7 Ethics and Compliance Policy Must-Haves

Does your company’s ethics and compliance policy resemble a textbook? If so, it’s likely that your employees haven’t read the policy.

Posted by on

Does your company’s ethics and compliance policy resemble a textbook? If so, it’s likely that your employees haven’t read the policy. What’s even more likely though is that the policy probably doesn’t make sense. If this is the case, how can you, as an employer, expect your employees to follow the rules?

Writing a clear, concise and practical ethics and compliance policy takes time- but it’s worth it. An ethics and compliance policy is the foundation of your company’s ethics and compliance program. Without a well written policy, your ethics and compliance program is bound to fail.

J. Stuart Showalter, a health care lawyer, compliance consultant, professor and author, with numerous years of experience in ethics and compliance policy development. Here are his suggestions for a great ethics and compliance policy.


An ethical workplace culture starts with a strong code of ethics.

A code of ethics guides employee behavior and shows them the values your company won’t compromise on. Get started writing yours today with our free template.

Get My Template

Writing Policies, Making Sense

According to Showalter:

“Good compliance programs must begin with good policies and procedures. In fact, that is the first element in the OIG’s compliance guidance. So without well-written policies you don’t have a prayer of having an effective compliance program.”


– Typical scenario: A company operates with a decentralized structure, policies are inconsistent, there’s no central repository for company policies and most importantly, no policy development process.

– To be successful, you need to get buy in: Key influencers consist of senior management, “policy owners”, legal, compliance, and privacy / information security. Everyone needs to be on board in order for the policy development program to work. From this group, designate members to a policy development committee and select a “policy librarian”.

– Format/Template: Research states that companies lack standard policy templates. To be consistent in policy development/ writing, establish a template with the same headings and body. Obviously the content within the policy will change to meet the needs of a specific department or issue, but templates improve the readability of your policies.

– Put definitions in the section in which they are first used: Don’t wait to explain a work or acronym in a footnote or an appendix. Provide a definition to the reader immediately following the work or acronym. This makes the policy easier for employees to read and understand.

– Keep your policy short: Showalter recommends creating a policy that’s no longer than two pages. He also suggests that posting the policy online is the best solution.


RELATED: Your Complete Guide to Establishing an Ethical Culture


Use This Policy Template

Showalter stresses the importance of consistent policies. The easiest way to ensure policies remain consistent in the workplace is to develop a standardized template.

Here are 7 “policy template “must-haves”:

  1. Scope: Who does the policy apply to? When is it effective? Is it in place at all times, during emergencies, at night, etc.?
  2. Purpose: What is the policy about. Ex: “To protect the confidentiality of patient information.”
  3. Policy Statement: Statement of standards, fundamental principles. Usually begins with “It is the policy of Company XYZ, that…”
  4. Procedure: Implementation- who, what, where, when, how?
  5. Who is?: Who is accountable, responsible, concerned, informed? Identify these people in the policy.
  6. References: Many employees want to see proof and tend to ask, “Show me where it says I need to do that.” Incorporate citations to laws, regulations, journals, articles, etc, to back up your policy.
  7. Attachments: Use this section to add more details to the policy. If the policy makes reference to certain forms, don’t include the form in the policy, make reference to it and include it in the attachments. Since forms and other documents change frequently, place them on a company intranet, reference their location in the policy and update the forms when required by replacing them on the intranet.