My organization is currently reviewing and enhancing our approach to policy compliance governance and would value insights from other compliance programs and leaders.
Specifically, we’re interested in learning:
Policy Compliance SLAs & Thresholds
- How do you define when a policy is considered out of compliance?
- Do you use formal SLAs or grace periods for policy reviews and approvals?
- Is your policy compliance process rolling , or are all policies required to be updated by a specific deadline?
- Have you benchmarked against peer institutions (e.g., higher education, healthcare, financial services), and what models have worked best?
Accountability & Oversight
- What accountability measures are in place when policies are overdue or noncompliant?
- Who owns enforcement—policy owners, leadership, compliance, or a shared model?
- What approaches have proven effective, and what hasn’t worked in practice?
Our goal is to better understand how peer organizations structure policy compliance, encourage timely updates, and maintain accountability without creating unnecessary burden.
If you’re open to sharing examples, frameworks, or lessons learned (successes or challenges), we’d greatly appreciate the insight. Thank you in advance for contributing to the conversation!