POLICIES
Policy management software that produces audit evidence
Manage the full policy lifecycle with targeted campaigns, employee e-signatures and audit-ready evidence.
EQS Policies give you one platform to create, distribute, and certify every policy. Employees get instant access and AI-powered answers. You get timestamped proof of every attestation. Auditors get their evidence in seconds.

Trusted by 14,000+ organizations globally
The policy lifecycle management challenges auditors find first
Policy management failures usually start when an organization cannot prove who received the current version, who signed it, and whether that version was in force at the time of the incident. The policy did exist. It was the evidence trail that did not.
Most compliance teams run policy distribution across a mix of document libraries, email campaigns, and spreadsheet trackers. Each element works in isolation. Together, they rarely produce a structured record that shows the policy version, the intended audience, the completion status, and every signature — in sequence, ready to present.
When a regulator or auditor asks for evidence of compliance, the answer should be one export. For most teams, it becomes a Herculean reconstruction project.
85% of compliance and governance leaders say compliance requirements have become more complex over the past three years.
Source: PwC Global Compliance Survey, 2025
A governed policy management software for the full policy lifecycle
EQS Policies is policy management software for compliance teams that need more than a document library. It manages policy creation, approval workflows, targeted distribution, e-signatures, and attestations — producing a structured evidence record.
Sitting inside the EQS Compliance Cockpit, policies connect directly to disclosure workflows, third-party attestations, case investigations, and compliance reporting — without a separate integration or a second system to maintain.
Why choose a dedicated policy management software
Governed policy lifecycle
Multi-step approval workflows route before any policy reaches employees. Reviewers are notified automatically, can annotate inside the platform, and each version is stored with a full review history and next scheduled review date. Access controls and approval gates keep the policy library current, clean, and defensible.

Targeted distribution
Define your distribution audience by role, region, entity, employment status, risk profile, or third-party relationship. Policies go to a defined audience rather than the whole organization — reducing acknowledgement fatigue and giving completion data that reflects the right population. 45 languages supported across the platform.

E-signatures and attestations tied to the evidence record
Employees, contractors, vendors, and external partners can confirm receipt, acknowledge understanding, or sign digitally. Each e-signature or attestation is linked to the policy version, the user identity, and a timestamp at the moment it is captured — available as part of the compliance record from day one. Completion dashboards show live status across campaigns, and overdue actions surface immediately.

Automated reminders and escalation
Configure reminder cadences and escalation paths once. EQS Policies handles the follow-up. Scheduled notifications go to overdue employees; escalations route to line managers or compliance leads where configured. Completion gaps close without your team managing a spreadsheet.

Policy Buddy:
from acknowledgement to understanding
Policy Buddy helps employees find answers inside approved policy content, get summaries of long documents, and locate the relevant section — without ever submitting a request to the compliance team. Employees can understand what the policy requires before they sign it. Policy Buddy does not generate policy language or answer questions outside the documents provided.

Third-party policy distribution
Policy distribution and attestation workflows extend to vendors, contractors, and external partners through EQS Policies and EQS Third Parties. Anti-bribery program requirements, supply chain policy acknowledgements, and vendor attestations are captured in the same evidence trail as internal policies.

Regulations that require policy evidence
Policy management is evidence of program operation across multiple regulatory frameworks. EQS Policies is used by compliance teams managing obligations under:
EU Whistleblowing Directive
Policy distribution to speak-up program participants; evidence that employees were informed of their rights and obligations. Read the EU Whistleblowing Directive guide.
GDPR / GDPR Article 25
Privacy-by-design infrastructure for employee and third-party data captured in attestation workflows.
FCPA / UK Bribery Act
Anti-bribery and anti-corruption policy distribution and third-party certification as documented program evidence. Read the FCPA third-party due diligence guide.
CSRD
Supply chain ethics and code of conduct distribution as part of sustainability due diligence obligations.
ISO 37001
Anti-bribery management system documentation and attestation requirements.
NIS2 Directive
Information security policy distribution and employee acknowledgement for covered entities.
Where EQS Policies fits
| Requirement | EQS Policies | Standalone tools | GRC suite modules |
|---|---|---|---|
| Policy lifecycle governance | Built-in: approval, versioning, scheduled reviews | Lifecycle features vary; often manual setup | Present, but configuration complexity varies |
| Targeted campaigns and distribution | Yes — role, region, entity, risk profile, third-party | Basic distribution; audience targeting limited | Available in most; campaign features vary |
| E-signatures and attestations | Timestamped, tied to policy version and user identity | Often present; evidence record quality varies | Usually present; may require separate module |
| Third-party policy distribution | Native — extends to vendors, contractors, partners | Rarely native | Often a separate module or integration |
| AI policy understanding (employees) | Policy Buddy — answers from approved content | Uncommon | Emerging; quality varies by platform |
| Connected to disclosure and investigation workflows | Yes — same platform as Integrity Line and Approvals | Uncommon | Varies by suite |
| European regulatory-first heritage | Yes — Munich-headquartered, 20+ years in EU compliance | No | Major GRC suite vendors are US-headquartered |
| Audit export | Structured export from one system | Varies | May require cross-module extraction |
How compliance teams use EQS Policies

"Thanks to EQS Policies, we can easily fulfill our task of sharing policies with colleagues, and I can be sure that all contacts in our personnel system receive the appropriate notification. This is a great help."

Edmund Blum
Legal & Compliance Manager, tonies
The situation
As tonies expanded internationally, manual policy management created audit risk. Employees were not consistently certifying updates on time, and compliance evidence was difficult to produce quickly.
What changed
Centralized policy workflow. Automated attestations globally. Clear visibility into completion status across international teams.

Centralized policy management

Automated attestations with audit trails

Faster onboarding with automated notifications
"EQS Policies enabled us to overcome these challenges through automation, centralized access, and transparent monitoring."
Paulina Sich — Compliance Manager, STIEBEL ELTRON Group
The situation
Policies were scattered across emails, PDFs, and multiple systems. The team needed multilingual consistency and traceable acknowledgements that would hold up for auditors.
What changed
Multi-stage approval workflows, automated reminders, and real-time dashboards across regions — with a structured record that audit could review directly.
The EQS difference: Policy management orchestration
Policy captured as evidence, from the start.
Most document tools store policies and log that someone clicked through. EQS Policies captures a structured evidence record: the policy version in force, the distribution audience, the signature or attestation, the timestamp, and the reminder history. When a regulator or auditor asks for proof, that record is ready to export.
Signatures tied to the policy record at capture.
E-signatures and attestations are connected to the policy version, the campaign audience, and the compliance record at the moment they are captured. There is no separate e-signature system to reconcile with the policy library after the fact. For teams asked to demonstrate program operation under regulatory scrutiny, that structural difference matters.
Understanding built into the acknowledgement workflow.
Policy Buddy gives employees a way to understand what a policy requires before they sign it. Answers come from approved policy content. The result is attestation records that reflect understanding, which is relevant when a regulator examines whether the policy program changed behavior or produced paperwork.
Connected to the rest of your compliance program.
EQS Policies sits inside the EQS Compliance Cockpit alongside Case Management, Third Party Management, Campaigns, Approvals, and Integrity Line. When a policy requires more than acknowledgement — a conflict of interest declaration, a gifts and hospitality confirmation, a structured risk questionnaire — the workflow connects from policy distribution to disclosure collection to approval routing. One evidence trail across the program.
How the policy lifecycle works in EQS Policies
Six steps, one governed record from draft to audit-ready evidence.
Create or import policy content
Upload existing PDFs or create HTML policy pages directly inside EQS Policies. HTML pages support mobile-friendly reading and make it easier for employees to locate what changed in each version.

Route through approval before publication
Multi-step approval workflows notify reviewers automatically. Each version is stored with a review history and scheduled next-review date. The approved version is identifiable at any point — earlier drafts do not appear to employees.
Launch a targeted distribution campaign
Define the audience by role, region, department, employment status, entity, or third-party relationship. The right policy reaches the right people, simplifying policy management by unifying public and attestation links. Completion tracking applies to the defined audience.

Employees read, ask questions, and sign
Employees access the policy through the Integrity Hub portal. Policy Buddy is available for questions and summaries. Every e-signature, certification, or acknowledgement is logged automatically — user identity, policy version, timestamp, campaign.

Automated reminders close the gap
Overdue actions trigger reminders on the cadence you configure. Escalations route to line managers where set up. Manual follow-up is not required from your compliance team.
Track, report, export
Completion rates, overdue tasks, signed acknowledgements, third-party attestation status, and policy version history in one dashboard. When audit asks for evidence, the record is ready to export in the format required.

Security and data handling
EQS Policies runs on secure infrastructure designed for compliance teams managing sensitive policy acknowledgement data and employee attestation records.
Data Protection
- ISO/IEC 27001 certified infrastructure
- 2048-bit encryption for protected data transmission
- Structured to support GDPR Article 25 privacy-by-design principles
- Configurable access controls and retention rules
- Controlled visibility for sensitive disclosure data
Ongoing Security
- Annual penetration testing (OWASP standards)
- ISAE 3000 Type II audits by PwC
- Cloud Security Alliance certified and STAR registered
- 100% renewable energy hosting
Frequently asked questions about policy management software
What is compliance policy management software?
Compliance policy management software is a purpose-built platform for creating, distributing, certifying, and tracking corporate policies. Unlike general document management tools, compliance policy management software connects policy distribution to e-signatures, employee attestations, and audit-ready evidence records — producing structured proof of who received which policy version, when, and whether they acknowledged it. EQS Policies manages the full policy lifecycle in one governed environment, from creation and multi-step approval through targeted distribution, digital signatures, and regulatory-grade reporting.
How is EQS Policies different from SharePoint or Google Drive?
SharePoint and Google Drive manage and share documents. They do not provide policy lifecycle governance, targeted distribution campaigns, e-signature capture tied to policy versions, automated reminder workflows, or the structured audit trail that regulators and auditors ask for. EQS Policies connects policy access, distribution, digital acknowledgement, and compliance reporting in one workflow — producing an evidence record without a manual reconstruction exercise.
Does EQS Policies support e-signatures?
Yes. EQS Policies supports e-signatures and digital attestations for employees, contractors, vendors, and partners. Each signature is timestamped and linked to the relevant policy version and user identity at the point of capture — part of the compliance record from the start.
How does EQS Policies prove employee acknowledgement for audit?
Every acknowledgement, signature, or certification is logged with the policy version, the distribution campaign, the user identity, and a timestamp. When audit, Legal, or a regulator asks for evidence of who received, read, signed, or acknowledged a policy, the full record is available to review inside the platform or export as a structured file — without reconstruction from multiple systems.
Can policies be distributed to vendors and external partners?
Yes. EQS Policies extends distribution and attestation workflows to external vendors, contractors, and partners — not limited to employees. This is particularly relevant for anti-bribery and anti-corruption policy programs, and any compliance framework requiring evidence of third-party policy acknowledgement. EQS Policies works alongside EQS Third Parties for external audience management.
What is Policy Buddy?
Policy Buddy is the AI assistant for policy understanding inside EQS Policies. It helps employees ask questions about approved policy content, get summaries of long documents, and locate the relevant section — directly from the employee-facing portal. Policy Buddy works with approved, uploaded policy content. It does not generate policy language, provide legal interpretation, or answer questions outside the documents provided.
Does EQS Policies integrate with HR systems and Active Directory?
Yes. EQS Policies integrates with HR systems and Active Directory to keep employee target groups, employment status, and distribution lists current automatically. When an employee joins, changes role, or leaves, their policy access and distribution group membership updates without manual intervention from the compliance team.
What regulations is EQS Policies structured to support?
EQS Policies is used by compliance teams managing obligations under the EU Whistleblowing Directive, FCPA, UK Bribery Act, CSRD supply chain requirements, and GDPR Article 25. The platform's evidence trail — policy version, distribution audience, e-signature, timestamp, and completion status — is structured to meet the documentation standards these frameworks require. EQS is headquartered in Munich and has built compliance infrastructure for European regulatory requirements for over two decades.
Does EQS Policies support SSO and multiple languages?
Yes to both. EQS Policies supports Single Sign-On for enterprise access management. The platform supports 45 languages for multilingual policy distribution, making it suitable for global compliance teams with operations across multiple jurisdictions and regional language requirements.
Further reading
The architecture of behavioral compliance
How enterprise compliance teams meet rising regulatory demands using automation, unified campaigns, and evidence-based program management.
Why proactive compliance awareness is your strongest regulatory defense
A practical guide to embedding compliance into daily employee behavior — and what the evidence trail looks like when an audit arrives.
Policy management vs. document management: what the difference costs at audit
How compliance teams using SharePoint, Google Drive, or generic document tools typically reconstruct their evidence trail — and what a purpose-built policy workflow changes.
See how EQS Policies handles your audit requirements
Speak with a compliance specialist. Our team will walk you through how EQS Policies handles your specific distribution, e-signature, and evidence requirements, and answer questions about implementation, integrations, and your current setup.
Meet our experts
![]() |
Sabela Pérez Director of Compliance and Ethics Leads development of modern ethics and compliance solutions used across global organizations |
![]() |
Matthias Zastrow VP, Sales and Compliance Solutions Specialist Provides practical guidance on implementing compliance programs across multiple jurisdictions. |
with a compliance expert


