SEARCH
Find what you need
497 items found for ""
- Do You Need A Different System For Each Regulation?
The need to comply with regulations and standards is a necessary part of every business. In fact, companies need to comply with several regulations and standards at the same time. How this is done can often lead to a duplication of effort and resources all of which contribute to waste. Within each organization there is often a different role for each compliance program. There is one for: quality, process safety, occupational health and safety, environmental, and so on. This structure often reflects the way accountability for safety is assigned. A benefit of this approach is that it allows each program to advance in maturity at different rates. At the same time, this can and often leads to separate systems each with their own procedures, practices, and supporting technologies. Without having a plan to leverage capabilities the overall compliance program can suffer from: a duplication of effort, inconsistent practices, and a slow down in advancement of overall compliance competencies. To counter this, companies can take common capabilities that are needed across the various compliance programs, and combine them to benefit from best practices, standard procedures, and shared tools and techniques. To illustrate this, the following chart highlights the elements that require the same or similar capabilities across ISO 9001, OSHA 1910 Process Safety, OHSAS 18001, and ISO 140001 standards: Compliance capabilities that are in common include: risk management, change management, document management, measurement and monitoring capabilities, and continuous improvement. A next step for companies could be to establish a common document management system, for example, and build out standard processes across their entire compliance program. By taking a capabilities view to compliance systems, companies can: Better understand what is needed to achieve compliance Leverage common capabilities to improve compliance outcomes Reduce waste in getting there Plan-Do-Check-Act Questions: What examples exist within your organization of using different systems to manage similar compliance elements? What practices are duplicated that could be standardized? What capabilities are lacking or inconsistent that if improved would significantly improve your compliance program outcomes? What step can you take to advance those improvements? #CompliancePrograms #ComplianceInitiatives
- Should Compliance (EHSS) Processes move to the Cloud?
Many organizations are considering moving some or all of their applications and systems to the "Cloud." This applies to both productivity and mission critical business processes including compliance programs specifically those that support Environment, Health, Safety and Security (EHSS). When the phrase, "moving to the cloud", is used it can mean different things. Often, it refers to moving existing applications and systems to a cloud provider to host them. The primary motivation and outcome for doing so is cost reduction. However, moving to the cloud can mean more than simply changing the location of servers. It can also mean using applications built specifically for the cloud and what is known as "Software As A Service" or SAAS. Using these services can change how applications are used, data ownership, and the ability to integrate to existing productivity and mission critical systems. All of these can impact EHSS outcomes. In general, SAAS offerings are designed to provide a set of capabilities for a single purpose that can be used by many users (subscribers). The offerings will tend to have the following characteristics: Used for a single purpose - does one thing well (best in class) Can be used by multiple subscribers (tenants) Uses a single code base that is continuously updated - no concept of versions Cannot be customized (i.e. you cannot change the software) Supports limited integration capabilities - integration is usually with other cloud based services if they exist at all. Integration with on-premise systems are usually not supported. Offers some configurability - since the software cannot be changed, configuration must be built into the application which is often traded off against new features. Data storage and partitioning is shared - your data may be stored in the same database as other subscribers, may reside in another country, or could be accessible and used by the service provider. While traditional enterprise software will tend to have these characteristics: Used for multiple purposes - can do many things and used in different ways Often supports customization Provides extensive configuration capabilities Provides integration or a framework for third parties to develop integrations with other enterprise solutions Data is stored locally and usually accessible directly or through published API's EHSS applications reside somewhere between productivity and mission-critical processes depending on how compliance is viewed. Using this distinction can help understand the impact moving to the cloud has on EHSS systems. First of all, mission-critical processes and systems will likely remain on premise due to the high levels of customization estimated as 60% of the software solutions deployed today. Keeping EHSS applications on-premise may be necessary to achieve greater data integration with other compliance and mission-critical systems. However, in many organizations EHSS applications tend to be independent applications and may not have deep integrations with other systems. In these cases, SAAS offerings, which demand a consistent approach, may be seen as a benefit from a regulator point of view. Moving to the cloud may help provide a standard user experience which could result in: a reduction in training, greater process adoption, and reduced variability in how compliance is followed. These benefits could also be achieved by implementing application suites from a single vendor or through better integration. Organizations are also looking to transfer some risk to the SAAS provider. However, regulations may limit how much of the safety risk can be transferred to third parties. Moving to the cloud will have implications for compliance data specifically related to data residency and ownership. Transferring control of compliance data may expose companies to unacceptable risk. Moving to the cloud can also serve as a catalyst for improvement and establishing a more effective compliance platform. A process improvement initiative could achieve the same benefits. There are other factors to consider such as: service level agreements, vendor lock in, hybrid architectures, and so on. Organizations will need to look carefully at how compliance outcomes change as a result of moving to the cloud. The first step, and one that could generate immediate benefits, is to start with improving your existing process first. Plan-Do-Check-Act Questions: How will your compliance process outcomes change by moving to the cloud? What ways do these improve or advance the compliance program? In what ways could compliance programs be simplified by moving to the cloud? Are data ownership and residency issues properly addressed? What steps can you take to better understand and prepare moving your compliance process to the cloud? #ComplianceSolutions #cloud #EHSS
- Does Compliance Hinder Innovation?
Innovation is necessary for growth and often requires that risks are taken. However, a common sentiment is that compliance is getting in the way. Compliance is taking away our ability to innovate and to be profitable. This is not only heard for new business development but also when changes are made to existing operations. The pharmaceutical sector is one of the most regulated in industrialized countries. FDA has strict requirements for verification and validation of products and services. The risks to patients are many so it makes sense to scrutinize every aspect from design to delivery of new products. Changes made during the product life-cycle can lead to re-validation and conducting more clinical trials all of which introduce delays to the introduction of the new drug or medical device. In 2005, the Quality Risk Management program ICH-Q9 was introduced to bring a risk based approach to this industry. This was extended to the medical device sector through the ISO14971 Risk management standard. These were introduced partially to address the question of risk management and innovation and so were welcomed by the industry and FDA. This risk based approach leveraged the ICH-Q8 standard which introduced, among other things, the concept of design space. A design space establishes parameters that have been demonstrated to provide quality assurance. Once a design space is approved, movements within it are not considered a change from a regulatory point of view. This creates a space within the agreed boundaries for innovation to occur. Now, let's consider the process sector where we discover a similar notion referred to as, "Replacement in Kind" or RIK. Replacement in Kind uses the idea that when changes are made to the "design basis" a Management of Change (MOC) process must be followed to manage risk. Otherwise, the change is considered a "replacement" and not a change from a regulatory point of view. In many ways, RIK has the same effect that design space has in the Pharma/Med Device sectors. They both define boundaries that allow certain changes to occur that will produce the same design outcomes. Unfortunately, one notable difference between the two is how design basis is currently managed in the process sector. Design information tends not to be as controlled or managed as it in the Pharma/Med Device industry. In fact, it is common in older facilities to find that the design basis is no longer even known and engineers and maintenance crews default to the manufacturer's specifications for the equipment, parts, or material replacements. This has the effect of reducing the options and innovations that might otherwise be available. In a fashion, improving the management of design basis could allow for more innovation in the process sector. More changes could be considered as RIK without increasing risk. This would result in fewer MOCs and fewer resources being spent redoing hazard analysis, risk assessments and so on. Companies need to innovate and at the same time "play it safe" when it comes to workers, the people around them, and the environment. This is not easy but necessary. Re-imagining the design change process may be a good first step to support more innovation and staying compliant both at same time. Plan-Do-Check-Act Questions: How important is innovation to achieving the outcomes your business has targeted? What would it look like if more innovation could occur without increasing risk? In what ways has compliance hindered innovation in your organization? What steps could be taken to manage risk and increase innovation in operations and maintenance processes? #Compliance #Innovation #Design
- Should You Choose a Product or a Solution?
In the early days of computing, companies would take "Commercial Off the Shelf (COTS)" products and create solutions to address specific problems found in operating their business. There was an important distinction made between products and solutions. Sometimes they were the same, although most often they were not. Products provided a set of core capabilities such as: a database, a document repository, or business logic often in the form of workflows. Solution providers would take these components and design applications to meet their customer's requirements. This approach was widely used for compliance processes for many years. Solutions required integration of data and capabilities that could address the entire scope of the problem. This often created the tension between choosing a "Best of Breed" and "Best Integrated" offering sometimes called product suites. "Best of Breed" products delivered best in class functionality at the expense of providing more comprehensive set of capabilities. "Best Integrated" products focused on delivering broader capabilities that where either well connected or could be connected together more easily. In today's world, the number of applications is numerous and the technologies mystifying. Deciding what apps to use or what services to subscribe to can be daunting. For those who use cloud services will know it is not ideal or even effective to have dozens of subscription services working in isolation and not working together. Choosing between products and solutions is still an important consideration today as it was in previous years. Instead, of choosing from among various COTS products, companies are choosing between "Killer Apps" and "Killer Platforms." In many ways, organizations are facing the same issues they did years ago although the vocabulary and technologies have changed. Plan-Do-Check-Act Questions: Does your company treat products and solutions as the same and what impact has this had on the effectiveness of the information technologies you use? In what ways has the implementation of partial solutions hindered your compliance processes? In what ways can the strategic use of "Killer Apps" help advance compliance? What opportunities do you see might improve the solutions you use each day? What is the next target condition for improving a solution you use most? #Solutions #ComplianceSolutions
- Where is the latest Standard Operating Procedure (SOP)?
Using up to date procedures and safe work practices is essential for maintaining safety of your workforce. Document management systems play an important role as part of a compliance platform to manage and deliver the correct documents so that appropriate procedures can be followed. It has been over 30 years since the introduction of digital document and record management technologies. So you might expect this to be a solved problem by now. In today's world of the internet no one should be spending time looking for or wondering if the procedure they have is the correct one or not. However, significant time is still spent searching for information that is needed to perform work. Source: Time Searching for Information. There are several factors that contribute to why this is the case that include using: system silos, out-of-date information, poorly executed or non existing management practices, and so on. I often find that companies may not even know what information needs to be managed. Identifying the documents, forms, and procedures needed by personnel in safety-critical roles is an important step towards improving timely access to procedures and safe-work practices. However, the most important factor may well be the mindset around document management. When you view something as a "solved problem" there tends to be no attention given to maintaining the process let alone improving it. Is it time for your company to take another look at document management and how documents can be maintained and delivered in a timely manner? Plan-Do-Check-Act Questions: What "solved problems" do you see in your workplace that need improvement? Which roles are most effected by information that is: incorrect, out-of-date, or not available? What do people do when they can't find the information they need and how does this impact safety risk? What is the next target condition to improve access to critical procedures and what is the first step towards that objective? #DocumentManagement #RecordKeeping #Procedures #SafetyCriticalRoles