Regulatory Compliance and Risk Management
This article discusses the benefits of a Process led approach to compliance.
For details on the use of Governance, Release and Version management, click here.
What benefits does Elements Process Knowledge give you in compliant and regulated environments?
Whatever regulation you have to operate within, producing documentation and building a compliant management system can become a major overhead. While every system is intended to add value and support the people who need to operate within it, many Management Systems can become the proverbial ‘tail wagging the dog’.
When the end customer experience, flexibility, innovation and commercial performance suffer due to ‘regulatory constraints’, it is often not the regulations themselves to blame, but the sheer complexity of building a management system to document and comply to the necessarily changed and constrained ways of working.
So how does Elements Process Knowledge, as a cloud solution deliver benefits in this space? It’s a question of context and complementary impacts.
Leverage and enhance your existing compliance and risk systems
First, we take our own information security very seriously, so that you can use it for compliance and risk related related documentation, even though it is based in the cloud. Elements has a highly secure software and operational architecture complying with numerous rigorous cloud security standards. (see documentation for details). If you are a client operating with specific requirements, please contact firstname.lastname@example.org to arrange a 1-1 session on security and architecture.
Second, we can add enormous value to information stored in the most secure environments by providing layer of context and visibility of process, that allows users to navigate to the highly secure supporting documentation to understand or carry out specific activities.
Sometimes a rigorous compliance driven structure of documentation, focused on the clauses of a set of regulations makes it really hard to see how things actually work across an organization. The Elements Process Knowledge approach and capability can put all this detailed documentation into an accessible, useful context which engages people. This can have a major impact on enabling people to continually improve their working practices, while remaining compliant through better understanding and awareness of the impacts of doing or not doing certain things. It can also have a big impact on audits from both auditors and the organization preparing for and being audited.
Once you have a clearer process context, it becomes self evident to focus on what is right for the customer and the orgnizational goals. The organizations’ Common sense can increasingly prevail, with the regulatory constraints much more likely to be surfaced in context and where necessary, challenged.
Time and again over the last 20+ years, we have seen situations where ‘standard practice’ was flawed but accepted because ‘we have to do it that way – it’s a compliance issue’. If you then ask what regulatory requirement is stopping a specific process improvement idea, the answer was surprisingly often: ‘Actually there is no reason we can’t change’. The issue was that the people involved didn’t understand the process implications well enough to ask the right questions and interpret the regulatory requirements in the right context. When faced with an incomplete or confusing picture, the human mind almost always says no. When regulatory compliance is on the line, the lack of context, the lack of a clear picture means that things don’t get changed, decisions don’t get made. People are rightly cautious about making a mistake and causing a compliance issue. But the cumulative impact of that caution on the clockspeed and agility of the affected organization can be immense, and sometimes threaten not just competitiveness, but survival.
Third, the Process Knowledge product itself contains many specific features (especially in Pro and Governance forms coming soon), that allow you to create and manage the documentation directly in managed Process Knowledge content showing ‘who needs to do what when, why and how’ – to deliver on your organizations objectives (and yet still be compliant).
Think of it as turning the typical documentation in an Operational Management system on it’s head.
Regulatory Centric Management System
Frequently a Management System is:
- structured around the requirements of a given set of regulations
- with high level policy documents
- in parallel (and often related to) a list of procedural documents
- that relate to sets of lower level procedures and work instructions
- that may or may not contain visualisations of process. The process is often contained within paragraphs and bullet point lists in text based documents.
Outcome? A documentation industry inside most orgnizations that is hard to get your head around, engage with, maintain, improve, work to, audit and (most importantly) change. So often people try to limit change because ‘we’re in a regulated industry’. Is this really ‘because of compliance’…or because it’s just so hard to understand what’s going on and how to change it without breaking the management system?
Process Centric Compliance and Risk Management System
Whereas it can be:
- Structured around a graphical hierarchy of Process Knowledge
- The high level maps can easily describe the key activities and scope of responsibilities
- The standard Process Knowledge building block already captures ‘who needs to do what, when, and why.
- The structured hierarchy defines scope and context, into which high level policies can be attached
- Procedures can be simplified and shortened, since the Diagrams describe most of the procedural information and structure.
- The lowest level procedures are simply attached to activities
- Lowest level work instructions are either replaced by diagrams or split into the instructions representing a given step – and attached to an activity.
- (Pro Capability – initial release Fall 2016 – full capability in this area into 2017) – Risk frameworks can be synched into Elements and related to individual activities across the Process Map. Business controls can be setup and managed. Again, directly in the context of visible, understandable process knowledge.
The Process content can then be managed and controlled as a compliant Management System itself, using the following principles and capabilities.
Elements Document Management principles
Elements Process Knowledge is architected as a secure Document Management solution. The Documents just happen to represent process knowledge with a particular format and set of attributes. There is also a hierarchy of documents (diagrams) with a specific syntax.
To draw a simple analogy, If all your Process Knowledge was in a book.
- The Free capability allows you to decide who can edit the whole book and the individuals (inside and outside your team) – can view it.
- The Pro capability allows you to decide who owns the structure. Who can edit which parts of the book – and manage who can view or edit content down to paragraphs within pages.
- The Governance capability allows you to manage versions of pages within the book, and the release of new editions with whole new chapters and minor edits. It manages the circulation of changes to all stakeholders who need to sign-off. It manages the archives, the reviews, the audit trail and when everything is ready, the publishing, the distribution and the recording of who has signed off as having read and understood it. It will even help them give reviews and feedback so the next edition of the book will be even better.
Or if you want to look at it in actual functionality terms:
Process Knowledge Pro allows you to:
- release and version management of your process documentation
- archive management
- access rights by Map and edit rights by Diagram within a Map
- manage access and User Groups (provides a major benefit once you have any level of large or complex organisation).
- Synch current regulatory statements and risk frameworks into a nested list structure. Link specific clauses to activities throughout any Map in your Team space to demonstrate compliance, manage risk and provide the visualisation platform to enable anyone connected with your operation to understand how to work in the most effective way, while remaining compliant with appropriate regulatory requirements.
- manage Data Structures at a more granular level (access rights)
- set access rights on Data Records associated with a given Map or diagram
- Select groups who can add but not edit
- user groups who can add and edit
- at Data Table and record scope
- at Map or diagram scope level
Process Knowledge Enterprise (due Fall 2017), provides;
- management of user access and specific user domain management/reporting.
- authorization cycle workflows (Process Owners and Stakeholders)
- structured and periodic reviews
- full audit trails to regulatory standards
- inherent support for PDCA cycles
- complementary to a broad range of ISO/FDA/FSA/FCA regulatory requirements, including the improved process focus of ISO9000:2015
Process Knowledge (Free), Gives you
- control of the manage, edit and view rights to the Map. i.e. You can limit edit rights down to individual or multiple users as you choose, but they apply to the whole Map.
- You can also decide who gets to see the content at all as you share and set View, Edit or Manage rights down to individual users for a given Map.
- Rights to manage Data Structures across the whole library (Data Structures Manager).
- Rights to manage Resources across the whole library (Resources Manager).
For more detail on Document Management click here
If you have specific questions or requirements around supporting Document Management, Operational Management Systems, Quality Systems or Risk and Compliance – engage with us at email@example.com
BACK TO HELP CENTER