This presentation looks at how learning technologies and processes from highly regulated industries are filtering down to non compliance orientated businesses. We will focus on examples from Aviation and Life Sciences industries and how these can benefit the broader community.

1. The Trickle Down Effect of
Compliance
January 29th, 2014
Liam Butler, General Manager EMEA

2. What we will discuss
 The importance of compliance
 Compliance and risk management requirements for L&D
 LMS compliance and quality management features
 Case studies – validating an LMS in the aviation, pharma &
medical devices industries
 How about non-compliance-oriented businesses?

3. Compliance-oriented industries

4. Compliance in highly-regulated industries
1. Authenticity - validated identity authentication (e.g. esignatures or physical identification)
2. Integrity - secure infrastructure (e.g. ISO 27001)
3. Confidentiality - data privacy & control (e.g. Secure SaaS)
4. Availability - system architecture (e.g. intrusion/DOS detection
& prevention)
5. Auditability - tracking & reporting
6. Regulations (e.g. 21 CFR Part 11, EU GMP equivalent)

5. SHOW OF HANDS
How important is compliance training to your organisation?
 Not at all
 Slightly
 Moderately
 Very
 Critically

6. How important is your organisation’s need to demonstrate
learning compliance to some external regulatory agency?
Overall
EMEA
Not at all
10.2%
Somewhat
11.6%
Very
Critical
40.4%
34.8%
23.5%
27.9%
25.9%
Source: Brandon Hall Group: BHG, Compliance, 2012 N=399
25.6%

7. Preparedness is key
How prepared would you consider your organisation to be right now for a
compliance audit?
50%
45%
High Performers
40%
Low Performers
35%
30%
25%
20%
15%
10%
5%
0%
Highly Prepared
Source: Brandon Hall Group: BHG, Compliance, 2012 N=399
Very highly prepared

8. SHOW OF HANDS
How is most of your organisation’s compliance training
delivered?
 Custom e-learning
 Classroom instruction
 Online simulations
 Virtual classrooms

9. How is compliance training
delivered?
Overall
4.1%
Learning Management System
8.8%
In-house developed system
6.4%
7.5%
50.8%
Paper-based system
Content Management System
13.3%
HR information system
Incident tracking system
30.8%
Source: Brandon Hall Group: BHG, Compliance, 2012 N=399
Other

10. Compliance
 Compliance is the #1 driver within highly-regulated industries
 Comprehensive LMS functionality required:
 Access control and
e-signatures
 Tracking & auditing
 Compliance reporting

11. Key regulations
 Aviation – EASA, CAA, TRTO, etc.
 Finance – FCA, RDR, CII, SOX, etc.
 Pharma – The GXPs (GLP, GMP, GCP)
 US FDA, e.g. 21 CFR Part 58, 210, 211, 820
 EU GMP – 9 chapters & 20 annexes
 UK Medicines & Healthcare Products Regulatory Agency (MHRA)
 Data protection & local labour law

12. What is compliance training?
Is it quality management?
 Compliance training is mandated training
 Often multiple sources for mandatory training
 Internally mandated policy
 Legislation
 Mandated training has several actions
 Courses, visual observations
 Tests and exams
 Documents that must be read and formally acknowledged in the case of
Standard Operating Procedures (SOPs)
 Compliance training must be documented
 The completion of the training must be tracked and reported
 The completion may be measured by attendance, progress through a
course, test results, or a learner or supervisor’s signature (e-signature).

13. Key principles of compliance
Compliance Training is part of a systematic approach for an organisation to prove
it is controlling and recording a documented process in line with the regulations.
1. Say what you do
 Have a written procedure that states what you do
2. Do what you say
 Follow the procedure
 If there is a deviation – write what was done
 Do you need to revise the procedure?
3. Document it
 Written or electronic evidence is needed to demonstrate
that the procedure was followed

14. LMS compliance and quality
management features
 Security
 Hosting – infrastructure (the role of SaaS)
 User verification – tokens, IP address, etc.
 Application security – vendor audit
 Audit Trail
 Evidence of behavior
 E-Signatures
 Certifications – exams, training & SOPs
 Reporting & Analytics

15. Modern trends in real-world
management of compliance
 Preparation: Plan for regulation specific requirements (such
as 21 CFR 21 Part 11)
 Common management processes:




Step 1: Communicating Requirements to Users
Step 2: Pushing Out Compliance Training
Step 3: Monitoring Compliance and Follow-up
Step 4: Optional validation and auditing

16. Pushing out compliance training
 Not common: Self enrollment
 Manager-based assignment
 Common: Administrator identification and bulk/batch
assignment.
 Not Common: External Batch Assignment (perhaps file from
external system)
 Very Common: Rules-based Assignment (e.g. new employees
with job title “Branch Manager”)
 Very Common: Automated. For example, expiration of a
certificate results in automatic new enrollment .

17. Communicating requirements
to users
 Most Common Technique: Push out requirements to users
versus self enrollment (next slide)
 Email Notifications (bulk direct, automated, rules based)
 Graphical Learning Path
 Multiple Implementation Strategies
 Assign Individual Modules/Exams
 Define Complex Programs (mandatory and optional blended
learning)
 Certifications for ease of tracking status and renewals, grace
periods, etc.
 Talent (Job Profiles/Competencies)

18. Monitoring compliance and
follow-up
 Common: Set deadlines/expiration: automatic email
notifications alert managers and administrators
 Most admins: Drill-down Analytics
 Common: Ad-hoc and Regularly Scheduled (often weekly)
reports distributed to managers
 Common: Re-enroll automated handling versus email
notification handling

19. SHOW OF HANDS
Does your organisation conduct training gap analysis/risk
assessment for compliance?
 Yes
 No
 I don’t know

20. Compliance – the
impact of analytics
 CLIENT



Nuffield Health is the UK’s largest not for profit healthcare organisation
31 private hospitals, as well as a chain of fitness and well-being gyms in 200 locations in the
UK
Over 10,000 employees
 CHALLENGE


Enterprise-wide risk management (“Automatic Compliance Engine”)
Actionable compliance analytics based on individual employee risk profile
 Automatically generated training plan custom to each employee
 Notification alerts to employee & business line manager
 Ongoing risk reporting to governance subcommittees and board stakeholders
 RESULTS




Solution: NetDimensions Learning & NetDimensions Performance (SaaS)
Differentiators: Configurability, continuous innovation, overall TCO
De-facto risk & compliance management platform
Four-fold increase in auto-enrolments in compliance training, cost savings of £465,000 yearly
(based on streamlining learning)

21. Why NetDimensions
Other Solutions
NetDimensions Talent Suite
Piecemeal collection of products
Organically developed, fully integrated suite
One-size-fits-all
Fully configurable for a personalized user
experience in 34 languages
Monolithic, closed system
Open architecture with public APIs &
best-of-breed integrations
Inability to scale in complex environments
Ideal for highly regulated industries with
both on premise and secure SaaS options
Limited mobile capabilities
Comprehensive mobile offering
including on tablets & smartphones
Hidden ongoing costs =>
low customer satisfaction
“No client left behind” pledge

22. Our market focus

23. Our Market Focus – Compliance

24. Product portfolio – focused on compliance

25. How about non-compliance-oriented
businesses?
 Compliance covers a wide range of strategic and operational
needs in many types of businesses.
 Many of the techniques related to compliance also apply to
simple “business requirements” management in nonregulated industries.
 Automated management really does help in resource
constrained or widely dispersed organisations!

26. A few suggestions to make
compliance easier
1. Talk to your legal team and compliance officer to better
understand who is responsible and what.
2. Define clear requirements and objectives for the training and
LMS implementation.
3. Question your vendor and demand a software validation for
the LMS.
4. Make compliance an on-going part of your business via welldefined workflows

27. QUESTIONS?