Skip to main content

Understanding Review Policies

Learn how review policies keep published content current through scheduled reviews

Ben Gale avatar
Written by Ben Gale
Updated over a week ago

Overview

Review policies ensure that your published content—like policies, procedures, and risk assessments—stays current and accurate through scheduled reviews. Instead of manually remembering to review documents, review policies automatically remind the right people when reviews are due.

Why Use Review Policies?

Published content doesn't stay relevant forever. Regulations change, processes evolve, and equipment gets updated. Review policies help you:

  • Stay compliant: Many regulations require periodic review of safety documents and risk assessments

  • Keep content current: Catch outdated information before it causes problems

  • Prevent document drift: Regular reviews ensure procedures match actual practice

  • Create audit trails: Record when content was reviewed and by whom

  • Avoid manual tracking: Automatic reminders replace spreadsheets and calendar reminders

Without review policies, important documents can go years without review, becoming outdated and potentially dangerous.

How Review Policies Work

Review policies create a recurring cycle of review reminders. Here's the flow:

1. Create a Review Policy

You set up a review policy that defines:

  • How often reviews happen: Every 3 months, 6 months, 1 year, etc.

  • Who gets reminded: Individuals or groups responsible for reviewing

  • What it applies to: Assigned to specific documents or assessments

2. Assign the Policy to Content

When you create or edit content (like a document), you assign a review policy to it. This starts the review cycle.

3. Automatic Review Reminders

CalmCompliance automatically:

  • Calculates when the next review is due

  • Sends notifications when the due date arrives

  • Reminds assigned reviewers to check the content

4. Reviewers Complete Reviews

When notified:

  • Reviewers access the content

  • Check it's still accurate and current

  • Mark the review as complete (or make updates first)

5. Cycle Repeats

Once a review is complete:

  • The next review due date is automatically calculated

  • The cycle continues based on the policy's interval

  • Reviewers are reminded again when the next review is due

Review Policies vs. Approval Policies

It's important to understand the difference between reviews and approvals:

Review Policies (This Guide)

Purpose: Keep published content current through scheduled reviews

Timing: Recurring (e.g., every 6 months, annually)

When it happens: Automatic reminders based on schedule

Process: Review existing published content, check it's still accurate

Action: Verify content or make updates as needed

Example: A fire safety policy is reviewed every 12 months to ensure it's still current

Approval Policies

Purpose: Get sign-off before publishing new content or changes

Timing: One-time, triggered when submitting content

When it happens: Before publication, when you submit for approval

Process: Multi-stage review and approval of draft content

Action: Approve or reject before content goes live

Example: A new safety policy needs manager and safety officer approval before publication

Using Both Together

Most critical content benefits from both policies:

  1. Before publication: Approval policy ensures proper review and sign-off

  2. After publication: Review policy ensures ongoing currency through scheduled reviews

Example workflow:

  • You create a new COSHH assessment

  • Approval policy requires safety officer approval before it's published

  • Once published, review policy ensures it's reviewed every 12 months

  • When review is due, reviewer checks if it's still accurate

  • If changes needed, they edit and resubmit for approval

Key Concepts

Review Intervals

Review intervals define how often content should be reviewed. Common intervals:

  • 3 months (quarterly): For fast-changing content or high-risk areas

  • 6 months (semi-annually): For moderately changing content

  • 12 months (annually): For stable content with yearly regulatory requirements

  • 2 years (biannually): For very stable content with infrequent changes

Example: Health and safety policies might have a 12-month review interval to align with annual compliance checks, while COVID protocols might have 3-month reviews due to rapidly changing guidance.

Review Recipients

Recipients are the people who receive review reminders. You can assign:

Direct recipients: Specific individuals

  • Example: "Mark Wilson" (Health & Safety Officer)

Group recipients: Everyone in a team or group

  • Example: "Department Managers" group

  • Any member can complete the review

Tip: Use groups for flexibility—if someone is on holiday, another team member can handle the review.

Review Assignments

When you apply a review policy to content, it creates a review assignment. The assignment:

  • Links the policy to the specific content

  • Tracks the next review due date

  • Records when reviews were completed

  • Maintains the review schedule

Each piece of content can have one active review assignment at a time.

Scheduled vs. Ad-Hoc Reviews

Scheduled reviews:

  • Automatic reminders based on the policy interval

  • Recurring on a regular cycle

  • Managed by CalmCompliance

Ad-hoc reviews:

  • Manual one-time reviews outside the regular schedule

  • Triggered by events (incident, regulation change, etc.)

  • Can optionally reset the scheduled review cycle

Example: A risk assessment has scheduled annual reviews, but after an incident, you trigger an ad-hoc review immediately. You can choose whether this ad-hoc review resets the annual cycle or not.

When to Use Review Policies

Good Use Cases

Regulatory compliance:

  • Health and safety policies (often annual review required)

  • Risk assessments (HSE guidance recommends regular review)

  • COSHH assessments (review when substances or processes change)

  • Fire risk assessments (annual or after significant changes)

Critical procedures:

  • Emergency procedures (ensure they reflect current practice)

  • Safety procedures (catch changes in equipment or processes)

  • Compliance documentation (align with regulatory updates)

Dynamic content:

  • COVID-19 protocols (frequent updates needed)

  • Contractor procedures (align with changing contractors)

  • Temporary arrangements (ensure still relevant)

When Not to Use Review Policies

Static historical content:

  • Historical records that don't need updating

  • Archived documents for reference only

  • Completed incident reports

Frequently changing content:

  • Working drafts (use version control instead)

  • Collaborative documents (too dynamic for scheduled reviews)

Low-risk informational content:

  • General notices

  • Reference materials

  • Simple announcements

What Happens During a Review

For Content Owners

You've assigned a review policy to your document:

  1. Review due date approaches: CalmCompliance tracks the schedule

  2. Reminder sent: Recipients receive email and inbox notifications

  3. Review completed: Reviewers check the content

  4. Next review scheduled: System automatically calculates next due date

  5. Cycle continues: Process repeats indefinitely

For Reviewers

When you're assigned as a review recipient:

  1. Notification arrives: Email and inbox item when review is due

  2. Access content: Click through to view the document or assessment

  3. Review for accuracy: Check if content is still current and correct

  4. Take action:

    • If accurate: Mark review as complete

    • If outdated: Make edits (may require resubmission for approval)

  5. Done: Review is recorded, next review scheduled

For Administrators

Monitor review compliance across your site:

  • See all review assignments and due dates

  • Track which content is overdue for review

  • Ensure review policies are working effectively

  • Adjust policies as needs change

Review Policy Sharing

If your site has child sites, you can share review policies:

Shared policies:

  • Created at parent site level

  • Available to all child sites

  • Child sites can use but not edit them

  • Ensures consistent review intervals across the organization

Example: Head office creates a "Annual Policy Review" policy (12-month interval) and shares it with all regional sites. Every region uses the same review schedule for consistency.

Site-specific policies:

  • Created at individual site level

  • Only available to that site and its children (if shared)

  • Allows customization for specific needs

Review Compliance and Audit

Audit Trail

Review policies create a complete audit trail:

  • When reviews were due

  • When reviews were completed

  • Who completed them

  • Any comments or changes made

This is valuable for:

  • Regulatory compliance inspections

  • ISO audits

  • Internal quality reviews

  • Demonstrating due diligence

Tracking Overdue Reviews

CalmCompliance tracks:

  • Reviews that are due now

  • Reviews that are overdue

  • Upcoming reviews

Administrators can monitor compliance and follow up on overdue reviews.

Common Questions

Do review policies automatically update content?

No. Review policies send reminders, but humans must actually review the content. If changes are needed, reviewers edit the content themselves.

What happens if a review is overdue?

The content remains published, but it's marked as overdue for review. Notifications continue to remind reviewers until the review is completed.

Can I change a review policy's interval after creating it?

Yes. When you change the interval, CalmCompliance automatically recalculates the next review due dates for all content using that policy.

Can one document have multiple review policies?

No. Each document or assessment can have one active review policy at a time. If you need different intervals for different aspects, consider splitting the content.

Do I need Manager permissions to set up review policies?

Yes. Creating and editing review policies requires the Manager or Admin role for your site. However, anyone assigned as a reviewer can complete reviews.

What if the person responsible for reviews leaves the company?

If you use individual recipients, you'll need to update the review policy to assign a new person. If you use group recipients, simply update the group membership—the policy automatically uses current group members.

Can I pause reviews for a document?

Yes. Remove the review policy assignment from the document to stop scheduled reviews. You can always reassign it later to restart the cycle.

Next Steps

Ready to set up review policies?

  1. Plan your review schedule: Decide what needs reviewing and how often

  2. Create your first policy: See Creating Review Policies

  3. Set up review intervals: Learn about Setting Up Review Schedules

  4. Manage ongoing reviews: Check out Managing Review Cycles

For one-time approvals before publication, see Understanding Approval Workflows.

Did this answer your question?