The Driving Force Between Governance and Compliance
The content and process management demands that compliance and quality mandates place on organizations in regulated sectors are high. For example, there are more than 14,000 federal, state and industry laws, standards and regulations that dictate how long to keep paper and electronic records. (Source: Cadence Group, 2011)
Given the high priority that organizations must place on quality and compliance management and the amount of documentation they must produce to support and fulfill governance, risk management and compliance (GRC) initiatives, it is no longer practical to manage content separately. As a result, enterprise information management (EIM) must play a central integrated role in effective quality and compliance management.
EIM provides a centralized system and approach for organizing, classifying, editing and retrieving documents and information. Rather than merely serving as a well-organized, yet static, collection of documents and data, EIM provides options.
ENHANCING CORE GRC COMPONENTS WITH ENTERPRISE INFORMATION MANAGEMENT
Most highly-regulated organizations are very familiar with audits for assurance that vendors are producing products according to their specifications. There are also internal audits to ensure that organizations are actually following their own quality system policies.
EIM can help streamline audits with the ability to quickly and efficiently produce evidence to verify if the right people are doing the right things at the right time across an organization’s departments and functional groups. With an audit trail of all designated activities, EIM also provides a clear illustration to auditors of the quality and compliance related activity within an organization.
Furthermore, EIM provides a solution for reporting audit findings far beyond documenting them in a spreadsheet. The most advanced EIM systems can automatically establish relationships from audit findings to corrective actions and change requests.
Without a capable and easy-to-use content management system, it is difficult to achieve operational oversight to identify, assess, manage and reduce risks.
It’s not uncommon for companies to store millions of files in thousands of folders across many network drives, and it is difficult to remember file locations and naming conventions. When files are organized based on folders, mapped drives and manually naming conventions, it can be difficult to assemble and maintain the many documents required for risk assessments.
EIM helps organize and archive supporting documents across departments that provide the operational oversight needed to determine risk. It provides transparency across departments and reduces information silos. The most effective EIM systems manage content based on relationships, workflows, and version control rather than on file locations and ad hoc collaboration. The risk assessment process within the EIM system becomes the de facto administrator – managing status, approvals, next steps, version control, permissions and related content.
Compliance and Policy Management
With limited staff and resources available for compliance-related activities, organizations need to be as efficient and cost-effective as possible. One of the most direct and straightforward ways to keep these activities efficient and cost-effective is with an EIM solution.
An EIM system can dramatically simplify and improve the process of documenting the creation, maintenance and adherence to standard operating procedures (SOPs). Employees who are required to read SOPs and confirm they’ve understood the material can do so directly from the system, which then records the events, tests results and related digital signatures. When SOPs are modified, the system documents the collaboration and details of employee access to the modified SOPs for training purposes. If companies must demonstrate that their employees read SOPs at given intervals, the EIM system provides a quick and easy way for documenting and communicating it to auditors, as well as risk and compliance managers. In addition, SOPs themselves can be integrated into workflows.
Change is the only constant, and an organization can succeed in effectively managing change with efficient, transparent and auditable processes. When an incident or deviation occurs, many organizations have SOPs in place to determine and contain the root cause, manage the corrective and preventive actions (CAPAs), issue change requests (CRs), modify SOPs, and re-train staff as needed. EIM solutions can administer these change-management processes and related content creation, modification, approval and distribution by organizing the processes and all related content and collaborators around a commonly understood “business object,” such as a CAPA or a Change Request, rather than the necessary content and related information being scattered in various silos, such as email attachments, network drives, local hard drives, mobile devices and so on.
INTEGRATING EIM WITH SYSTEMS THAT ADMINISTER QUALITY AND COMPLIANCE ACTIVITIES
Among the main obstacles that organizations face with respect to quality and compliance management are the information silos that are all too common across disciplines, departments, systems and geographic locations. Various document versions are buried in multiple internal business systems, emails and other storage locations; documents are lost due to accidental deletions or misfiling; or a document or procedure may be still be “owned and managed” by an individual that has already left the company. Review processes may be difficult to track and follow, file naming conventions and storage locations may vary or be ignored, and related documents may be difficult to locate, retrieve and assemble.
When it’s time for an audit, or an event occurs that requires corrective action or an investigation, a fire drill of document retrieval and compilation ensues. At that time, it may be possible to prove that you have the required documents, but difficult to prove who read, approved, updated and signed off on them.
Customer information from a CRM system can be integrated with any quality and compliance documents relating to the customer to ensure a complete view of interactions with that customer. Integration can also be bidirectional, such that a change to a customer address in a document updates the address in all other documents and in the CRM system itself. Integration ensures that a single record – such as a customer, part, or vendor from a single source – populates related quality and compliance content, which avoids reentering information with the potential to introduce inaccuracies.
To ensure adoption of EIM and the benefits it provides to quality and compliance management, EIM must also integrate with Microsoft Office and SharePoint for content creation, collaboration, editing and storage. This integration must be as seamless as possible, with the objective that it does not change the way users normally access and edit content. Such integration enables the operational oversight required and the efficiency needed to effectively manage quality and compliance.
COMPLIANCE, CONTENT AND THE CLOUD
The advantages of cloud computing are clear:
- On-demand self-service provides immediate access to applications and information.
- Ubiquitous network access provides always-on availability to qualified devices anywhere with an Internet connection.
- Location-independent resource pooling distributes processing and storage demands across available infrastructure for efficiency.
- Scalability accommodates high and low demand volumes.
- Pay-per-use ensures that subscribers pay only for the services that they need.
Beyond the flexibility that it provides, cloud computing can aid in quality and compliance management as well. If a cloud vendor proves that it meets quality and compliance standards for its infrastructure, platform and/or application, then its customers can leverage that proof in their quality and compliance management and reporting initiatives. Cloud services often meet quality, compliance, and security standards better than on-premises solutions because the cloud service provider solely focuses on maintaining its infrastructure, platform and/or application and delivers a uniform service to all subscribers. The costs of hardware, maintenance and security are spread across a pool of subscribers, which helps support the infrastructure required to maintain high quality and compliance standards. Cloud computing also enables customers to allocate more resources toward their core competency and fewer toward IT infrastructure, maintenance, and quality and compliance management.
Each organization must evaluate its quality objectives and regulatory requirements in determining whether or not to manage quality and compliance content in the cloud, on premises or via a hybrid cloud model. In addition to quality and compliance requirements, organizations must evaluate investments in existing infrastructure, ability to integrate applications, and the steps, costs, and risks involved in migrating on-premises quality and compliance content to the cloud.
Many organizations choose to manage quality and compliance content in a hybrid environment employing both on-premises and cloud deployments, keeping confidential and regulated information on premises behind the firewall, while publishing other information on a public or private cloud.
The benefits of a hybrid cloud approach include:
- The ability to cost-effectively augment existing IT resources to accommodate new or temporary projects or peaks in demand
- Shift spending away from on-premises system maintenance and toward innovation
- To gradually migrate to the cloud while preserving current investments in on-premises systems
Some EIM solutions today can be deployed on premises, in the cloud, or in a hybrid environment. The most important consideration outside of security, quality and compliance mandates is selecting the EIM deployment model that best supports the organization’s ability to efficiently and effectively manage quality and compliance content based on its size, user profiles, and geographic distribution.
Implement an EIM System Today To stay compliant with federal, state and industry records management laws and standards, incorporate an EIM system to support document storage and organization, file security, version control and more.