Integrating Regulatory Content to your Compliance Management Systems
But let’s back up a second – why are we striving for real-time? What happened to the good old days, when it was good enough just to know how we’re performing within a day? When did it become necessary to keep tabs on things so closely? The reality is that the world is simply moving faster in terms of information. Our operations are streamlined, our supply chains are bigger, our products diversified, our competition is ruthless. We move faster because if we don’t, then someone else will jump in and push us out of business. The pace of business is what keeps us moving fast, and that requires we respond to data faster. We need the data as it happens because we can’t afford not to have it.
So we move faster, it is clear on that. But as we move faster, we run the risk of sacrificing quality and/or safety for speed. The regulatory and compliance requirements that govern businesses do not care about the pace of business, they care only that the end products are meeting compliance. And regulations and compliance initiative change – some more often than others. How can we keep up with the changing regulatory compliance data, and use our real-time know-how to get this data into our hands real-time?
Identifying what Data you Need Immediately
Most of this type of regulatory data comes in three flavors. They can come directly from the regulatory agencies that have created the rules and requirements (think OSHA, EPA, FDA, FAA…ASAP, OMG), or from external data aggregators, who sift through the regulations and pull out the significant changes and addendums. But this regulatory data might also arise from internal sources as well – it could be a reinterpretation of an existing policy, or maybe a resulting inspection changes our view on a policy. All this is important data, and typically sits outside our traditional Compliance umbrella – Quality Management, Safety Management, Environmental Management, Risk Management, and so forth.
So this data is coming from all over and it’s important. It is affecting our policies, procedures, audits, how we train, and what our risks are. We need to get this data in our hands quickly so we can update checklists, change processes, re-train our staff, and adapt to keep moving forward.
Structuring the Data: Making Sense of the Data
Information comes at us in all forms. In fact, humans consume roughly 34GB of data in a day (that’s about 12 TB per year), and some is structured, and some is unstructured. Structured data is anything that is formatted in such a way that you can import a large amount of the data easily. Examples of structured data include Excel Spreadsheets, Comma Delimited Tables, XML, and so forth. While these are the ideal ways to gather regulatory data, much of the time we are faced with unstructured data. Changes to a regulation, one or two policy changes – items that come in ad-hoc. Many organizations will use data aggregation services to search out the regulatory data, and manually turn this data into structured data.
The goal of structuring the data is to generate “feeds” – streams of data feeding into our compliance system, notifying us of changes. Like a Compliance Twitter, it displays the latest and greatest of the policies, regulations, checklists and anything else we need to look at in real-time.
Bringing the New Data in and the Management of Change
If we have these regulatory feeds in place, we can look at the data in a structured way and analyze the changes being thrown in front of us. How do we know what in the system is affected by these changes? One policy change from someone like the EPA can affect hundreds of records in our Document Control System. One term change in a checklist can throw our entire audit management plan into disarray. The key lies in the way we integrate the data. We need to be able to not only analyze the policies and select the changes we want to make, but we need to build in a robust change management process that will examine and flag all affected records within our system. Then we can methodically go about changing processes around real-time data.
We still can’t just go willy-nilly and fly with the winds of regulatory change. We have to watch ourselves, which is where monitoring and reporting tools come in. Like any compliance management process, we need to ensure that we are tracking the changes and ensuring that they are having the intended results we desire, because if they aren’t, then we need to look again – changes are fickle like that. Having a monitoring and reporting process on the backend of your change management process acts as a double-check on whether you’ve implemented a positive change.
So, real-time is making its way into every facet of our lives. It’s only logical that what we use in our personal digital world would become a tool in our work digital world. Social Media provides us with rapid-fire data into changes in our social circles. Much like this, the concept of regulatory feeds infusing our compliance management process with changes to requirements is the next wave of real-time compliance management.