Compliance Standards and Procedures

Sample Compliance Policy Management Checklist



Function Responsible

Next Steps

Completion Date

Policy approval process

Create “policy on policies” that defines approval process for policies, including any intermediary approval requirements and who has final approval authority

Outline policy approval process steps and approval “gates,” including approval by policy owner, Legal, and final approver (e.g., senior management and/or compliance governance committee)

Communicate policy approval policy and process to relevant stakeholders

Policy drafting

Create standard policy format

Identify risk(s) for which a policy is needed (i.e., which risk will this policy help mitigate?)

Determine scope of persons affected by the risk (e.g., size of audience, geographical locations, job functions, departments) to determine policy audience

Identify relevant subject matter expert(s) to assist in drafting of new policy

Create initial draft of policy using standard policy format and identified policy audience

Assign policy owner (may be the subject matter expert)

Circulate initial draft for comment from relevant stakeholders

Create final policy draft and submit through policy approval process

Following approval, determine whether translations will be needed and if so, obtain them

Policy implementation

Determine appropriate communication method based on urgency and audience, including consideration of any translations needed for communication pieces

Create communication plan with rollout dates and effectiveness measures

Draft communication pieces and submit for approval through corporate communications approval process

Once approved, obtain any needed translations

Launch policy communication campaign and assess effectiveness

Ensure new policy is posted to policy library and easily accessible to all affected persons

Policy maintenance

Create versioning protocol to track revision dates and versions of policies

Assign an owner for each policy

Choose a review cadence for review of each policy based on comparative risk

Policy review

Review policies based on a set review cadence for each (e.g., annually)

Ensure subject matter expert/policy owner conducts content review for each policy to ensure adequate risk mitigation

Conduct legal review for each policy to ensure policy language is adequate and current

Document all revisions, including reasoning/basis for each change

Implement versioning protocol to track and communicate current version and replace/archive outdated versions

This document is only available to subscribers. Please log in or purchase access.