SEARCH
Find what you need
493 items found for ""
- Keep Your Workers and Improve
One of the key misconceptions about LEAN is that its goal is to reduce the workforce. No wonder people might resist adopting it. However, as we shall see, LEAN is about engaging the workforce and not letting them go. To better understand this we need to go back to the early days of LEAN when it was first introduced by Taiichii Ohno at Toyota in the 1950s. In the book entitled, "Management Lessons From Taiichi Ohno," Lesson 6 talks about what a leader should do when an improvement is made. Instead, of letting a person go, you involve them in working on more improvements. When Ohno introduced this concept he called it the "outside line man." These people would eventually become known as team leads. Over time, Ohno would take a group of leads and create a maintenance department whose job was to do kaizen (i.e. continuous improvement). This department, made up of people who had worked on the line before and understood how things worked, would now be tasked to make further improvements so that more people could be taken out of the line. They also created new lines with the freed up resources and the knowledge they had learned. "Making an improvement that can take one person out results in just one person's cost being saved. If you take that person and have her make improvements, you start getting savings of two, three, four, and five people and so forth. Taking out the best person and making her improve the rest is really effective." This multiplication effect is what makes LEAN transformational. Companies that adopt LEAN to reduce their workforce miss out on benefiting from further savings. They also end up removing the very people they need to transform their business to compete better, increase quality, and achieve the intended outcomes from compliance. Instead of letting workers go, keep them and improve. To learn more on how to apply LEAN Thinking to your business visit our website at www.leancompliance.ca #LeanImprovement #TaiichoOhno #OperationalExcellence
- Where to Make Compliance Improvements
Compliance programs, systems, and processes are often used interchangeably when referring to improvements. However, there are important distinctions that if understood will help to identify where and how to make improvements to effect the best outcomes. In this blog post, I will outline the differences between these functions and show how each helps organizations better target their resources to improve compliance. Let's start with defining what a process is. Process Model (simplified): A process is a set of ordered steps that takes input and transforms it to produce an output. These steps are outlined in a process plan where each step can be further described by a procedure. The purpose of a process is to execute the process plan. Consistent output is accomplished by consistently following standard work plans. Systems Model (simplified): A process becomes a system when it is connected with other elements particularly other processes. The most important, from a systems perspective, is connecting with measurement processes to control and reduce output variability. This is often simplified as a feedback loop. The purpose of a system is to execute the process and keep the output within specified limits. Consistent output is accomplished by both process consistency and by controlling the process using a feedback mechanism. Program Model (simplified): A program defines the outcomes that the systems and processes are to achieve. It also provides the resources and capabilities need to support them. While systems focus on consistency and greater efficiency, the role of a program is to improve outcomes. Programs exist to reduce safety incidents, reduce risk, reduce costs, increase reporting of near misses, and so on. Programs serve to change the state of the organization and use systems to do that. As targets are changed, the program also changes by adjusting: capabilities, capacity, processes, and system controls. As previously mentioned, the purpose of a program is to achieve a change in state. This is different from the purpose of a system which resists change to maintain the current state. Failure to understand this distinction has often been the cause of system failures for many IT initiatives. Projects, which temporarily serve a program function, introduce new capabilities and corresponding systems and then disband at the conclusion of the project. At that time the system often incorrectly moves to a maintenance mode. When this happens the program functions essentially stop. Systems in a maintenance mode are only provided with enough resources to execute the processes and fix issues. The only program level governance come from audits which as we mentioned in a previous blog is not the right driver for improvements. Another important function of a program is to validate outcomes. It is well understood that you can have an efficient system, that produces the specified outputs, and at the same time fail to achieve the intended outcomes. Validating that programs actually achieve their targeted outcomes is essential to meeting compliance. How To Introduce Change Introducing changes is necessary to improve program outcomes as well as to control system processes. From a compliance perspective, changes need to be made in such a way to: maintain compliance continuity, manage risk, and achieve the desired intent of the change. The Plan-Do-Check-Act (PDCA) improvement cycle can be used to show how changes are introduced from both the program and system level. The following diagram uses a modified PDCA cycle (IDEF0 Format) to show the interaction between the program level (shown in red) and the system level consisting of a primary process (shown in blue): As an aside, IDEF0 depicts control inputs as lines coming in at the top which helps to visualize the feedback points. In addition, the PDCA Act function has been divided into "Manage" and "Provide Resources" to better show where the program and system functions reside. From this model, we can see where changes are triggered and how they interact at both the program and system level. Managing change triggers in a controlled fashion will help to preserve continuity when adapting to changes in compliance demand. Where to Improve Compliance The models presented so far help clarify important differences between programs, systems and processes. The following table summarizes these distinctions, some of which have been previously mentioned along with a few new ones: Knowing what these distinctions are allows us to also know where changes need to be made and how to make them. For example, if a program outcome is not being achieved the first step is to verify that the systems are executing consistently. This is a verification activity that can be conducted as an audit or as embedded measurements within the process itself. If the system passes verification then it is the role of the program to assess capabilities and make changes to mature them or introduce new ones. Rapid introduction of new capabilities can follow a Lean Startup (MVP) approach followed by continuous improvement (PDCA) on the system side. To learn more on how to build sustainable compliance platforms visit our site at (www.leancompliance.ca) #compliancemodel #complianceframework #complianceimprovement
- How To Conduct Scoping Interviews to Manage Personnel Changes
Changes to safety-critical positions in regulated industries must follow a process to manage risks associated with transitioning a new person into a role or when the position itself has changed. The need to manage organizational change safely is called out by various regulations and standards such as: OSHA 1910.119 40 CFR Part 68 PHMSA RP1173 Pipeline Safety Management National Energy Board (NEB) CSA Z767-17 Process Safety Management And others This process is one of several to manage change safely and is often part of an overall Management of Change (MOC) program, and is commonly referred to as: Organizational Management of Change (OMOC) or Management of Organizational Change (MOOC) At a high level an OMOC process will follow steps similar to the following diagram: The first step is to scope out the change to collect relevant information and identify possible risks and impacts. This information will be used to determine appropriate actions to successfully transition the role or position. The OMOC Facilitator is the role assigned to the person who is responsible for the personnel change and who will conduct the scoping activity usually in an interview format. The best time to conduct the scoping interview is when the incumbent (i.e. outgoing person) is still in the existing role. This will help to identify if critical knowledge needs to be captured along with undocumented duties or activities that need to be transitioned. In many cases it is only after the role has been vacated that the change is initiated and the scoping activity can be done. For vacated positions a temporary change maybe necessary to cover safety-critical roles until the position is permanently filled. The following template has been used to scope hundreds of personnel changes affecting safety-critical roles. OMOC - Scoping Interview Template Interview Facilitator: OMOC Facilitator (or Implementer) Who should attend: Roles that are typically involved in the scoping interview include: Outgoing Person (incumbent) Incoming Person HR Representative Immediate Manager OMOC Facilitator Instructions: At the onset of the interview it is helpful to remind everyone that this is not a performance review of any kind. The purpose of the meeting is to identify any gaps in accountability, authorities, and duties, along with other impacts that may arise from the transition to or changes in the position itself. With the help of those participating in the interview, the OMOC Facilitator will identify relevant information to understand what is being changed and what steps have already and that still should be done to fully implement the personnel change. It is important to identify and document all changes to: Regulatory roles such as: Steam Chief, Incident Commander, On Call, Compliance Officer and so on, along with Compliance management roles, committee and project team assignments All transition steps identified in this meeting should be tracked so that progress along with risk mitigations can be monitored. Review this list with all participants prior to the conclusion of the meeting. New positions can be difficult to address as they may not yet have adequate accountability documentation prior to the change being initiated. You may need to use the job description along with information from a corresponding org structural analysis (if this is part of a structural change) where changes in accountability and authorities have been defined. Temporary assignments will require additional care and should be captured and transitioned appropriately. Make sure that dates are recorded for when the temporary assignment should end and add a step to verify that the permanent transition has occurred. Background Information: Document any background information that will help identify transition steps and possible risks: How long has the person been in the role? List certifications and qualifications the incumbent has (some may not be required formally in the role but may have been relied upon as backup coverage for other roles) What other circumstances may impact the successful implementation of this change? Scoping Questions: These questions serve as triggers that will be aid in the development of appropriate transition, communication and risk mitigation plans. 1. What is being changed as part of this personnel change: Transferring into a new role Transferring into an existing role Transferring out of an existing role Staying in the same role but with changed accountability, authorities, or assignments 2. What is the reason for this change: Structural change (previous position no longer exists or has been redefined) Job transfer (permanent, temporary/acting) Leaving the organization Joined the organization 3. Does the change involve a position with potentially significant PSM impacts such as changes to: Emergency Response Personnel Health and Safety Personnel Environmental Personnel Process Operator (or technician) Line supervision or management Maintenance Personnel Technical operations support (operations engineer, plant engineer) 4. What steps are needed to transition previous accountability and authorities? Reassignment of existing tasks Reassignment of compliance program assignments Contacting chairs of committees, working groups, or project teams Documenting critical knowledge Training new person in previous position Covering previous accountability and authorities until another person fills the position Updating of any training, procedures or work instructions Notifying any regulatory authorities Updating any systems, databases, or records Other steps 5. What steps are needed to transition into the new accountability and authorities? Management on-boarding PSM on-boarding Job orientation Specific training Operator qualification Other steps 6. What risks are anticipated during the transition or after the change has been implemented: Critical work will not get done in a timely manner Critical skills or certifications will be lost or reduced Increase in workload due to covering previous duties and responsibilities Preparation of regulatory reports will be impacted There are potential impacts to the health and safety of people, process, or the environment because of this change Other risks 7. What steps should be taken to mitigate these risks? Discuss risks with new or previous manager Communicate risks to affected compliance program owners (PSM, HSE, Quality, etc.) Other actions 8. What is the target date for when this change will be implemented (i.e. all transition steps completed)? 9. Identify and list all: transition steps, communications, and risks Review list with participants Enter this information into the OMOC tracking system and operational risk registers To learn more on how to manage organizational changes safely and meet regulatory standards and guidelines visit our web site at (www.leancompliance.ca). #OrganizationalChange #SafetyCriticalRoles #ScopingPersonnelChanges #PSM #HumanResources
- To Maintain Safety it is Necessary to Properly Transition Safety-Critical Roles
Keeping people, processes, and the environment safe during facility changes is important to most companies and is a central part of every process and pipeline safety management program. This is true not only for asset changes but also for changes to personnel. Changes in job responsibilities, loss of key personnel, and even changes in shift hours can lead to serious incidents with potentially severe consequences. It is during these kinds of changes that impacts are felt not only immediately but long after the changes are completed. These impacts can introduce new risks and expose latent ones leaving companies at risk and vulnerable. Ensuring the continuity of safety-critical roles during personnel changes will help eliminate gaps in your safety program so that incidents do not occur. Unfortunately, many companies either do not track or are even aware of which roles are safety-critical. When this information is missing from job descriptions it is not possible for management to know if and when gaps are created as people move in and out of roles. Even when this information exists, it is common to find gaps between the formal, documented requirements for a position, and the activities actually performed by the person currently in the role. To ensure that each personnel change comprehensively covers the duties and responsibilities, it is helpful to conduct interviews with both the out-going and in-coming person as part of the change process. For each personnel change it is important to: Document critical knowledge from the out-going person Understand the risks that are being managed by the role Reassign existing tasks and assignments Account for all other duties and responsibilities Ensure that the incoming person has the appropriate skills and competencies During personnel changes it is crucial to give appropriate attention to the transition of the incoming person when additional training may be required and critical safety tasks can get overlooked. It may be necessary to have the out-going person (if possible) temporarily cover critical tasks until the incoming person has obtained proper training and competency. New positions can present additional challenges as they can sometimes lack detailed job descriptions necessary for a person to properly transition into the role. In these cases, it is important to track the progression of the role description from the time when the person is first installed into the position and then again when the position has been finalized. Continuity of safety-critical roles is essential to maintain safety programs. This starts with identifying which roles are critical and then making sure that they are properly transitioned as people move in and out of them. Plan-Do-Check-Act Questions: How does your company ensure that safety-critical roles are properly transitioned during personnel changes? How are risks identified and managed while transitions are occurring? What steps can be taken to improve the continuity of safety-critical roles during personnel changes? Which step can you start today? #SafetyCriticalPersonnelChanges #OrganizationalChange #EHSS
- To Achieve Better Outcomes We Need to Pursue Outcomes that are Better
Continuous improvement is important and necessary to maintain sustainable programs. However, all too often, the pursuit of improvements can result in activities, that while good, may not be improving the overall outcomes for the organization. This may be due to poor program alignment or goals that are not specific and measurable. However, sometimes it is because the goals themselves need to improve. To achieve better outcomes we need to pursue outcomes that are better. When considering improvement initiatives it is helpful to ask open ended questions that help clarify direction and ensure that improvement activities are advancing the right things. Here are a few "What would it be like if" questions that may help take your program to the next level: What would it be like if ... the places we worked at were more productive and safer? improvement initiatives were fully embraced by all levels of the organization and people enjoyed doing them? operational excellence initiatives were better coordinated and integrated into work management processes. the management systems we used were simpler, more effective, and tied closer to the work we did? the information we needed to do our job was accurate and provided without having to look for it? we had the support we needed to do all the work that was asked of us? management had an increased understanding of what and how work was done? all facility changes (MOCs) were documented and all process information was updated and maintained in a timely manner? companies took better care of the environment and at the same time increased economic benefits? front line workers were more engaged and managers encouraged and supported improvement initiatives? Asking the right questions is often the most important step when deciding how to proceed with improvement initiatives. This can start by asking if the direction itself needs to improve. Plan-Do-Check-Act Questions: What examples can you come up with when changes where made and the program goals were not achieved? What examples can you come up with when program outcomes did advance and yet the overall situation did not get any better? What would help align improvement initiatives so that program outcomes were met and they also made things significantly better? What step can you take to towards making improvements that produce better outcomes? #OperationalExcellence #betteroutcomes
- Reducing Compliance Debt Caused by Deferred Maintenance
Maintaining a facility, pipeline, or process is essential to operate safely. A key component of this is to choose the right maintenance projects that will produce the best outcomes for the organization. Many companies use a simple ranking system to prioritize which projects to approve and which ones will be deferred until some time in the future. This strategy can result in important (perhaps strategic) projects not being funded which can increase compliance debt and future risk. It is common to rank projects using a set of parameters such as: value (or benefit), cost, and risk. Projects are ranked by benefit first followed by those with the lowest project risk. The cost of these projects are added up until the maintenance budget has been reached. The following chart illustrates this process showing that Project A and Project B have been selected: Highly regulated companies often prioritize projects by their compliance risk which is a measure of compliance threat or benefit. Understanding, that in this example, risk is used in a different manner than the previous scenario, the following diagram shows that Projects C, F and G have been selected: Projects with low compliance risk (even with high value) are often deferred until their risk becomes great enough to bubble up to the top of the priority line. This is where the rub is when using single criteria ranking. Project value and risk are more nuanced making simple ranking less effective. There are other factors that contribute to a poor (or less optimal) selection of maintenance projects: Project value tends to be limited to benefits in a given year (i.e. within the planning cycle) and often does not consider technical debt caused by deferred maintenance. Risk is more complicated than just project risk. For example, there are other kinds of risk such as: PSM risk, compliance risk, environmental risk, and complexity risk. Each of these will influence the selection in different ways. Project selection using single criteria ranking can only prioritize one factor and therefore cannot produce a balanced investment across programs, processes, and areas across the business. Deferred projects can result in increased risk, higher costs, and delayed benefits. Selecting and approving once a year using the entire maintenance budget leaves no contingency to address changes throughout the year. This can result in excessive re-planning which adds risk and cost when new projects are introduced. Selecting maintenance projects is analogous to managing a project portfolio which is typically monitored and adjusted on a periodic basis. Portfolio management introduces tools and techniques that can help select more optimal sets of projects by using multi criteria decision analysis (MCDA). Project selection can incorporate multiple project parameters such as: complexity, integrity, reliability, safety, technical debt, compliance risk, and so on, to help determine the best or at least better maintenance outcomes. Here are seven steps to achieving an optimal maintenance portfolio: Define what a balanced maintenance investment (portfolio) looks like. Decide on an appropriate MCDA method such as: analytic hierarchical process (AHP), multi-attribute additive model, real options, etc. Identify the project parameters needed to support the selected method Test and calibrate the optimization process. Use optimization results to generate candidate portfolios Select portfolio that produces a balanced investment Regenerate portfolio candidates as projects are completed and as new ones are added throughout the planning cycle to keep the investment balanced. Using multi criteria decision analysis techniques will take a little longer but will result in a more balanced maintenance investment, improved consideration of compliance debt, and reduced costs associated with excessive re-planning. Plan-Do-Check-Act Questions: How is compliance currently considered during maintenance project selection? What benefits would result from having a more balanced portfolio for maintenance projects? What would need to happen to improve the project selection process within your organization ? What step can you take to reduce compliance debt? #compliancedebt #deferredmaintenance #projectselection
- Operational Excellence - The Need for Empathy
Today's business climate is very competitive and there are demands coming from everywhere and everyone. There is constant and unrelenting pressure to improve: performance, sustainability, and innovation. These improvements are at the heart of Operational Excellence and are vital for companies to compete and succeed. However, the pursuit of operational excellence can end up becoming a means to itself. What a company focuses on often decides what kinds of outcomes happen. If you want to improve quality then adopting ISO 9000 may help you get there. However, if you adopt ISO 9000, by itself, it will not likely improve your quality. The same is true for operational excellence. The drive for operational excellence can end up becoming a series of projects to be completed while losing sight of the overall outcomes for the company. A casualty of this approach are the workers who are responsible to make improvements happen. And out of this group, the ones that feel most responsible are the ones that are most affected. Workers who feel responsible are often the most loyal to the organization and are the key supporters of improvement initiatives. They are the ones who understand how changes may impact those they work with. They understand not only how a change will impact what a person does, but as importantly, how it affects how they think and feel about the work they are doing. They are the ones who bring empathy into the discussion. Unfortunately, too often, people who show these kinds of insights are dismissed as projects soldier on towards completing the next improvement initiative. To make improvements stick it is important to not lose sight of the fact that people are responsible to make them happen. LEAN talks about this in terms of having respect for people. Design thinking calls this as the need to "Empathize". In fact, it suggests that empathy is the starting point for innovation which is exactly what companies need to improve operational excellence. Tim Cook, CEO at Apple, made the following statement at the 2017 commencement address at MIT: "When you keep people at the center of what you do, it can impact." The pursuit of operational excellence is crucial to organizations. To achieve better outcomes for both productivity and safety, companies must innovate. This will require change and not only once but on-going. Let's remember that at the center of these changes are people and they are the ones that make each improvement a reality. Plan-Do-Check-Act Questions: In what ways does your operational excellence program respect people? What would it look like if people were the center of improvement initiatives? How can empathy be incorporated more in how you approach continuous improvement? What step can you take to improve your approach to operational excellence? #OperationalExcellence #Empathy
- Improving the Management of Technical Information
Compliance programs depend on up to date technical information to support each process. This information includes such things as: process safety information, drawings, operating limits, set points, performance standards, equipment data, permits, quality records, procedures, calculations, risk analysis, and collected measurements. When this information is difficult to find, not available, or out of date this can lead to wrong decisions that impact the safe operations of the facility or at a minimum, create waste. Technical information is needed by many roles within an organization including: operators, to understand how to safely operate the facility asset owners, to determine if changes are replacement in kind or not maintenance, to know how to properly maintain equipment engineers, to understand how best to replace or improve processes safety specialists, to identify risk management, to assess compliance and performance Even with the importance that technical information has, it is not unusual to find that a significant amount of this information is not readily available and sometimes not available at all. The reasons for why this is case varies from company to company. However, there are some common themes as to why technical information is not easily found: It takes too long to find the information Knowledge of where information is stored resides with people that have left the company Information is stored in silos and not easily discovered or accessed Every system has its own way storing and finding information Information management processes and practices are inadequate Information systems have become unsustainable and cannot keep up There is no single role in the organization that is accountable for the management and use of technical information. These issues pose a significant challenge not only to the safe operations of facilities, but also to maintaining and operating processes as efficiently as possible. There is a lot of wasted time spent looking for information that is not necessary. Some analysts report that this can be as much as 20% of a person's day. The good news is that it is possible to improve how technical information is managed through relatively small improvements often using the technologies that are already in place within organizations. Conducting an information and systems audit is the first place to start. When making improvements, it is necessary to know the condition of your current processes and systems. An important outcome of an audit is the identification of what information is critical. This will help prioritize what improvements should happen first. Another important step is to understand the architecture and flow of information across the organization. Technical information has a particular flow and it is important that the right system is being used at the right place in the value chain. At a basic level, information is created during the execution of capital or maintenance projects, and then released to maintenance and operations. The following diagram can help visualize the flow of information across key systems and processes: The transition between each stage in the information flow can be a point of weakness in the overall system. So focusing on the system boundaries may help to significantly reduce information loss and improve reliable access to technical information. Improving the management of technical information is crucial and should be part of every operational excellence program. With knowledge and expertise walking out the door, as an aging workforce retires and the workforce is reduced, companies can no longer lean on the assumption that someone will know where the information is and that the information is up to date. Instead, companies need to improve their technical information management systems and processes to ensure that compliance and operating decisions are made with the right information, in a format that is understood, and at the time it is needed. Plan-Do-Check-Act Questions: What ways would your compliance programs improve if information was more readily available? What issues have you observed that hinder access to safety-critical information? Is the original design basis for process and equipment available to make replacement in kind determinations? If not then how can this be improved? What is your next target condition that you can begin taking steps towards? #TechnicalInformationManagement #Design #ProjectManagement
- Do You Need A Different System For Each Regulation?
The need to comply with regulations and standards is a necessary part of every business. In fact, companies need to comply with several regulations and standards at the same time. How this is done can often lead to a duplication of effort and resources all of which contribute to waste. Within each organization there is often a different role for each compliance program. There is one for: quality, process safety, occupational health and safety, environmental, and so on. This structure often reflects the way accountability for safety is assigned. A benefit of this approach is that it allows each program to advance in maturity at different rates. At the same time, this can and often leads to separate systems each with their own procedures, practices, and supporting technologies. Without having a plan to leverage capabilities the overall compliance program can suffer from: a duplication of effort, inconsistent practices, and a slow down in advancement of overall compliance competencies. To counter this, companies can take common capabilities that are needed across the various compliance programs, and combine them to benefit from best practices, standard procedures, and shared tools and techniques. To illustrate this, the following chart highlights the elements that require the same or similar capabilities across ISO 9001, OSHA 1910 Process Safety, OHSAS 18001, and ISO 140001 standards: Compliance capabilities that are in common include: risk management, change management, document management, measurement and monitoring capabilities, and continuous improvement. A next step for companies could be to establish a common document management system, for example, and build out standard processes across their entire compliance program. By taking a capabilities view to compliance systems, companies can: Better understand what is needed to achieve compliance Leverage common capabilities to improve compliance outcomes Reduce waste in getting there Plan-Do-Check-Act Questions: What examples exist within your organization of using different systems to manage similar compliance elements? What practices are duplicated that could be standardized? What capabilities are lacking or inconsistent that if improved would significantly improve your compliance program outcomes? What step can you take to advance those improvements? #CompliancePrograms #ComplianceInitiatives
- Should Compliance (EHSS) Processes move to the Cloud?
Many organizations are considering moving some or all of their applications and systems to the "Cloud." This applies to both productivity and mission critical business processes including compliance programs specifically those that support Environment, Health, Safety and Security (EHSS). When the phrase, "moving to the cloud", is used it can mean different things. Often, it refers to moving existing applications and systems to a cloud provider to host them. The primary motivation and outcome for doing so is cost reduction. However, moving to the cloud can mean more than simply changing the location of servers. It can also mean using applications built specifically for the cloud and what is known as "Software As A Service" or SAAS. Using these services can change how applications are used, data ownership, and the ability to integrate to existing productivity and mission critical systems. All of these can impact EHSS outcomes. In general, SAAS offerings are designed to provide a set of capabilities for a single purpose that can be used by many users (subscribers). The offerings will tend to have the following characteristics: Used for a single purpose - does one thing well (best in class) Can be used by multiple subscribers (tenants) Uses a single code base that is continuously updated - no concept of versions Cannot be customized (i.e. you cannot change the software) Supports limited integration capabilities - integration is usually with other cloud based services if they exist at all. Integration with on-premise systems are usually not supported. Offers some configurability - since the software cannot be changed, configuration must be built into the application which is often traded off against new features. Data storage and partitioning is shared - your data may be stored in the same database as other subscribers, may reside in another country, or could be accessible and used by the service provider. While traditional enterprise software will tend to have these characteristics: Used for multiple purposes - can do many things and used in different ways Often supports customization Provides extensive configuration capabilities Provides integration or a framework for third parties to develop integrations with other enterprise solutions Data is stored locally and usually accessible directly or through published API's EHSS applications reside somewhere between productivity and mission-critical processes depending on how compliance is viewed. Using this distinction can help understand the impact moving to the cloud has on EHSS systems. First of all, mission-critical processes and systems will likely remain on premise due to the high levels of customization estimated as 60% of the software solutions deployed today. Keeping EHSS applications on-premise may be necessary to achieve greater data integration with other compliance and mission-critical systems. However, in many organizations EHSS applications tend to be independent applications and may not have deep integrations with other systems. In these cases, SAAS offerings, which demand a consistent approach, may be seen as a benefit from a regulator point of view. Moving to the cloud may help provide a standard user experience which could result in: a reduction in training, greater process adoption, and reduced variability in how compliance is followed. These benefits could also be achieved by implementing application suites from a single vendor or through better integration. Organizations are also looking to transfer some risk to the SAAS provider. However, regulations may limit how much of the safety risk can be transferred to third parties. Moving to the cloud will have implications for compliance data specifically related to data residency and ownership. Transferring control of compliance data may expose companies to unacceptable risk. Moving to the cloud can also serve as a catalyst for improvement and establishing a more effective compliance platform. A process improvement initiative could achieve the same benefits. There are other factors to consider such as: service level agreements, vendor lock in, hybrid architectures, and so on. Organizations will need to look carefully at how compliance outcomes change as a result of moving to the cloud. The first step, and one that could generate immediate benefits, is to start with improving your existing process first. Plan-Do-Check-Act Questions: How will your compliance process outcomes change by moving to the cloud? What ways do these improve or advance the compliance program? In what ways could compliance programs be simplified by moving to the cloud? Are data ownership and residency issues properly addressed? What steps can you take to better understand and prepare moving your compliance process to the cloud? #ComplianceSolutions #cloud #EHSS
- Does Compliance Hinder Innovation?
Innovation is necessary for growth and often requires that risks are taken. However, a common sentiment is that compliance is getting in the way. Compliance is taking away our ability to innovate and to be profitable. This is not only heard for new business development but also when changes are made to existing operations. The pharmaceutical sector is one of the most regulated in industrialized countries. FDA has strict requirements for verification and validation of products and services. The risks to patients are many so it makes sense to scrutinize every aspect from design to delivery of new products. Changes made during the product life-cycle can lead to re-validation and conducting more clinical trials all of which introduce delays to the introduction of the new drug or medical device. In 2005, the Quality Risk Management program ICH-Q9 was introduced to bring a risk based approach to this industry. This was extended to the medical device sector through the ISO14971 Risk management standard. These were introduced partially to address the question of risk management and innovation and so were welcomed by the industry and FDA. This risk based approach leveraged the ICH-Q8 standard which introduced, among other things, the concept of design space. A design space establishes parameters that have been demonstrated to provide quality assurance. Once a design space is approved, movements within it are not considered a change from a regulatory point of view. This creates a space within the agreed boundaries for innovation to occur. Now, let's consider the process sector where we discover a similar notion referred to as, "Replacement in Kind" or RIK. Replacement in Kind uses the idea that when changes are made to the "design basis" a Management of Change (MOC) process must be followed to manage risk. Otherwise, the change is considered a "replacement" and not a change from a regulatory point of view. In many ways, RIK has the same effect that design space has in the Pharma/Med Device sectors. They both define boundaries that allow certain changes to occur that will produce the same design outcomes. Unfortunately, one notable difference between the two is how design basis is currently managed in the process sector. Design information tends not to be as controlled or managed as it in the Pharma/Med Device industry. In fact, it is common in older facilities to find that the design basis is no longer even known and engineers and maintenance crews default to the manufacturer's specifications for the equipment, parts, or material replacements. This has the effect of reducing the options and innovations that might otherwise be available. In a fashion, improving the management of design basis could allow for more innovation in the process sector. More changes could be considered as RIK without increasing risk. This would result in fewer MOCs and fewer resources being spent redoing hazard analysis, risk assessments and so on. Companies need to innovate and at the same time "play it safe" when it comes to workers, the people around them, and the environment. This is not easy but necessary. Re-imagining the design change process may be a good first step to support more innovation and staying compliant both at same time. Plan-Do-Check-Act Questions: How important is innovation to achieving the outcomes your business has targeted? What would it look like if more innovation could occur without increasing risk? In what ways has compliance hindered innovation in your organization? What steps could be taken to manage risk and increase innovation in operations and maintenance processes? #Compliance #Innovation #Design
- Should You Choose a Product or a Solution?
In the early days of computing, companies would take "Commercial Off the Shelf (COTS)" products and create solutions to address specific problems found in operating their business. There was an important distinction made between products and solutions. Sometimes they were the same, although most often they were not. Products provided a set of core capabilities such as: a database, a document repository, or business logic often in the form of workflows. Solution providers would take these components and design applications to meet their customer's requirements. This approach was widely used for compliance processes for many years. Solutions required integration of data and capabilities that could address the entire scope of the problem. This often created the tension between choosing a "Best of Breed" and "Best Integrated" offering sometimes called product suites. "Best of Breed" products delivered best in class functionality at the expense of providing more comprehensive set of capabilities. "Best Integrated" products focused on delivering broader capabilities that where either well connected or could be connected together more easily. In today's world, the number of applications is numerous and the technologies mystifying. Deciding what apps to use or what services to subscribe to can be daunting. For those who use cloud services will know it is not ideal or even effective to have dozens of subscription services working in isolation and not working together. Choosing between products and solutions is still an important consideration today as it was in previous years. Instead, of choosing from among various COTS products, companies are choosing between "Killer Apps" and "Killer Platforms." In many ways, organizations are facing the same issues they did years ago although the vocabulary and technologies have changed. Plan-Do-Check-Act Questions: Does your company treat products and solutions as the same and what impact has this had on the effectiveness of the information technologies you use? In what ways has the implementation of partial solutions hindered your compliance processes? In what ways can the strategic use of "Killer Apps" help advance compliance? What opportunities do you see might improve the solutions you use each day? What is the next target condition for improving a solution you use most? #Solutions #ComplianceSolutions