POLICIES
Policy management software that produces audit evidence
Manage the full policy lifecycle with targeted campaigns, employee e-signatures and audit-ready evidence.
EQS Policies give you one platform to create, distribute, and certify every policy. Employees get instant access and AI-powered answers. You get timestamped proof of every attestation. Auditors get their evidence in seconds.
Trusted by 14,000+ organizations globally
The policy lifecycle management challenges auditors find first
Policy management failures usually start when an organization cannot prove who received the current version, who signed it, and whether that version was in force at the time of the incident. The policy did exist. It was the evidence trail that did not.
Most compliance teams run policy distribution across a mix of document libraries, email campaigns, and spreadsheet trackers. Each element works in isolation. Together, they rarely produce a structured record that shows the policy version, the intended audience, the completion status, and every signature — in sequence, ready to present.
When a regulator or auditor asks for evidence of compliance, the answer should be one export. For most teams, it becomes a Herculean reconstruction project.
85% of compliance and governance leaders say compliance requirements have become more complex over the past three years. (Source: PwC Global Compliance Survey, 2025)
A governed policy management software for the full policy lifecycle
EQS Policies is policy management software for compliance teams that need more than a document library. It manages policy creation, approval workflows, targeted distribution, e-signatures, and attestations — producing a structured evidence record.
Sitting inside the EQS Compliance Cockpit, policies connect directly to disclosure workflows, third-party attestations, case investigations, and compliance reporting — without a separate integration or a second system to maintain.
Built for compliance teams, not document management.
Other platforms store files. EQS closes the compliance loop. While SharePoint creates folders and Google Drive shares links, EQS is purpose-built for policy attestation, audit trails, and regulatory requirements including HinSchG, Sapin II, and the EU Whistleblower Directive. Automated campaigns replace manual tracking. Real-time dashboards replace guesswork. Every attestation is logged for audit readiness.

Why choose a dedicated policy management software
Governed policy lifecycle
Multi-step approval workflows route before any policy reaches employees. Reviewers are notified automatically, can annotate inside the platform, and each version is stored with a full review history and next scheduled review date. Access controls and approval gates keep the policy library current, clean, and defensible.
Targeted distribution
Define your distribution audience by role, region, entity, employment status, risk profile, or third-party relationship. Policies go to a defined audience rather than the whole organization — reducing acknowledgement fatigue and giving completion data that reflects the right population. 45 languages supported across the platform.
E-signatures and attestations tied to the evidence record
Employees, contractors, vendors, and external partners can confirm receipt, acknowledge understanding, or sign digitally. Each e-signature or attestation is linked to the policy version, the user identity, and a timestamp at the moment it is captured — available as part of the compliance record from day one. Completion dashboards show live status across campaigns, and overdue actions surface immediately.

Automated reminders and escalation
Configure reminder cadences and escalation paths once. EQS Policies handles the follow-up. Scheduled notifications go to overdue employees; escalations route to line managers or compliance leads where configured. Completion gaps close without your team managing a spreadsheet.
Policy Buddy:
from acknowledgement to understanding
Policy Buddy helps employees find answers inside approved policy content, get summaries of long documents, and locate the relevant section — without ever submitting a request to the compliance team. Employees can understand what the policy requires before they sign it. Policy Buddy does not generate policy language or answer questions outside the documents provided.

Third-party policy distribution
Policy distribution and attestation workflows extend to vendors, contractors, and external partners through EQS Policies and EQS Third Parties. Anti-bribery program requirements, supply chain policy acknowledgements, and vendor attestations are captured in the same evidence trail as internal policies.
Built for the regulations your policy program runs on
EU Whistleblower Directive
Distribute and evidence acknowledgement of the policies that underpin your reporting channel obligations, with a timestamped record for every recipient.
GDPR
Configurable access controls and retention rules keep employee policy and attestation data handled in line with GDPR Article 25 privacy-by-design principles.
FCPA / UK Bribery Act
A time-stamped attestation record for anti-bribery and anti-corruption policies is a material component of an adequate procedures defense.
CSRD
Governance policy distribution and acknowledgement records support CSRD social and governance reporting requirements.
ISO 37001
Documented policy communication and awareness is a required element of an ISO 37001 anti-bribery management system.
NIS2 Directive
Distribute and track acknowledgement of information security policies across in-scope entities, with an evidence trail ready for supervisory review.
Where EQS Policies fits
| Requirement | EQS Policies | Standalone tools | GRC suite modules |
|---|---|---|---|
| Policy attestation with legal validity | Built-in e-signatures tied to the evidence record | Requires a separate e-signature tool and manual tracking | Usually included, often at extra cost |
| Targeted, trackable distribution | Native, by role, region, entity, or risk profile | Manual email or shared links; tracking is a spreadsheet exercise | Present, but frequently a heavier configuration effort |
| Third-party attestation | Built-in module for vendors and partners | Not supported; needs a separate signature tool entirely | Usually a separate, additional-cost module |
| Employee understanding, not just acknowledgement | Policy Buddy: instant answers, summaries, guided navigation | Manual reading of PDFs or Word files, no assistance | Rarely a native capability; would require custom build |
| Time to value | Fast — a dedicated, compliance-first module inside the Compliance Cockpit | Immediate storage, but no compliance value until manual work is done | Fast, but often complex given the size of the surrounding suite |
| Audit-ready evidence | Automatic logging of every view, signature, and attestation | Non-existent or fragmented across emails, files, and training records | Generally robust, but tied to how the broader suite was configured |
Proven in practice

"Thanks EQS Policies, we can easily fulfil our task of sharing policies with colleagues and I can be sure that all contacts in our personnel system receive the appropriate notification. This is a great help"

Edmund Blum
Legal & Compliance Manager, tonies
The situation
As tonies expanded internationally, manual policy management created risk. Employees weren't consistently receiving or certifying updates on time, and compliance evidence was nearly impossible to produce quickly.
What changed
tonies centralized their entire policy workflow, automated attestations globally, and gained instant, full visibility into the compliance status across all international teams.

Centralized policy management

Automated attestations with audit trails

Faster onboarding with automated notifications
"With EQS Policies, we finally have one place where every policy, every acknowledgement, and every version sits together — instead of chasing signatures across email."
Paulina Sich — Stiebel Eltron
The situation
Stiebel Eltron's compliance policies were distributed manually across a growing international footprint, making it difficult to confirm who had received, read, and acknowledged the current version.
What changed
Policies now run through targeted campaigns with e-signature attestation, giving the compliance team one governed record instead of a manual reconciliation exercise.
The EQS difference: Policy orchestration
Policy captured as evidence, not just as content.
Every version, approval, and reminder is timestamped from the moment it happens — not reconstructed after the fact.
Signatures tied to the policy record, not a separate tool.
Attestations connect directly to the version signed, so there's never a question of which policy an employee actually agreed to.
Understanding built into acknowledgement.
Policy Buddy helps employees engage with what they're signing, instead of clicking through a document they never opened.
Connected to the rest of your compliance program.
Policies link directly into Case Management, Integrity Line, and Campaigns, all inside the EQS Compliance Cockpit — one record, not a stitched-together set of tools.
Six steps, one governed record from draft to audit-ready evidence.
Create
Draft or upload a policy in PDF, Word, or PowerPoint — no reformatting required.

Route through approval
Multi-step review sends the draft to the right approvers before it ever reaches an employee.
Launch targeted distribution campaign
Send to the defined audience by role, region, or entity — combined with training or disclosures if needed.

Employees read and sign
Policy Buddy helps employees understand what they're signing. E-signatures are captured with a timestamp.

Automated reminders
Overdue employees are notified automatically; escalations route to managers or compliance leads where configured.
Track and export
Every action is recorded automatically. Generate audit-ready reports and export evidence in seconds.

Security & compliance certifications
EQS Policies runs on secure infrastructure designed for compliance teams managing sensitive policy acknowledgement data and employee attestation records. EQS Policies meets the strictest IT security standards and supports GDPR-aligned handling of employee and third-party data.
Data Protection
- ISO/IEC 27001 certified infrastructure
- 2048-bit end-to-end encryption
- GDPR Article 25 compliant by design
- Configurable access controls and retention rules
- No metadata collection or IP tracking
Ongoing Security
- Annual penetration testing (OWASP standards)
- ISAE 3000 Type II audits by PwC
- Cloud Security Alliance certified and STAR registered
- 100% renewable energy hosting
Policy management software: your questions answered
What is compliance policy management software?
Compliance policy management software is a system for creating, approving, distributing, and certifying organizational policies, capturing a structured, time-stamped record of who received each policy, who signed it, and which version was in effect. It is built to answer the questions that come up in an audit or investigation: which policy applied, who acknowledged it, and when.
How is EQS Policies different from SharePoint or Google Drive?
SharePoint and Google Drive store files and share links. Neither is built to prove that a specific employee received, read, and acknowledged a specific policy version at a specific time. EQS Policies captures that evidence automatically — targeted distribution, e-signatures tied to the version signed, automated reminders, and a real-time completion dashboard — none of which a generic file-storage platform provides natively.
Does EQS Policies support e-signatures?
Yes. Employees, contractors, vendors, and external partners can sign or acknowledge policies digitally. Each signature is tied to the specific policy version, the signer's identity, and a timestamp, forming part of the compliance record from the moment it's captured.
How does EQS Policies prove employee acknowledgement for audit?
Every distribution, view, signature, and attestation is logged automatically with a timestamp and user identity at the moment it happens. When an auditor or regulator asks for evidence, the record is already structured and exportable — no reconstruction from inboxes, spreadsheets, or file logs required.
Can policies be distributed to vendors and external partners?
Yes. Policy distribution and attestation extend beyond internal employees to vendors, contractors, and other external partners, with the same e-signature capture and evidence trail used for internal policies. This is commonly used to support anti-bribery and third-party compliance programs.
What is Policy Buddy?
Policy Buddy is EQS Policies' AI assistant. It helps employees find answers inside approved policy content, summarizes long documents, and points to the exact section they need — without submitting a request to the compliance team. Policy Buddy answers only from the documents provided; it does not generate policy language or answer questions outside that content.
Does EQS Policies integrate with HR systems and Active Directory?
EQS Policies supports structured audience targeting by role, region, entity, and employment status, which can be kept in sync with your HR and directory data depending on your setup. Speak with your account team about the specific integration approach for your environment.
What regulations is EQS Policies structured to support?
EQS Policies is built to support policy distribution and attestation requirements under the EU Whistleblower Directive, GDPR, FCPA, the UK Bribery Act, CSRD, ISO 37001, and the NIS2 Directive — providing a structured, exportable evidence record rather than a compliance guarantee specific to any one framework.
Does EQS Policies support SSO and multiple languages?
Yes. EQS Policies supports single sign-on and is available across 45 languages, so policies, questionnaires, and the employee-facing portal can be delivered in the language your workforce actually uses.
Resources to help you go further
The architecture of behavioral compliance
How enterprise compliance teams can meet rising regulatory demands using automation and unified campaigns to reduce manual follow-up and audit risk.
Why proactive compliance awareness is your strongest regulatory defense
Learn how embedding compliance into the daily mindset of your employees can enhance culture and reduce risk.
See how EQS Policies handles your audit requirements
30 minutes. Bring a policy you're currently distributing manually — we'll show you what the evidence record looks like.
Meet our experts
![]() |
Moritz Homann Director, Product Innovation & Artificial Intelligence Leads the development of cutting-edge compliance solutions that integrate AI to deliver smarter, more proactive risk management |
![]() |
Matthias Zastrow VP, Sales and Compliance Solutions Specialist Provides practical guidance on implementing compliance programs across multiple jurisdictions. |
with a compliance expert


