SEARCH

is emerging – one focused on compliance. The Nature of Compliance The compliance landscape has changed. Nature of a Compliance Engineer Compliance needs to be engineered. Compliance Engineers would also lead by example by upholding the values that compliance is striving We need to engineer our compliance not just audit our conformance. We need Compliance Engineers.

Compliance management systems are used by organizations for the purpose of helping them first achieve What is essential for a compliance system to be effective? How are outcomes created? Another way of saying this is a compliance system is not the sum of its parts. Compliance system properties We have found that the following properties contribute to a compliance system's to fulfill their compliance function.

In the world of compliance, humility is a critical trait that is often overlooked. How does humility help compliance? Being humble in compliance means acknowledging that no compliance program is perfect and that there is Being humble in compliance also means being willing to learn from mistakes. Humility in compliance means recognizing the importance of collaboration.

Some may be aware of an obscure but important guideline called ISO 19600 “Compliance Management System . provides description of what is considered a regulatory compliance culture. highlights the issues of independence, staffing and skills of Regulatory Compliance to operate without interventions and with Is this standard what you need to modernize your compliance? ISO 37001 is applicable for organizations that: want to modernized their corporate compliance efforts

Safety performance is improved when organizations take a comprehensive and systemic view of their safety efforts. This requires different skills than implementing separate activities connected with requirements where the "means" have already been specified.  With todays performance and outcome-based regulatory designs, organizations must now identify and determine how they will achieve targeted safety goals; which can be considered as obligations. A "design" step is needed to translate requirements to design specifications. These specifications describe the ends (key results and objectives) and the means (people, process, technology) of the safety effort needed to meet your obligations. API RP 1173 Management of Change (MOC) Example The following completed system requirements canvas demonstrates how this looks like for a Management of Change (MOC) sub-system for a Pipeline Safety Managment System (SMS) using API RP 1173. Although, this approach can be applied to other types of systems where improvement in both performance and outcomes have been targeted. This canvas maps requirements to the processes and capabilities that have been identified to achieve MOC effectiveness. Since API RP 1173 is a recommended practice (i.e. not mandatory) and uses a performance-based approach, it is no surprise that elements only include minimum procedural requirements that could be verified using an internal or external audit. Although, no certification body exists or is expected. When considering requirements a necessary (and perhaps the first) step is to identify what effectiveness looks like. This goes beyond looking at minimum prescriptive requirements and includes consideration of the system's overall purpose, internal and external dependencies and requirements that come from improving essential capabilities to achieve key results and objectives. For an MOC subsystem, effectiveness can be defined as: Management of change is effective when it keeps pipeline safety risk (individual and aggregate) within acceptable risk levels (risk tolerance) resulting from technical, physical, procedural or organizational change. This measure of effectiveness will create additional requirements although not specified in API RP 1173, are certainly expected as part of its adoption. A comprehensive design will also consider overall system properties which for a purposively system, like a Pipeline SMS, can be expressed in the following way: The first property we have already addressed, although not for the system as a whole. We know from system theory that a system is not the sum of its parts and is rather the product of its interactions. We expect that all subsystems will be designed to contribute to the production of the essential system properties. Therefore, we must identify what is needed for the MOC subsystem itself and its contribution to the whole (i.e. dependency requirements) with respect to being: effective, proactive, viable, sustainable, resilient, efficient, adaptive, and transparent. A design structure matrix (as shown below) can be used to identify dependency requirements along with possible vulnerabilities or gaps in system capabilities: Summary To meet performance and outcome-based obligations each organization must establish their own goals and objectives along with the means by which they will be achieved. It is in meeting these obligations that create performance requirements that extend beyond procedural specifications within the API RP 1173 framework as in our MOC example. A design step is now needed to translate performance, element, and system requirements to design specifications for solutions that advance overall outcomes. As safety is an emergent property of an overall safety system the design step requires knowledge and skills in system design, cybernetic controls, and risk-based strategies to ensure that safety is advanced. These are not only needed for adopting API RP 1173 but for all performance and outcome-based regulations and standards.

Minimal Viable Compliance A framework-focused approach to compliance emphasizes creating the structural architecture and formal elements of a compliance program. In contrast, operational compliance focuses on the engineering and mechanics of how compliance actually This does not mean building minimum or basic compliance. Driving Compliance to Higher Standards The key to compliance success lies in understanding that framework

Cyber risk has the potential to affect compliance programs which are intended to keep: people, the environment Having an effective cyber security program is an essential part of today's compliance platform. Plan -Do-Check-Act Questions: Which compliance programs, if disrupted, would most hinder your organization's

More than 75% of companies never measure the effectiveness of their risk & compliance programs. Proactive Certainty Scorecard™ (Version 3) to help organizations quickly assess how well their risk & compliance After you complete this scorecard we will schedule a free orientation session with one of our risk & compliance The Proactive Certainty Scorecard™ is applicable to all risk & compliance domains including: Quality Data Privacy, Ethics and Legal, Financial, Corporate Risk, Supply Chain Risk, and overall Risk and Compliance

Why Business Managers Should Own Compliance There's a persistent practice in organizational management However, at a basic level, the main reason we separate compliance from the business is that we view compliance When we think of compliance as verification, we miss the fundamental point: compliance is about meeting Compliance stops being a monitoring function and becomes an operational commitment. That's lean compliance in action.

elements that, when properly integrated, form a powerful framework for achieving organizational and compliance drives innovation, inspires employees, and propels the organization towards sustainable success for compliance

short-term thinking to a long-term view and the benefits it can bring to our lives, businesses, and compliance This involves recognizing that success (including compliance success) often requires sacrifices in the With respect to compliance this means taking ownership of obligations and keeping promises associated a characteristic we value in people and businesses, and something we need to value with respect to compliance Compliance Growth and Maturity In a world where short-term thinking often prevails, it's time to embrace

When it comes to performance-based compliance required by organizations where compliance failure means For compliance systems to work they must be operational. They must achieve a minimum level of compliance defined as Minimum Viable Compliance (MVC). when essential functions, behaviours, and interactions work together at levels sufficient to create compliance benefits (the outcome of compliance.)