Compliance management is central to Safety / Environmental Management Systems but keeping up with requirements can be overwhelming. This presentation will teach you the essential components of an effective compliance management program and provide tips and best practices to get your program on the road to success.
2. JOHN EASTON – WHO AM I?
• CRSP, MHSc, Occupational &
Environmental Health
• Over 15 years’ experience in health
and safety
• Led the development & implementation of an
ISO-based health and safety system at Toyota
Included comprehensive risk assessment program
• Director of Product Management for Medgate
Collaborate with SME colleagues & customers to
align safety software with best practices
6. COMPLIANCE MANAGEMENT
Requirement of management systems to track
and maintain extensive libraries of ‘legal and
other requirements’ and permits, and prove
compliance to those requirements.
7. OHSAS 18001 DESCRIPTION
“The organization shall establish and maintain
a procedure for identifying and accessing the
legal and other OH&S requirements that are
applicable to it. The organization shall keep
this information up-to-date. It shall
communicate relevant information on legal
and other requirements to its employees and
other relevant interested parties.”
12. Do you meet the basic
requirements of a
compliance
management system?
Don’t stop
there!
13. COMPLIANCE MANAGEMENT
Remember:
The ultimate goal of the management
system is to improve the health, safety,
and/or environmental performance of
the organization. It’s not just about
ticking boxes!
15. TYPICAL COMPLIANCE MANAGEMENT
WORKFLOW
Identify
Extract & organize
legislative clauses /
requirements, build library
Monitor / Report
Assess
Identify requirements not
being met & evaluate
consequential risk to org.
Review workplace,
assess compliance to
legal req’s/permits
Plan / Mitigate
Create plan to complete
requirements & correct
non-conformances. Close
out items in the plan
16. TOP 5 COMPLIANCE ISSUES
1. Inventory
2. Actions & MOC
3. Nonconformances
• Keeping requirements inventory up-to-date
• Maintaining record history of changes made
• Recording actions associated with each req’mt
• Ensuring management of change as req’s change
• Tracking findings & corrective actions for
addressing non-conformances
4. Measuring
• Tracking & monitoring compliance management
program performance visually & effectively
5. Integration
• Integrating compliance management into other
components of your safety program
18. PROBLEM SCENARIO 1:
Requirement data gathered in a binder & put on a
shelf: often forgotten & not actively incorporated
into the safety program
19. PROBLEM SCENARIO 2:
Track & maintain
legal & other
requirements
spreadsheets
Education &
Training
Desktop
database 2
Audit &
Inspection
Programs
Risk Assessment /
JHA
Desktop
database 1
Paper
records
Corrective Action
Tracking
Simple software
system
Incident
Management
Paper /
spreadsheets
Disparate data systems (each element managed in a silo):
• Compromises data integrity
• Maximum effort to input, maintain & extract data
• Systems don’t talk to one another, data is unrelated
20. PROBLEM SCENARIO 2:
Track & maintain
legal & other
requirements
spreadsheets
Education &
Training
Desktop
database 2
Audit &
Inspection
Programs
Paper
records
Corrective Action
Tracking
Simple software
system
Risk Assessment /
JHA
Desktop
database 1
Incident
Management
Paper /
spreadsheets
Manual work, compiling data from
disparate systems (takes hours, days)
Data accuracy and
report quality may be
questionable
21. Compliance Management should be a dynamic
and integral element of your safety program!
Think of it as the
common thread
connecting the
elements of your
SMS
22. SOLUTION: INTEGRATED SYSTEMS WITH
COMPLIANCE AT THE CENTER
Risk Assessment /
JHA
Track integrated approach to compliance
The&&maintain
Audit & Inspection
legal other
Programs
requirements
management is synergistic with the ultimate
Compliance
goal of the SMS: improving performance to
Management
promote a healthier, safer workforce
Incident
Education & Training
Management
Corrective Action
Tracking
23. ACHIEVING INTEGRATION
• Paper may slow you down
• Relational databases (ie: an integrated
software solution) are most useful
24. EXAMPLE OF INTEGRATED WORKFLOW
Inspection linked to a compliance requirement > inspection performed, finding noted ->
recording the finding automatically kicks off the
appropriate corrective action process, which can
be monitored to completion
25. BENEFITS OF INTEGRATION
Standardize
Processes
Ensures requirements are adhered to at every point
and that workflows supporting legal and other
requirements are integrated
Share Data
Streamlines data entry and ensures that records are
complete and accurate (useful for compliance
audits)
Connect
Requirements to
safety program
Automatically populates essential requirement
details such as due dates and completion statuses
for compliance actions.
Automate
Communications
Email notifications, reminders, and business rules
across the chain of command ensure compliance
actions are reviewed / completed
27. INTEGRATING RISK & COMPLIANCE
• Example of how to link Risk Management to
Compliance requirements via job inventory
28. INTEGRATING RISK & COMPLIANCE
• Example of risk assessment:
Observe, classify, monitor
Use the same principles for compliance
29. TAKE HOME MESSAGE
• Don’t simply implement & use your
compliance management system to check off
a box on your SMS to-do list
• Use compliance management to tie together
your safety program elements and improve
performance - thereby creating a safer,
healthier, more productive work environment
30. CHOOSING A SYSTEM
• There are many safety program data
management solutions – do your research
• In my whitepaper of the same name:
Feature checklist of what to look for in an
integrated compliance management solution
• Additional Medgate resources
Compliance Management product detail
Safety demo video (on compliance)
Other whitepapers
31. MEDGATE’S SAFETY SOFTWARE
• Learn more about Medgate’s compliance
management software, part of our Safety Suite
Welcome to the Medgate safety series webinar “Keeping Pace with Compliance Management in the SMS Approach” Today we’re going to talk about how to tackle this often daunting component of the management system. It can be done.[Image found at http://i.istockimg.com/static/images/zoom/magnifying-glass.png]
I’m John Easton (ad-lib)
More and more organizations are taking the management systems approach. Here are a few that relate specifically to EHS – as an aside, if your’e not aware, there is an ISO plan to transform the OHSAS 18001 standard into an ISO standard in the near future so that may be something to watch out for. Anyway, I’m going to start today by talking about compliance management programs in general – what exactly they are and why we need them. There are a lot of ideas out there about what compliance means, and I’m here to bring hopefully some insight to help clarify the subject.
Two most important components of SMS are risk management part and compliance management. Why – compliance is protecting your company, your company’s image, the officers of your company (stakeholders). Irrespective of management systems, here is the way you need to think about compliance management.One protects your employees, the other protects your company
In the management systems approach, compliance management by definition is the requirement to track and maintain extensive libraries of ‘legal and other requirements’ and permits, and prove compliance to those requirements. That’s a basic outline of what I mean when I talk about compliance management.
Here is what OHSAS 18001 states about tracking requirements. I’m not going to read it, but the general understanding is that tracking all of your legal and other requirements is required by the management system, and that this information must be kept up-to-date and communicated to employees and other relevant parties.But, how do most EHS professionals see compliance? I would offer that most of you have had a few headaches when thinking about the subject…
Compliance management isn’t always easy… as you can see, there have to be safeguards up to help protect individuals but the lines can be murky
This may be a figurative or even literal representation of how you see compliance. Piles of paperwork that never seem to get smallerhttp://i.istockimg.com/file_thumbview_approve/3273921/2/stock-photo-3273921-huge-pile-of-paperwork.jpg
But I think that compliance management can be an invaluable component of your safety system, and can even drive your safety system, if the right approach is taken.
Let’s come back and ask again what compliance management is. Going beyond the textbook definitions and headaches it poses, consider this
By basic requirements, I mean, are you filing your reports, crossing your t’s and dotting your I’s. I would expect that most of you are. But what I am proposing is that you take it several steps further. Why? [next slide]
Now that you are starting to understand the direction at which I’m approaching compliance, let’s talk in more detail about tacking the beast that is compliance management.
We’ll start off by looking at a typical workflow (ad lib through the workflow). All of these components work together to drive the compliance process and ensure that you’re doing things effectively. This type of workflow is really what you want to see when you’re going beyond just the ticking boxes. But, how can this workflow be effectively managed and implemented?
Here are the common categories of issues that arise when going through the compliance management workflow and when attempting to create an effective compliance management system in general. I would say that some of these are definitely roadblocks on the path to effective compliance for many EHS departments
It starts and ends with data management. Compliance is all about data, from the library of requirements you build, to the assessment data you complete as part of your action plan. So the discussion couldn’t continue without addressing data management situations. With that in mind, consider how you are tracking that data. I’m going to look at a couple of common scenarios and explain the challenges each scenario presents.http://www.istockphoto.com/stock-photo-3812943-file-folders.php?st=afdb9f5
Problem scenario 2 is really what I want to focus on, because, from my experience, this is a very common scenario yet unfortunately it’s also an effective one when your ultimate goal is consistently improving performance
As you can see, in this scenario, you are pulling data from a bunch of different systems and likely the data is not even in the same format, let alone easy to compile and get aggregate information.
There are many solutions available to help organizations manage compliance. As you’ve probably guessed, I am not a proponent of the paper system. It just can’t be robust enough to allow you to be proactive and efficient. When we talk about integration, we talk about being able to connect and standardize data from each component of your EHS program. This is best achieved through relational databases. They must talk to one another, whatever your preferred solution is. Make sure there are automated processes. Make sure data from one area is feeding to another, that communications are built into the system. Let’s talk more about what this would look like
[John to expand upon this]
Mention that you don’t have time to dive into a more in-depth example today but if anyone is interested in seeing how this functionality works in Medgate, they can contact you.
Remember how we talked about how risk and compliance are the two key elements of the management system and how these two should be interconnected? Well, by taking the integrated systems approach, you can ensure that risk is aligned with your compliance requirements through automation. I’ll show you an example of what that looks like:
Talk about integrating compliance and risk programs… [John to elaborate on this example]
[John to talk about how to align risk and compliance processes, in relation to the example given in the previous slide]
If you take these steps to manage your SMS compliance requirements, then you should be able to focus on the reason why you are implementing the SMS in the first place – improving performance and making your workplace a safer, healthier environment. Don’t shy away from effective compliance management because it seems daunting. It will take a lot of work and planning, but setting up the right system will pay dividends for the future.
There are many options available to manage your safety system. Of course, I work for Medgate and I know that our program can support the integrated approach (after all, my team built it!) but please do your research and don’t hesitate to contact me if you’d like more information.I’ve given you a checklist in my whitepaper that will help you seek a solution – or evaluate your current one. That’s important too… if your current system is somewhat integrated but can’t handle all of what we talked about today, don’t get complacent. Always be aware of your options.There are also some additional Medgate resources that we’ll shoot out to you in a follow-up email so hopefully you’ll find those helpful.