How Often Should Policies Be Reviewed?

Written By Marlene Lane

One of the questions I'm asked regularly is: "When do we actually need to review our policies?"

My answer is always the same: "It depends — but it doesn't have to be complicated."

This is Part 3 in the Policies Series. Start with Part 1: From Shelf to Strategy if you're just joining us.

The Reality

Policies don't stay relevant forever. Organizations grow, roles evolve, and legislation changes — often quietly. Over time, policies can lose alignment with day-to-day practice without anyone noticing.

Most leaders know reviews should happen, but competing priorities push them to "next quarter," then the next. When policies fall out of date, employees become unsure about what to follow, and trust erodes when written practices no longer match how work actually happens.

The good news? Keeping policies current doesn't have to be overwhelming.

A Review Isn't a Rewrite

A policy review doesn't have to mean rewriting everything. In fact, it's often simply a check-in. A quick review asks:

  • Does this still reflect how we work?

  • Is anything missing, unclear, or outdated?

  • Have laws or regulations changed?

If everything still fits, update the date and move on. If not, make targeted updates. Most policies don't need to be rewritten — they just need a refresh.

A Simple Review Cycle

There's no universal required schedule unless legislation specifies one, but this cycle works well for most organizations:

Annually: High-risk policies — Health & Safety, Code of Conduct, Privacy

Every 3–4 Years: Operational policies — Recruitment, IT use, Performance Management, Expenses

As Needed: Triggered by legislation changes, restructuring, new programs, new systems or technology, or incidents that highlight gaps

This keeps policies aligned without creating unnecessary work.

Starting When You're Overdue (It's Normal)

Many organizations discover they haven't formally reviewed their policies in several years — and that's completely normal. What matters is taking the first step:

  • Pick 3–5 core policies that impact the most people

  • Check for accuracy — are roles, processes, and references still correct?

  • Spot duplication or gaps

  • Flag what needs expert review (privacy, safety, HR)

  • Document with a "reviewed on" date

  • Set a realistic future review cycle

  • Assign ownership — someone needs to keep it moving

Small steps build momentum. You don't need to refresh everything at once.

The Goal: Clarity, Not Perfection

Policy reviews are meant to support people, not burden them. When reviews are simple and predictable, leaders stay aligned, employees know what to follow, and policies remain practical and trustworthy.

A good policy system isn't perfect — it's consistent.

If this resonates with what you're navigating, I'd welcome a conversation. Let's talk.

Marlene Lane
Previous

Let's Put the Fun Back Into Policy Reviews
Next

Making Policy Part of Everyday Culture