Starting with templates when creating policies and procedures ensures organizations don’t leave out small but essential details. Templates are especially helpful in highly regulated enterprises, such as healthcare environments where HIPAA requirements come into play. You can’t simply drop a full template into your knowledge management database and call it a day, however. Every organization has it’s own requirements, and it’s important to understand how to customize templates to meet your needs.
When to Use Policy Templates
Templates should be used when creating policies that govern common principles or procedures for your niche. Healthcare organizations may start with a government-approved blood-borne pathogens policy template when creating a safety or compliance policy, and retailers may begin with a PCI-compliant template on handling credit card information. In both of those cases, very specific details and actions must be included in the policy, regardless of the company. A template provides some education about those requirements and ensures important aspects are not missing from the final procedure.
In contrast, you would not use a template for a procedure unique to your company. A food wholesaler who has designed a new process for packaging food may use a template for food safety policies, but not for the writing the SOP for the unique packaging process.
Where to Find Policy Templates
Sample policy templates can be acquired through agencies such the Small Business Association or SCORE.org, which provide free advice and resources for business owners. Companies in niche industries can often turn to regulatory agencies for strong policy templates. The Centers for Medicare and Medicaid Services, as well as the U.S. Department of Health and Human Services, provide a number of HIPAA templates, while the PCI Security Standards Council offers PDF downloads of report and other templates for any business handling credit card information.
How to Customize Policy Templates
Review each policy template with your company’s needs and compliance requirements in mind. Some policies, such as the HIPAA privacy policies, cannot be altered. Others, including sample policies for running a business or hiring individuals, can be altered completely. The key is to make non-compliance policies conform to your business model rather than trying to wrap your business model around policies you downloaded from someone else.