Test whether your internal policies actually work.
Bullying complaints. Whistleblower disclosures. AI misuse. Conduct breaches. Your policies already describe what should happen. Handrails tests whether employees can actually apply them when the situation becomes real.
Run live simulations against realistic scenarios. Identify gaps early and generate evidence your company is ready.
Priya
MarcoPolicies go cold the day they're signed off.
Training fades fast
The team did the bullying-and-harassment module last March. The whistleblower briefing in May. The AI use policy rollout in September. By the time something happens, nobody remembers the steps.
Approved, filed, forgotten
Board signs the policy. Legal files it in the handbook. Linked from the intranet. Until a real situation lands, nobody walks the document end-to-end. The first real test is the situation itself.
Roles change faster than policies do
AI rollouts, restructures, fractional executives, contractor surges. The person who owned the harassment-complaint pathway last quarter may not be in that seat now. The policy looks current; the team behind it has turned over.
A tested policy changes how people respond.
Earlier escalation, fewer surprises
Employees identify issues sooner, escalate appropriately and reduce the chance of small issues quietly becoming larger legal, HR or reputational problems.
More consistent decision making
Teams apply policies more consistently across managers, departments and locations, reducing confusion and uneven responses.
Confidence when situations become real
Employees who have practiced realistic scenarios respond faster, communicate more clearly and apply policies with greater confidence under pressure.
Training teaches the policy. A live test proves it stuck.
The standard practice · Annual training and sign-off
- Module delivered, completion logged in the LMS
- Read-through of the policy at induction or annual refresh
- No structured pressure-test of how the team would actually respond
- First real test is the real situation
With Handrails · Live policy test
- Anonymized case built around the decisions the policy actually names
- Holly walks the team through each one in sequence, on a clock
- Every gap surfaces: stale owner, missed escalation, ambiguous decision right
- Board-ready evidence the org is match fit
Most policies aren't truly tested until something goes wrong.
AI use & generative-AI policy
An engineer pastes a customer contract into ChatGPT. A team ships an internal tool that trains on support tickets. Walk the policy against the cases actually appearing in your org.
Anti-harassment & bullying policy
A report involving a senior leader. A contractor complainant. A confidentiality request. Test the escalation path deliberately, not for the first time when a report lands.
Whistleblower & ethics policy
A protected disclosure lands by email, anonymous and detailed. A conflict-of-interest disclosure during a live bid. Walk the policy decision-by-decision before the first real one arrives.
Acceptable use, BYOD & code of conduct
A sales rep forwards a deck to Gmail. A contractor downloads the customer DB to a personal laptop. Does the policy call these a breach? Who decides? Who notifies?
The obligations behind your policies.
Australian employers carry a positive duty under the Sex Discrimination Act to take reasonable and proportionate measures to eliminate sex discrimination, sexual harassment and victimisation. UK employers carry an equivalent preventative duty under the Worker Protection Act 2023. Evidence of operational effectiveness is increasingly expected.
Eligible whistleblower disclosures trigger statutory protections and a documented response obligation. The EU Whistleblower Directive requires regulated entities to maintain internal reporting channels with strict timeframes. Operational effectiveness must be demonstrable, not just policy presence.
Organisations deploying AI systems must establish governance, document acceptable use, and demonstrate the policy operates as intended in practice. Tested response to AI misuse is now a board-level expectation.
The entity demonstrates a commitment to integrity and ethical values. Standards of conduct are communicated and adherence is evaluated. ISO 37301 sets the equivalent expectation for compliance management systems.
Your policy. Every decision, named.
Holly reads your policy
Share the AI use, harassment, whistleblower or conduct policy. Holly parses every decision-right, escalation path and Directly Responsible Individual (DRI) named inside, then writes an anonymized case that pressures each one in sequence.
PriyaMarcoNamed owners, on the clock
Holly hosts the live session over video. HR, Legal, IT, line managers, exec observers, whoever owns a decision in the policy. At every step, Holly presses the named owner for the call the policy says they own. Missing DRIs, stale titles and grey areas surface in under an hour.
Edits and evidence, ready to file
A clean list of policy gaps for the policy team. A board-ready summary for exec. An audit-ready record for compliance. All written while the session runs.
Policy-testing evidence, in four forms.
Board-ready summary
A one-page narrative for the audit, risk or people-and-culture committee. What was tested, where the team held, where they didn't, what we're doing about it.
Edits ready to drop into the next version
Each gap from the session becomes a specific change to the policy. Section, current wording, suggested edit, named owner. Pass it to the policy team and they're done.
DRI coverage map
Every decision-right in the policy mapped to the person actually empowered to make it today. The names, not the titles.
Re-test scheduled
Next walk-through pre-booked against the revised policy so the loop actually closes. Match fit becomes a program, not an event.
Good fit if you...
Be better prepared, before something goes wrong.
Share the policy. Holly presses every decision; you walk out with the edits and the evidence.