Intranet policy management: Avoid the black hole

The days of leaving policies in the filing drawer and relying on staff to learn about working practices from the company handbook are numbered, as employers will leave themselves open to the threat of court claims and heavy financial penalties. Research proves that UK employers still have a long way to go before they can be sure their policy management is reliable.

A poll of 100 HR managers carried out by policy management software provider NETconsent in February reveals a lack of proactivity when it comes to dealing with policies. Worryingly, more than one in 10 (12%) hardly ever make updates to company policy or only do so after a crisis – when it is already too late.

According to the poll 39% of employers amend policies after a scheduled review, with just under one-third (30%) making policy changes after a change in circumstances.

Informing staff about policy changes and ensuring they have read and understood the changes is crucial if companies are to defend themselves at an employment tribunal.


When asked how employees are informed about policy changes, one-third of respondents say they communicate changes via e‑mail, followed by 28% who use an intranet and 20% who still use paper memos. Surprisingly, more than one in 10 (13%) inform staff of policy changes verbally.

Another survey – of 1,100 employers, conducted by online law firm HR Law – found that only a quarter of companies had a formal policy on flexible working, despite the extension of this legislation that came into effect on 6 April 2007.

The importance of communicating a clear internet usage policy was highlighted recently at IBM. An employee, James Pacenza, was dismissed for using an internet sex chat room during working hours. Pacenza claims that he has to use such sites to alleviate distress caused by post-traumatic stress disorder related to his service in the Vietnam war.

IBM claims that Pacenza was warned that his behaviour was unacceptable before his dismissal – and that it has clear internet usage policies in place. However, if IBM cannot prove that Pacenza has read the policies it may find it difficult to defend its decision to dismiss him.

In July 2006, when Warwick Business School conducted research into why small firms were more likely to end up in an employment tribunal than large organisations, the researchers found that a key influence on success at a tribunal was not just having procedures in place but actually using them.

Simply having procedures, or an HR department, made no difference. Companies that have procedures and policies in place are not in the clear, since having policies is insufficient if employees have not seen them.

Ensuring compliance

The regulation of Investigatory Powers Act 2000 asserts that an organisation must be able to demonstrate beyond all reasonable doubt that an individual has been given the opportunity to read and accept the policy. This means that the onus is on the employer to ensure that this is the case.

To ensure compliance, organisations need to manage policies proactively, using the most suitable communication channels and creating a foolproof audit trail.

Given the time that this can take, it is worth considering policy automation tools that eliminate paper-chasing and provide a solid audit trail.

According to the Chartered Institute of Personnel and Development, employees are more likely to exercise discretion positively if they feel they are being treated fairly, and this has to be considered when dealing with policies. To be truly effective, a policy needs to be communicated to staff in a way that ensures they understand how it works and why it is there.

Best practice policy management

  • Ease of use – The more policies to be managed, the more updates and changes will be required. To minimise the time spent on managing policies it should be easy to create, update, distribute and monitor responses to new and revised policies.

  • Updates – Keep all policies updated and current in line with corporate culture, working practices, legal precedents and changes to legislation.

  • Record agreements – Maintain records of employee agreement to relevant active policies, and retain a full archive of agreements to previous policy versions.

  • Access for all – Ensure that all employees, including those who work from home or remotely, have access to central policy repository.

  • Control – Make sure that access of ‘author rights’ to policies is tightly controlled and only nominated persons can make changes to policies and policy records.

  • Understanding – Randomly test employees’ understanding of policies to determine whether further education or policy reviews may be required.

  • Check – Carry out checks to ensure that any required policy agreements can be accessed for evidence at short notice.

How should we introduce policies?

  • Assess/audit what is already in existence, both formally and informally.

  • Research and benchmark against other organisations’ practice, particularly in the same sector or location.

  • Consult staff representatives and unions.

  • Establish steering groups/working parties.

  • Set realistic timescales.

  • Pilot draft policies.

  • Communicate policies to staff, eg, through briefings and/or workshops for staff and managers. Give specific guidance to managers.

  • Hard copies could be given to employees or put on notice boards, or ‘soft’ copies circulated by e-mail or placed on an intranet. The communication process should be tailored to the organisation.

  • Introduce the policies as part of the induction process.

  • Have a continuous review process.

Source: CIPD 

What makes a good policy?

It is important for policies to be:

  • Linked to business strategy, with a definite purpose for their creation.

  • Complementary – working together to reinforce the company image.

  • Flexible – able to adapt to changes in strategy and direction.

  • Open and transparent.

  • Suited in tone to the culture of the organisation.

  • Developed through the involvement of employees and interested stakeholders.

  • Communicated to all employees.

  • Easily understood, written in plain English and containing no jargon.

Source: CIPD

Dom Saunders is operations director at policy management software provider, NETconsent

Comments are closed.