Our PROMISE: Our ads will never cover up content.
Our children thank you.
Sal Lucido
Published: Tuesday, June 8, 2010 - 06:00
The compliance department’s primary function is to ensure that the company complies with all applicable regulations, rules, and laws. Regardless of the industry—life science, energy and utilities, or financial services—this is a universal mandate.
As someone who serves customers across many heavily regulated industries, I think I’ve got a unique perspective, and I’d like to share some of what I’ve learned in the hopes that it will help others in some small way.
One particularly useful tool I see used across all industries is what I call the “Circle of Compliance.” Before I explain this concept, let’s take a deeper look at the job of the compliance department.
The compliance department is put in charge of ensuring that all applicable compliance requirements are met. For example, U.S. medical device companies must comply with the Food and Drug Administration’s (FDA) current good manufacturing practices (CGMP) such as the requirements set forth in the quality system regulation regarding the manufacturing of medical devices intended for human use. The FDA’s Code of Federal Regulations, Title 21 Part 820 (21 CFR Part 820), states in Section 820.9—Nonconforming Product that each manufacturer shall establish and maintain procedures to control products that don't conform to specified requirements. The compliance department must determine if the company follows this process.
This is not so different from a U.S. power company that owns transmission lines. It must comply with the North American Electric Reliability Council’s (NERC) Standard FAC-003-1—Transmission Vegetation Management Program that mandates a clearance be maintained between transmission lines and vegetation. It also requires the company to report any vegetation-related outages. These are different industries and different regulators (FDA vs. NERC), but each has the same fundamental task.
So how does the compliance department go about ensuring these regulations are met? Typically it audits the company for compliance. If there is a gap between the requirement and current practice, the department works with the appropriate departments to close the gap. Take a look at the illustration in figure 1 for a visual representation of this “push” exercise.
You can see from the illustration that this is a manual task. As soon as the compliance department shifts its attention to another area of the company, compliance gaps can (and usually do) reappear. This is then addressed with “periodic” audits. Most companies end up with an endless and expensive merry-go-round of audits and fixes.
The solution? Set up a process that continuously “pulls” the operations toward the regulations. I’ve illustrated this type of system in figure 2.
You can see the advantage of this system from the illustration. It doesn't require the constant and repeated attention of the compliance department.
This is the Circle of Compliance, as illustrated in figure 3 below.
Figure 3: The Circle of Compliance
In a nutshell, this is a closed-loop corrective/preventive action process. While you might recognize the process as it relates to quality systems, you may not have considered its application to the job of regulatory compliance.
This is how the process works. Let’s look at the U.S. power company that must ensure that trees are kept away from transmission lines. Of course the compliance group would first check to make sure the vegetation inspection and removal procedure is documented adequately.
Next, the compliance group would see if there is a “system” in place for monitoring that the process remains effective. This is the “check” part of the process. Also, the group would ensure that a process is in place for documenting problems such as vegetation-related outages. Most compliance departments do a good job of auditing these two steps, but it's crucial that the next two steps are also completed.
Any and all problems with the vegetation monitoring system must be “tracked.” This means they must be documented in a system that links directly to the next step, “improve.” All problems must be looked at to determine how the problem occurred and how the system can be improved to prevent recurrence. This improvement must then result in a change to the documented process, followed by retraining of the work force to follow the new process.
If implemented properly the closed-loop Circle of Compliance will save the company time and money while improving its ability to comply with industry regulations.
In my next article, I’ll explore each of these steps (document, check, track, and improve) in more detail.
Quality Digest does not charge readers for its content. We believe that industry news is important for you to do your job, and Quality Digest supports businesses of all types. However, someone has to pay for this content. And that’s where advertising comes in. Most people consider ads a nuisance, but they do serve a useful function besides allowing media companies to stay afloat. They keep you aware of new products and services relevant to your industry. All ads in Quality Digest apply directly to products and services that most of our readers need. You won’t see automobile or health supplement ads. So please consider turning off your ad blocker for our site. Thanks,
Sal Lucido is vice president of enterprise solutions at AssurX Inc. headquartered in Morgan Hill, California. Twitter him at http://twitter.com/ComplianceTips
Savvy Compliance Strategy Can Improve GMP
The Circle of Compliance prevents the merry-go-round of audits and fixes.
Figure 1: Compliance department's responsibility to close compliance gaps is a time-consuming, never-ending job.
Figure 2: It is better to implement processes that automatically and continuously close compliance gaps.
Our PROMISE: Quality Digest only displays static ads that never overlay or cover up content. They never get in your way. They are there for you to read, or not.
Quality Digest Discuss
About The Author
Sal Lucido
© 2023 Quality Digest. Copyright on content held by Quality Digest or by individual authors. Contact Quality Digest for reprint information.
“Quality Digest" is a trademark owned by Quality Circle Institute, Inc.
Comments
Good article indeed!
You have enlighten the importance of using PDCA approach for compliance in a unique and simple way.
Looking forward for your next article.
Regards:
M.Zeeshan Zaki
Part II is now available
If you want to read Part II of this series, you can view it here:
"Savvy Compliance Strategy Part II – Checking Compliance"
http://bit.ly/cgxG5U