Every policy in LowerPlane goes through a formal approval process before it can be published and distributed to employees. The approval workflow ensures that policies are reviewed by the right people and that changes are tracked with a complete audit trail.

Requesting Approval

When a policy is ready for review, the author submits it for approval.
1

Open the Policy

Navigate to Policies and open the policy you want to submit. The policy must be in Draft status.
2

Review Before Submitting

Use the Preview feature to verify formatting, content, and completeness. Ensure all placeholder text has been replaced with your organization’s details.
3

Select Reviewers

Click Submit for Approval and select one or more reviewers. Reviewers are typically compliance managers, security leads, or department heads who have authority over the policy’s subject matter.
4

Add a Note (Optional)

Include a note for reviewers explaining the context, highlighting areas that need particular attention, or noting changes from a previous version.
5

Submit

Click Submit. The policy status changes to In Review and reviewers receive an email notification with a link to the policy.
You can submit to multiple reviewers simultaneously. All designated reviewers must approve the policy before it can move to Approved status.

Approving or Rejecting Policies

Reviewers can approve or reject policies from the policy detail view or directly from their notification email.
To approve a policy:
  1. Open the policy from the notification or navigate to Policies and filter for In Review status
  2. Read the full policy content
  3. Click Approve
  4. Optionally add a comment (e.g., “Approved - no changes needed”)
When all reviewers have approved, the policy automatically moves to Approved status. The policy author receives a notification that the policy is ready to publish.
A rejection from any single reviewer returns the policy to Draft status, even if other reviewers have already approved. All reviewers must approve for the policy to proceed.

Publishing Approved Policies

Once a policy reaches Approved status, an administrator or the policy author can publish it:
  1. Open the approved policy
  2. Click Publish
  3. Confirm the action
Publishing makes the policy visible in the Employee Portal and enables acknowledgment requests. The policy status changes to Published.
You do not need to publish immediately after approval. Some organizations batch policy publications to align with training cycles or company-wide communications.

Version Control and History

LowerPlane maintains a complete version history for every policy, providing an audit trail that is essential for compliance.

Version Tracking

Each significant event in a policy’s lifecycle creates a version entry:
EventVersion ImpactTracked Details
Initial creationv1.0 createdAuthor, date, source type
Content edit (Draft)Minor version incrementChanges made, editor, timestamp
Submitted for reviewStatus change loggedSubmitter, reviewers selected, submission note
ApprovedStatus change loggedApprover, approval date, comments
RejectedStatus change loggedRejector, reason, date
PublishedMajor version incrementPublisher, publication date
Updated (re-opened)Returns to DraftEditor, reason for update

Viewing Version History

To view a policy’s version history:
  1. Open the policy detail view
  2. Click on the History or Versions tab
  3. Browse the chronological list of events and versions
  4. Click on any version to view the policy content as it existed at that point

Comparing Versions

LowerPlane supports side-by-side comparison between policy versions:
  1. Open the version history
  2. Select two versions to compare
  3. Differences are highlighted showing additions, removals, and modifications
Version comparison is available for policies created in the built-in editor. Uploaded documents track file versions but cannot show inline content differences.

Change Logs

Every action taken on a policy is recorded in the change log, creating a tamper-evident audit trail:
  • Who made the change (user name and email)
  • What was changed (content edit, status change, reviewer assignment)
  • When the change occurred (timestamp with timezone)
  • Why the change was made (comments, rejection reasons, update notes)
The change log is accessible from the policy detail view under the Activity tab. This log is read-only and cannot be modified or deleted, ensuring audit integrity.

Updating Published Policies

When a published policy needs to be updated:
1

Open the Policy

Navigate to the published policy you want to update.
2

Create a New Version

Click Edit or Update. The policy returns to Draft status for the new version. The currently published version remains active and visible to employees until the new version is published.
3

Make Changes

Edit the policy content as needed. The version history tracks all modifications.
4

Resubmit for Approval

Submit the updated policy through the approval workflow. Reviewers can compare the new version against the previous published version.
5

Republish

Once approved, publish the new version. It replaces the previous version in the Employee Portal. Consider sending new acknowledgment requests if the changes are significant.

Best Practices

Select reviewers who understand the policy’s subject matter. An access control policy should be reviewed by your IT or security lead, not just a compliance generalist.
Communicate expected turnaround times to reviewers. Policies stuck in review delay your compliance timeline and can block audit preparation.
When rejecting a policy, provide clear, actionable feedback. “Needs work” is not helpful. “Section 3.2 does not address our remote work policy for contractor access” gives the author a clear path forward.
Even published policies need periodic review (typically annually). Set calendar reminders or use LowerPlane’s notification system to ensure policies stay current with your organization’s evolving practices.
When updating a published policy, always note why the update was made. This context is valuable during audits and helps future reviewers understand the policy’s evolution.