Here’s a 10-point checklist that will go a long way in helping you evaluate and make an educated and confident decision about your next policy and procedure management software vendor:

Company Profile

How many employees does the vendor have? Do they have the necessary number of resources required to develop and manage a compelling roadmap that will accommodate your needs into the future as your company and needs grow?

Financial Profile

Are they a company that is growing year over year and financially healthy? Do they have the financial resources and stability to be your vendor/partner over the long haul?

Years in the Industry

How many years has the vendor been in the industry? Do they have products that have been battle-tested and proven over time or are they a relatively new player on the block?

GRC Domain Expertise

Are they a one-trick pony and only know policy and procedure management? If your GRC needs and requirements mature or change in the future, will you be forced to go to a different vendor for those needs, causing you to juggle multiple GRC vendors?

Case Studies & Client References

Do they have real customer case studies for you to check out and solid client references for you to talk to?

Customer Profiles

Do they have a variety of different customer profiles? Are their customers all mostly small customers, or do they have mid-sized and large enterprise customers as well? Do they have customers in a wide array of industries?

Integration Capabilities

Do they support Active Directory and have open APIs that allow you to easily integrate with HR systems?

Geographic Reach

Do they support global geographies and support multiple languages or are they confined to a specific language, country, or region?

Service & Support

What kind of post-sales service and support do they offer? And what type of service level agreements can you expect from them?

Company Vision & Roadmap

What is the stated vision for the company? Does that vision align with the direction that you’re going with your company? What does their product roadmap look like? Does that roadmap match up with where your company is headed, or do you see technology holes and gaps that look like red flags to you?

Get the best “package deal”

Here’s hoping this is a solid list of the high-level criteria you should apply in selecting a policy and procedure management technology solution, and to evaluating the vendor that’s providing it.  Because, as they say, it really is a package deal. For the best possible return on your software investment, you need both of them to deliver.

The perfect scenario? Finding a best-of-breed technology solution backed by a vendor that you can not only trust, but also feel you can partner with as your company grows and your needs change over time. It’ll be well worth all the time and diligence you put into identifying that peerless combination of product and provider.

Other resources you might find interesting: