This presentation looks at how learning technologies and processes from highly regulated industries are filtering down to non compliance orientated businesses. We will focus on examples from Aviation and Life Sciences industries and how these can benefit the broader community.
Japan IT Week 2024 Brochure by 47Billion (English)
Learning technologies 2014: The Trickle Down Effect of Compliance
1. The Trickle Down Effect of
Compliance
January 29th, 2014
Liam Butler, General Manager EMEA
2. What we will discuss
The importance of compliance
Compliance and risk management requirements for L&D
LMS compliance and quality management features
Case studies – validating an LMS in the aviation, pharma &
medical devices industries
How about non-compliance-oriented businesses?
4. Compliance in highly-regulated industries
1. Authenticity - validated identity authentication (e.g. esignatures or physical identification)
2. Integrity - secure infrastructure (e.g. ISO 27001)
3. Confidentiality - data privacy & control (e.g. Secure SaaS)
4. Availability - system architecture (e.g. intrusion/DOS detection
& prevention)
5. Auditability - tracking & reporting
6. Regulations (e.g. 21 CFR Part 11, EU GMP equivalent)
5. SHOW OF HANDS
How important is compliance training to your organisation?
Not at all
Slightly
Moderately
Very
Critically
6. How important is your organisation’s need to demonstrate
learning compliance to some external regulatory agency?
Overall
EMEA
Not at all
10.2%
Somewhat
11.6%
Very
Critical
40.4%
34.8%
23.5%
27.9%
25.9%
Source: Brandon Hall Group: BHG, Compliance, 2012 N=399
25.6%
7. Preparedness is key
How prepared would you consider your organisation to be right now for a
compliance audit?
50%
45%
High Performers
40%
Low Performers
35%
30%
25%
20%
15%
10%
5%
0%
Highly Prepared
Source: Brandon Hall Group: BHG, Compliance, 2012 N=399
Very highly prepared
8. SHOW OF HANDS
How is most of your organisation’s compliance training
delivered?
Custom e-learning
Classroom instruction
Online simulations
Virtual classrooms
9. How is compliance training
delivered?
Overall
4.1%
Learning Management System
8.8%
In-house developed system
6.4%
7.5%
50.8%
Paper-based system
Content Management System
13.3%
HR information system
Incident tracking system
30.8%
Source: Brandon Hall Group: BHG, Compliance, 2012 N=399
Other
10. Compliance
Compliance is the #1 driver within highly-regulated industries
Comprehensive LMS functionality required:
Access control and
e-signatures
Tracking & auditing
Compliance reporting
11. Key regulations
Aviation – EASA, CAA, TRTO, etc.
Finance – FCA, RDR, CII, SOX, etc.
Pharma – The GXPs (GLP, GMP, GCP)
US FDA, e.g. 21 CFR Part 58, 210, 211, 820
EU GMP – 9 chapters & 20 annexes
UK Medicines & Healthcare Products Regulatory Agency (MHRA)
Data protection & local labour law
12. What is compliance training?
Is it quality management?
Compliance training is mandated training
Often multiple sources for mandatory training
Internally mandated policy
Legislation
Mandated training has several actions
Courses, visual observations
Tests and exams
Documents that must be read and formally acknowledged in the case of
Standard Operating Procedures (SOPs)
Compliance training must be documented
The completion of the training must be tracked and reported
The completion may be measured by attendance, progress through a
course, test results, or a learner or supervisor’s signature (e-signature).
13. Key principles of compliance
Compliance Training is part of a systematic approach for an organisation to prove
it is controlling and recording a documented process in line with the regulations.
1. Say what you do
Have a written procedure that states what you do
2. Do what you say
Follow the procedure
If there is a deviation – write what was done
Do you need to revise the procedure?
3. Document it
Written or electronic evidence is needed to demonstrate
that the procedure was followed
14. LMS compliance and quality
management features
Security
Hosting – infrastructure (the role of SaaS)
User verification – tokens, IP address, etc.
Application security – vendor audit
Audit Trail
Evidence of behavior
E-Signatures
Certifications – exams, training & SOPs
Reporting & Analytics
15. Modern trends in real-world
management of compliance
Preparation: Plan for regulation specific requirements (such
as 21 CFR 21 Part 11)
Common management processes:
Step 1: Communicating Requirements to Users
Step 2: Pushing Out Compliance Training
Step 3: Monitoring Compliance and Follow-up
Step 4: Optional validation and auditing
16. Pushing out compliance training
Not common: Self enrollment
Manager-based assignment
Common: Administrator identification and bulk/batch
assignment.
Not Common: External Batch Assignment (perhaps file from
external system)
Very Common: Rules-based Assignment (e.g. new employees
with job title “Branch Manager”)
Very Common: Automated. For example, expiration of a
certificate results in automatic new enrollment .
17. Communicating requirements
to users
Most Common Technique: Push out requirements to users
versus self enrollment (next slide)
Email Notifications (bulk direct, automated, rules based)
Graphical Learning Path
Multiple Implementation Strategies
Assign Individual Modules/Exams
Define Complex Programs (mandatory and optional blended
learning)
Certifications for ease of tracking status and renewals, grace
periods, etc.
Talent (Job Profiles/Competencies)
18. Monitoring compliance and
follow-up
Common: Set deadlines/expiration: automatic email
notifications alert managers and administrators
Most admins: Drill-down Analytics
Common: Ad-hoc and Regularly Scheduled (often weekly)
reports distributed to managers
Common: Re-enroll automated handling versus email
notification handling
19. SHOW OF HANDS
Does your organisation conduct training gap analysis/risk
assessment for compliance?
Yes
No
I don’t know
20. Compliance – the
impact of analytics
CLIENT
Nuffield Health is the UK’s largest not for profit healthcare organisation
31 private hospitals, as well as a chain of fitness and well-being gyms in 200 locations in the
UK
Over 10,000 employees
CHALLENGE
Enterprise-wide risk management (“Automatic Compliance Engine”)
Actionable compliance analytics based on individual employee risk profile
Automatically generated training plan custom to each employee
Notification alerts to employee & business line manager
Ongoing risk reporting to governance subcommittees and board stakeholders
RESULTS
Solution: NetDimensions Learning & NetDimensions Performance (SaaS)
Differentiators: Configurability, continuous innovation, overall TCO
De-facto risk & compliance management platform
Four-fold increase in auto-enrolments in compliance training, cost savings of £465,000 yearly
(based on streamlining learning)
21. Why NetDimensions
Other Solutions
NetDimensions Talent Suite
Piecemeal collection of products
Organically developed, fully integrated suite
One-size-fits-all
Fully configurable for a personalized user
experience in 34 languages
Monolithic, closed system
Open architecture with public APIs &
best-of-breed integrations
Inability to scale in complex environments
Ideal for highly regulated industries with
both on premise and secure SaaS options
Limited mobile capabilities
Comprehensive mobile offering
including on tablets & smartphones
Hidden ongoing costs =>
low customer satisfaction
“No client left behind” pledge
25. How about non-compliance-oriented
businesses?
Compliance covers a wide range of strategic and operational
needs in many types of businesses.
Many of the techniques related to compliance also apply to
simple “business requirements” management in nonregulated industries.
Automated management really does help in resource
constrained or widely dispersed organisations!
26. A few suggestions to make
compliance easier
1. Talk to your legal team and compliance officer to better
understand who is responsible and what.
2. Define clear requirements and objectives for the training and
LMS implementation.
3. Question your vendor and demand a software validation for
the LMS.
4. Make compliance an on-going part of your business via welldefined workflows
Legislation,such as EU Data Protection or German Labour Law. The requirement may be a law or regulation enforced by a government agency such EASA, FDA, FSA etc. Test and exams, such as Recurrent Training in aviation, which imposes High Stakes Examinations.