Policies, Procedures and Forms and review periods

Picture of files with policies and procedures

At Strytex, we see a lot of policies, procedures and forms from a lot of different organisations, some good, some bad. Here’s how we define the differences and we have defined two types of forms. Above all, keep it simple.


Policy is a clear, simple statement of how your organisation intends to conduct its services, actions or business. They provide a set of guiding principles to help with decision making. They do not need to be long or complicated – a page or a couple of sentences may be all that is required for each policy area.


Procedure describes how each policy is put into action in your organisation. Each procedure should outline:

  • Who will do what
  • What steps they need to take
  • Which forms or documents to use.

Procedures can be long involved documents detailing multiple scenarios, or they can simply be a few bullet points or instructions. Sometimes they work well as forms, checklists, instructions or flowcharts.

Template Forms

Template Forms are the blank template documents to are used when the procedure is used. It’s helpful to provide instructions.

Completed Forms

Completed Forms are all the forms completed as part of the procedure, e.g. incident forms every time there is an incident, records of fire evacuation drills, etc.

The Manual

The Manual is simply the collection of all of the above. With electronic filing, maybe we don’t need manuals anymore.

Review Periods

In general, we recommend organisations review their policies, procedures and forms every 2-5 years.

Your policies are your guiding principles and they shouldn’t really change over the years. Maybe these only need to be reviewed every 5 years.

  1. If you are a start-up and growing fast, it makes sense to review procedures and forms every two years as things have probably changed significantly.
  2. If the procedure and form relates to a high risk part of your business, for safety’s sake, maybe it needs to be reviewed every 2 years.
  3. If the procedure and form relates to a low risk part of the business and nothing has changed, maybe you only need to review every 5 years.

Table of Contents

Nigel Dalton-Brown, GAICD, AMIIA, MBA

Managing Director, Chair, Speaker, Lecturer, Author

Nigel is the Founder of Strytex and has been presenting and writing on Goverence, Obligational Awarenss, Risk Management and Compliance administration (GORC) since 2010.

Leave a Comment