Account Last updated: 29 March 2026 · 4 min read

Employee Lifecycle Management

PolicySuite handles every stage of the employee lifecycle — from the moment a new hire joins and needs to acknowledge their first policies, through role changes that shift their compliance requirements, to offboarding when access must be revoked while preserving audit records.

1. Onboarding new employees

To add a new employee, navigate to People in the left sidebar and click Invite Employee. Fill in the following details:

Email address — the employee's work email where they will receive their invitation and all future policy distributions
First name and last name — used to personalise distribution emails and identify the employee across the platform
Role — assign an RBAC role (employee, reviewer, policy_author, compliance_admin, etc.) that determines their permissions within PolicySuite

Once invited, the employee receives a welcome email with a link to set up their account. If your organisation has configured auto-distribution rules, any policies tagged as mandatory for their role are automatically queued for distribution as soon as they accept the invitation.

This means a new hire can have their full policy acknowledgement pack waiting for them on day one — no manual intervention needed from compliance or HR teams.

2. Offboarding employees

When an employee leaves the organisation, you need to revoke their access without losing the compliance records they generated. To offboard an employee:

Navigate to People and find the employee
Click Manage and select Deactivate Account
Confirm the deactivation

Deactivation immediately revokes the employee's ability to log in and access the employee portal. However, all of their acknowledgement records, training completions, and attestation history are permanently retained. This is critical for audit compliance — you must be able to demonstrate that a former employee acknowledged specific policies during their tenure.

Important: Deactivation is not deletion. PolicySuite preserves all compliance records for deactivated accounts indefinitely. If an employee returns (e.g. a contractor on a new engagement), you can reactivate their account and their historical records will still be linked.

3. Role changes

When an employee changes role within your organisation — for example, moving from an engineering position to a management role — their compliance requirements may change. To update an employee's role:

Navigate to People and select the employee
Click Edit Role and select the new RBAC role
Review the permission changes that will take effect and confirm

If the new role requires policies that the employee has not yet acknowledged, PolicySuite flags these as pending. You can then create a targeted distribution to send the employee any new policies that apply to their updated role. Previous acknowledgements remain valid — the employee does not need to re-acknowledge policies they have already completed unless a new version has been published.

4. Bulk operations

For organisations adding many employees at once — such as during a company merger, a new office opening, or seasonal hiring — PolicySuite supports bulk import via CSV. To use bulk import:

Navigate to People and click Import Employees
Download the CSV template, which includes columns for email, first name, and last name
Fill in the template with your employee data and upload it
Review the preview showing how many employees will be created, then confirm the import

The CSV import validates email addresses and flags duplicates before processing. Each imported employee receives an invitation email automatically. If auto-distribution rules are configured, policies are queued for all new employees in the batch.

5. The employee portal

Employees interact with PolicySuite through a dedicated portal that surfaces only what is relevant to them. When an employee logs in, they see:

Assigned policies — all policies distributed to them, with clear status indicators (acknowledged, pending, overdue)
Training modules — any training content assigned to their role, with progress tracking for multi-step modules and quizzes
Attestations — periodic attestation requests that require the employee to confirm they have read and understood specific policies

The portal is designed to be simple and focused. Employees do not see administrative features, analytics, or other employees' data. They can acknowledge a policy by reading it and clicking I Acknowledge, which records the timestamp, their IP address, and a hash of the policy version they viewed.

Employees can also access their policies via magic links sent by email, without needing to log in to the full portal. This is especially useful for organisations with employees who do not use PolicySuite regularly.

6. Managing inactive accounts

Over time, some employee accounts may become inactive — for example, employees on extended leave or contractors between engagements. PolicySuite tracks account activity and flags accounts that have not logged in within a configurable period (default: 90 days).

To review inactive accounts, navigate to People and use the Status filter to select Inactive. From here you can:

Send a reminder — prompt the employee to log in and complete any pending acknowledgements
Deactivate — if the employee has left the organisation and was not formally offboarded
Keep active — dismiss the inactive flag if the employee is on planned leave

Regular review of inactive accounts helps keep your compliance metrics accurate and ensures that acknowledgement rates reflect your actual active workforce.

Still need help?

Email our support team at support@policy-suite.com — we typically respond within 24 hours.