Review policies define when and how often content should be reviewed, and who should receive reminders. Once you create a policy, you can assign it to documents, risk assessments, or other content to ensure they're regularly checked for accuracy and currency.

Required permissions: You need the Manager or Admin role for your site to create review policies.

If you don't see the governance settings, contact your site administrator to request appropriate access.

What you'll need:

You'll see a list of existing review policies for your site.

Click the New Review Policy or Create Policy button.

Give your policy a clear, descriptive name that explains what it's for and how often reviews happen.

Good examples:

Why this matters: When assigning policies to content, clear names help you choose the right one. "Annual Policy Review" is more helpful than "Policy 1".

Tip: Include the interval in the name (annual, quarterly, monthly) so it's immediately clear how often reviews occur.

Add a brief description explaining when to use this policy and what content it's meant for.

Example: "Use for all health and safety policies that require annual review under regulatory requirements. Reviewers should verify accuracy and alignment with current regulations."

This guidance helps content authors choose the correct policy and tells reviewers what to focus on.

Choose how often content should be reviewed. Enter a time period like:

Common intervals:

Tip: Match your interval to regulatory requirements. If HSE guidance recommends annual risk assessment reviews, use "1 year".

How it works: When you assign this policy to content, CalmCompliance calculates the next review due date by adding the interval to the current date. For example, with a "6 months" interval, content assigned today will be due for review in 6 months.

Specify who should receive review reminders when content is due for review.

You have two options:

Click Add Users (or similar button) and select specific people.

Example: Add "Sarah Thompson" (Health & Safety Officer)

When to use individuals:

Pros: Clear accountability Cons: No coverage if person is unavailable; requires policy updates when people change roles

Click Add Groups (or similar button) and select teams or groups.

Example: Add "Department Managers" group or "Health & Safety Team"

When to use groups:

Pros: Flexibility, automatic updates, coverage during absences Cons: Less specific accountability (though you can still see who actually completed the review)

You can add both individuals and groups to the same policy.

Example: Add the Health & Safety Officer (individual) plus the Department Managers group. All of them will receive review reminders.

Tip: Use groups for most policies to ensure coverage and automatic updates. Reserve individual recipients for roles that truly require a specific person.

If your site has child sites, you'll see a Share with child sites checkbox.

When enabled:

Example: Head office creates "Annual Policy Review" and shares it with all regional sites. Every region uses the same 12-month review cycle.

When to share:

When not to share:

Click Save or Create Policy.

Your new review policy is now ready to use and will appear in the policies list.

Name: Annual H&S Policy Review Description: For all health and safety policies requiring annual review under HSE regulations Interval: 1 year Recipients: Health & Safety Officer, Compliance Manager Shared: Yes (across all sites)

Use case: Regulatory compliance—many H&S regulations require annual policy reviews.

Name: Quarterly High-Risk Assessment Review Description: For risk assessments in high-risk areas requiring frequent review Interval: 3 months Recipients: Operations Team group Shared: No (site-specific)

Use case: High-risk environments need more frequent reviews to catch changing conditions.

Name: Monthly COVID Protocol Review Description: Monthly review of COVID-19 safety protocols to align with changing guidance Interval: 1 month Recipients: Facilities Manager, Health & Safety Team group Shared: Yes (organizational standard)

Use case: Fast-changing regulations or temporary procedures need frequent review.

Name: 6-Month Standard Procedure Review Description: For operational procedures that change moderately Interval: 6 months Recipients: Department Managers group Shared: No

Use case: Standard procedures that don't change rapidly but need regular verification.

Name: 2-Year Technical Reference Review Description: For stable technical documentation and reference materials Interval: 2 years Recipients: Technical Team group Shared: Yes

Use case: Very stable content that rarely changes but still needs periodic verification.

Go to Settings > Governance > Review Policies to see all policies for your site.

You'll see:

Inherited policies are read-only—you can use them but can't edit or delete them.

Important: If you change the review interval, CalmCompliance automatically recalculates the next review due dates for all content using that policy. This ensures everything stays on the new schedule.

Example: You have a "6-Month Review" policy, and 20 documents are using it. You change the interval to "1 year". CalmCompliance immediately recalculates the next review due date for all 20 documents based on the new annual interval.

Important: You can't delete a policy if it's currently assigned to active content. You'll need to:

This prevents orphaned review assignments.

Before editing or deleting a policy, check how many pieces of content are using it. Most policy lists show usage counts or links to view assigned content.

Tip: If you're replacing a policy, create the new one first, reassign all content, then delete the old policy.

Too frequent (e.g., monthly for stable content):

Too infrequent (e.g., 5 years for safety content):

Just right:

Guideline: Start with regulatory minimums (often annual for H&S content), then adjust based on how frequently content actually changes.

Benefits of group recipients:

When to use individuals:

Best practice: Default to groups unless there's a strong reason to assign individuals.

Don't create too many policies:

Do create reusable policies:

Guideline: Aim for 3-6 review policies that cover most of your content. Common set:

Include the interval in the name so it's immediately obvious:

Good:

Bad:

If using individual recipients, consider:

What happens to existing content when I change a policy's interval?

CalmCompliance automatically recalculates the next review due dates for all content using that policy. If you change from 6 months to 12 months, content that was due for review in 3 months might now be due in 9 months.

Can I assign multiple review policies to one document?

No. Each document or assessment can have one active review policy at a time. If you need different review frequencies for different aspects, consider splitting into multiple documents.

What if I delete a group that's used in a review policy?

The policy will continue to exist, but it won't have any recipients from that group. You should update the policy to add new recipients. Existing review assignments will continue but won't send notifications.

How do I know which content is using a review policy?

Most policy lists show usage counts. You can also search or filter content by review policy to see what's assigned.

Can reviewers see who else is assigned to review?

Yes. When they receive a review notification, they can see all assigned reviewers.

What happens if no one completes a review?

The content remains published but is marked as overdue for review. Notifications continue to remind reviewers. Administrators can track overdue reviews.

Can I have different policies for different document types?

Yes. Create as many policies as you need. For example, "Annual Safety Policy Review" for policies and "Quarterly Risk Assessment Review" for risk assessments.

Do I need separate policies for documents and risk assessments?

Not necessarily. You can use the same review policy for both if they have the same interval and recipients. Or create separate policies if they need different review schedules.

Now that you've created review policies:

For one-time approvals before publication, see Creating Approval Policies.