Skip to content
EP365 · App for Microsoft 365
Distribution and acknowledgement of key documents

EP365 Controlled documents staff handbook, GDPR and health & safety with a trail of who read what and when

Distribute the staff handbook, GDPR, health & safety and ISO policies with a verifiable trail of who read them and when — all inside the Microsoft 365 you already have and pay for. No third-party system, no extra passwords, and your NIS2 and ISO audits pass without panic.

No more “I sent it, but…”. For every document you can see who has read it and when. No guessing, no phone calls.
Audits pass without panic — you export a verifiable read-and-understood trail in one click. No Excel, no chasing people down.
Nothing goes out unapproved. The publisher prepares, the approver signs off, recipients confirm. The app watches versions and deadlines.
Data stays in your Microsoft 365 Deployed typically within 4 hours From CZK 6,000 per month per company
HR · version 1.3
Staff Handbook
92 %acknowledged
Who confirmed and when
AN Anna Nováková 8 May 09:42
JS Jan Svoboda 8 May 11:15
MD Martin Dvořák 9 May 14:08
PK Petra Kovalová 3 days overdue !

Sound familiar?

This is what companies that must prove people have read key policies tell us. Not because they're careless — but because email, Teams and shared folders were never built for verifiable acknowledgement.

“Prove that everyone has seen the Staff Handbook, version 1.3.”

An inspector or an ISO auditor turns up and wants evidence. HR opens Excel and starts ringing round the sites. And still nobody knows who had which version.

“We emailed the new policy. Did anyone even open it?”

The mass email went out and that was the end of it. Did anyone read it? Understand it? You have no idea — and in three years you won't be able to trace it at all.

“Staff Handbook in Teams, GDPR in OneDrive, health & safety in an email.”

Documents are everywhere and nowhere. When a new colleague joins, nobody is sure what to send them — or which version is actually the latest approved one.

What Controlled documents does about it

Five things that take the worry off your plate fastest. The complete feature list is below in the details.

A verifiable read-and-understood trail on every document

For each confirmation you can see who read the document, when, and which version — with a time stamp. Whenever an auditor asks, you have the answer in one click, not after a week of phone calls.

Excel and ringing round the sites one overview of who has read what

Publishing · Staff Handbook 1.3
Publisher: HR department
Target: All employees · 250 people
Deadline to confirm: 21 days
Approved · sent to recipients

Sign-off before the document goes out

The publisher prepares the document, the approver signs it off — only then does it reach the recipients. Nothing goes out unapproved. When the approver is on holiday, their deputy gets the request too, so nothing gets stuck.

Straight into a mass email publisher → approver → recipients

Choose recipients however you need

Target a whole department, a Microsoft group, or specific individuals. Does the team change? The document tops itself up for the new people only — they get the email, not the whole company again.

Confirm that people understand

For key documents you don't stop at a click. Add a few check questions and the employee confirms only after answering them correctly — verifiable proof of understanding, not just that they “saw it”.

Recurring acknowledgement watched by the app

Health & safety and GDPR must be refreshed every year. Set the interval and the document returns to people on its own for a fresh confirmation — no manual work and with a fresh audit record.

The fastest route: 30 minutes at a screen.

No company slideshow. We share a screen and click through the app on sample data — you'll see exactly what your people and an auditor would see.

Pick a demo slot Free and without obligation · online in Teams
What we cover in 30 minutes
5 min Your current practice — how you handle acknowledgement of key documents
10 min Publishing a document through the eyes of the publisher and the approver
10 min Confirmation by an employee, the verifiable trail and the report for audit
5 min What a rollout would look like for you + an indicative price

„We passed our NIS2 audit with a single export. The auditor saw a list of all confirmations with time and version — and had not one objection.“

Manufacturing company · 250 employees · 32 controlled documents

We got it deployed within hours. The administrator needed a short workshop, publishers got a one-hour video, and employees needed no training at all.

89 % acknowledged within three months
0 → 100 % from untraceable records to verifiable ones
1 export and the NIS2 audit was done

For those who want to know more

Everything that matters in one place — features, a comparison with the alternatives, security, pricing and answers to common questions.

Publishing with sign-off

Five roles — employee, publisher, approver, manager, administrator. The publisher prepares, the approver signs off, and only then does the document reach recipients. Nothing goes out unapproved.

Verifiable acknowledgement trail

For every confirmation: who, when, which version, optionally from which IP and device. Records cannot be changed retroactively — they are permanent evidence for NIS2 and ISO audits.

Targeting the right people

Build your recipient list from whole departments, Microsoft groups and individuals. Combine all three sources depending on who the document concerns.

New version or team change

Change the attachment? The app starts a new acknowledgement cycle and marks the old confirmations as invalid. Someone joined the team? The document tops up for them alone — they get the email, not the whole company again.

Acknowledgement overview for managers

How many people have already read it, which documents are risky, how publishing is going over time. A manager sees the status of their team, an administrator the whole company.

Automatic archival and retention

Once it expires, the document archives itself. Audit records are retained for as long as you set (7 years by default). You print the report to PDF straight from the browser.

Full-text search inside documents

Search by what's inside — not just by the title. The search goes through the content of Word and PDF files and respects permissions: everyone finds only what they can access.

Evidence pack in one click

For any document you generate a printable report — metadata, version and a complete list of confirmations (who, when, which version). Ready to print to PDF straight for the auditor.

Templates and required fields

Each category can enforce required fields (deadline, validity, targeting) and offer the publisher a template with guidance. Documents are then created consistently and completely from the outset.

Understanding checked by a quiz

For key documents, add check questions. The employee confirms acknowledgement only after answering them correctly — verifiable proof of understanding, not just a simple click.

Recurring acknowledgement (recertification)

Health & safety, GDPR and security policies require regular reminders. Set the interval and the document returns to people on its own for a fresh confirmation, with a fresh audit record.

Reminders, Teams and calendar

An overdue reminder also goes to the line manager. Announce new publications to a Teams channel. An employee adds the confirmation deadline to their Outlook calendar in one click.

Preview in a panel without downloading

Read Word, Excel and PDF straight in the panel, without downloading to your computer. The document detail and the list of confirmations are neatly in one place.

Area
EP365 Controlled documents
Large DMS system
SharePoint DIY
Data in your Microsoft 365
yes, entirely
third-party cloud
yes
Verifiable trail for NIS2 / ISO
right away, no setup
yes
you have to build it yourself
Role-based approval
publisher → approver → recipients
yes
manual
Targeting via Microsoft groups
yes, and individuals too
partially
partially
Deployed in hours, not weeks
typically within 4 hours
weeks to months
depends on IT skill
Understanding checked by a quiz
included
paid add-on module
Price per company, not per user
monthly flat fee per company
per user
CZK 0 extra
No third-party system or server
all in your M365
vendor's own cloud
yes

Data stays with you

Documents, confirmations and the audit trail are stored exclusively in your Microsoft 365 environment. No third-party cloud, no data leaving the company — including the EU region for European customers.

No new passwords

People sign in with their company Microsoft account. When an employee leaves, IT handles it in one step — blocking the account removes access to the documents too.

Everyone sees only their own

An employee sees only their own confirmations, a manager their team, an administrator the whole company. Other people's data is technically out of reach, even if someone had the direct link.

Verifiable trail for NIS2 and ISO

Time stamp, version, who confirmed and when — in strict mode also IP and device. Records cannot be changed retroactively and are retained for as long as you set (min. 5 years).

GDPR on the principle of minimisation

The audit record contains only what's necessary — who, when and optionally from which IP. You control the retention period, not us. No unnecessary collection of personal data.

No extra third-party system

Everything runs in your Microsoft 365. On our side we only verify the licence — no documents or personal data flow through us. You won't gain a new vendor to put through procurement.

Licence

Price by company size

Up to 25 users
CZK 6,000 / month
26–70 users
CZK 9,000 / month
71–150 users
CZK 12,000 / month
More than 150 users
Individual

A monthly flat fee for the whole company, not per user. Unlimited recipients and documents within a given size band — the price follows the number of people in your Microsoft 365.

Deployment

On-site implementation

CZK 17,600–35,200 one-off

We help you get started: installation, a workshop for administrators, a category design tailored to your organisation, the first distribution groups and strict-mode setup for NIS2.

What affects the price

The exact price depends on company size and the scope of the initial setup. We'll send a precise quote after a short call. Migration from legacy systems is a separate service.

Extended support

Support pricing

CZK 2,200 / hour

Consultations, environment adjustments, custom reports or user support.

How support is billed

Support is billed per started 15 minutes of work. We always tell you the expected scope in advance.

Prices exclude VAT
Is this an electronic signature?
No. Controlled documents are not a qualified electronic signature — they are verifiable records of acknowledgement of a document. For most internal needs (NIS2, ISO 27001, health & safety, GDPR) that's fully sufficient. If you need a qualified signature, we'll be honest: look for a solution certified for electronic signatures.
How long does deployment take?
Technically usually 2 to 4 hours — installation into your Microsoft 365, adding it to the target page and basic setup. Plus a short workshop for administrators and a one-hour video for publishers. Employees need no training; using it is self-explanatory.
What do we need to have?
Just Microsoft 365 with SharePoint — what most companies already pay for. Nothing is installed on computers or phones; people sign in with their company account. Not using SharePoint yet? We can help you get started.
How does it help us with a NIS2 or ISO audit?
For every document you have a list of all confirmations with a time stamp and version, which you export to PDF straight for the auditor. You demonstrate verifiably who read which version of a policy, and when — no phone calls and no Excel.
Can an employee who “isn't a computer person” manage the confirmation?
Yes. The employee gets an email with a link, opens the document, reads it and confirms with one click — from a phone if they like. For key documents they may first answer a few check questions. Nothing more is asked of them.
What about GDPR and personal data?
The audit record contains only what's necessary — who, when and optionally from which IP. You set the retention period yourself. All data is in your Microsoft 365, so your security and audit rules apply.
Can we set up recurring acknowledgement?
Yes. For health & safety, GDPR and security policies you set an interval (say 12 months) and the document returns to people on its own for a fresh confirmation — no manual re-distribution and with a fresh audit record.
Can we move over from DocuWare or another DMS later?
Yes. Transferring existing documents is a separate service — you export PDFs and metadata from the old system and bulk-import them to us. We can't bring over audit records from the previous system, though; in Controlled documents the trail is built from the start.