SharePoint for Policy Management: When to Move On
Published 25 June 2026
By Brian Crocker
The practice manager at a four-partner GP surgery spent most of Friday morning doing something that should not take most of Friday morning. The surgery keeps policies in SharePoint. Forty-three of them. When the CQC inspection notice arrived, the manager opened the document library, sorted by "Date modified," and started comparing dates to the last-review column in the spreadsheet she keeps separately because SharePoint does not have a review-date field. Three policies had no last-reviewed date recorded anywhere. One had been reviewed twice in the same month by different partners. She could not tell which version was current.
SharePoint is where this story starts. It is rarely where it ends well.
What SharePoint Actually Does for Policy Management
It is worth being precise about what SharePoint does well before getting to where it does not, because the failure mode often comes from expecting SharePoint to be something it was not built to be.
SharePoint does document storage competently:
- Version history — every time a file is saved, SharePoint creates a new version. You can retrieve earlier drafts, see who saved them, and recover from overwritten changes.
- Permissions — you can restrict who can view, edit, and manage documents. Policy documents containing personal data or commercial-in-confidence information can be controlled.
- Search — within a Microsoft 365 tenancy, SharePoint search surfaces policies from any connected device.
- Co-authoring — multiple people can edit a document simultaneously. Useful when a policy owner and their line manager are working through a revision together.
- Integration with Teams and OneDrive — policies in SharePoint are accessible directly from Teams channels, which is where many staff spend their working day.
For an organisation with fewer than twenty policies and one person who owns the management process, SharePoint does most of what is needed without any additional cost.
Where SharePoint Runs Out of Road
The limitations are not random — they follow directly from what SharePoint is: a file management system, not a policy governance system. Once you start expecting policy governance from it, the gaps become visible.
Review scheduling is entirely manual
SharePoint has no concept of a "review date." There is no field in the document library that triggers a notification when a policy is due for review. The closest you can get is:
- Add a custom metadata column called "Next Review Date"
- Configure an alert that emails you when the column value equals today's date (which requires Power Automate, custom flows, and ongoing maintenance)
- Or rely on a separate spreadsheet
Most organisations do the third. The spreadsheet works until the person who built it leaves, or it is not shared with the right people, or it gets out of sync with the actual document versions in SharePoint. At that point you have the GP surgery situation: a document library and a spreadsheet that are telling different stories.
The Policy Review Schedule Generator does this in a browser in a few minutes — but the point is that SharePoint requires you to build your own scheduling system around it.
Approval workflows require technical configuration
For a policy to be formally approved — by a governing body, trustee board, practice partners, or council — someone needs to confirm the approval and timestamp it. SharePoint has approval workflows through Power Automate, but they require:
- Knowledge of Power Automate (a separate Microsoft tool)
- Building the workflow for each policy type or routing requirement
- Maintaining the workflow when approval authorities change
- Troubleshooting when it stops working
Small regulated organisations do not have IT departments. Expecting the school business manager or the parish clerk to configure and maintain Power Automate approval flows is not realistic. In practice, approvals happen via email and the record is an email chain that nobody can find at inspection time.
Compliance dashboard does not exist
You cannot open SharePoint and see: "12 policies current, 3 due for review within 30 days, 1 overdue, 4 no review date." That view does not exist. You can create it with SharePoint lists, calculated columns, and conditional formatting — but it will take half a day to build, will break when someone renames a column, and needs someone to maintain it.
The absence of a compliance view matters most when an inspection is announced. The first thing an inspector asks — whether CQC, Ofsted, or the Charity Commission — is "show me your policy register and tell me when each policy was last reviewed." In SharePoint, answering that question accurately requires manually checking every file's metadata.
No sector-specific context
SharePoint does not know that your school needs the statutory policies maintained-schools guidance requires, or that your GP practice needs policies covering every regulation CQC will inspect against. You have to build that context yourself: categories, required policies per regulator, sector-appropriate review frequencies. A policy management system designed for regulated organisations has that built in.
Not accessible without Microsoft 365
Parish councils, small charities, and independent schools often do not use Microsoft 365. Their staff may use a mix of Google Workspace, paper-based systems, or minimal IT infrastructure. For these organisations, SharePoint is simply not an option.
When SharePoint Is the Right Answer
The cases where SharePoint is genuinely the right answer for policy management:
- Fewer than 30 policies and one person managing them
- No regulatory inspection requirement (the organisation is not CQC-registered, Ofsted-inspected, Charity Commission-regulated, or subject to external audit for governance)
- Already deep in Microsoft 365 with IT support to configure and maintain workflows
- No multi-site complexity — single location, single management layer
If all four are true, the cost of moving to a dedicated tool is hard to justify.
The Signals That Tell You SharePoint Has Run Out of Road
Most small UK regulated organisations discover SharePoint's limits at one of three moments:
The inspection prep moment. An inspection notice arrives and someone needs to produce a complete, accurate policy register with last-reviewed dates within 48 hours. Producing that from SharePoint requires manual checking of every file. The first time this happens under pressure, organisations start looking for something better.
The version conflict moment. Two people update the same policy. SharePoint creates versions, but the metadata — the review date, the owner, the approver — may not be updated consistently. An inspector asks for the current approved version and there is uncertainty about which one it is.
The team handover moment. The person who built and maintained the SharePoint structure leaves. Their successor inherits a document library with inconsistent metadata, unmaintained workflows, and a spreadsheet that is three months out of date.
If any of these situations describes your organisation's current experience, the question is not whether SharePoint is the right long-term answer — it is not — but what you are moving to.
What a Dedicated Policy Management System Does Differently
The difference is not additional features bolted onto a document management system. It is a different design intent from the ground up:
- Review dates are the core data structure, not a metadata field. The system is built around the assumption that every policy has a review cycle. Reminders fire automatically. Overdue reviews surface in a dashboard without anyone checking.
- Approval workflows are configured, not built. Different policies can route to different approvers — the governing body for statutory policies, the practice manager for clinical policies — without Power Automate.
- The compliance dashboard is the starting point. What is current, what is due, what is overdue — visible at login, not at the end of a manual audit.
- Sector context is built in. The system knows what a CQC-registered practice needs. The system knows what maintained schools guidance requires. You do not have to replicate that knowledge in a document library column.
PolicyBoard is designed for exactly this: small UK schools, GP practices, charities, and councils that have outgrown SharePoint for policy management. Automated review reminders, approval workflows, compliance dashboard, and audit trail — without requiring Microsoft 365 or IT support to configure. Join the waitlist to be notified when it launches.
SharePoint Policy Management: The Practical Summary
SharePoint works for policy management when the portfolio is small, the team is stable, and no regulator will ask for a timestamped compliance picture. It runs out of road when review scheduling needs to be reliable, when approval governance needs an audit trail, or when an inspection requires a complete compliance overview in minutes rather than hours.
The policy management beyond SharePoint guide covers the common patterns in more detail. If you are evaluating alternatives, the what to look for in policy management software guide covers the criteria that matter for small regulated organisations.
This guide is written for compliance leads, school business managers, practice managers, and council clerks at small UK regulated organisations evaluating their current policy management arrangements. It is not legal advice and is not an endorsement or criticism of any specific technology platform.
Stop tracking policy reviews in spreadsheets
PolicyBoard automates review reminders, approval workflows, and compliance dashboards for UK regulated organisations.
Related articles
Moving Beyond SharePoint for Policy Management
SharePoint stores documents but does not manage policies. Here is why small UK regulated organisations are outgrowing it — and what to look for instead.
GP Practice Policy Management: Staying CQC-Compliant
How GP practices manage the policies CQC expects to see — what Regulation 17 requires, which policies matter most at inspection, and how to keep them current with minimal admin.
Policy Tracking Software: What UK Compliance Teams Need
What to look for in policy tracking software as a small UK regulated organisation — the features that matter, and the enterprise extras you can safely skip.