Today, we sit down with KTL’s own SharePoint Specialist, Jaime Stout, to pick her brain on all things related to developing a compliance Information Management System (IMS), particularly as it relates to using Office 365 and SharePoint. Jaime has over 20 years of experience analyzing and streamlining business processes, from operational needs to workflow and application needs, to develop IT solutions. She has a wealth of experience and knowledge to share on how to create a successful and valuable compliance IMS.
Q: How do you start a project?
As I have worked with different clients over the years, I
always start with asking what their “pie in the sky” wishes are. If you know
where you want to end in an ideal world, it becomes a lot easier to find the
starting point. It also makes creating a scalable system much more likely,
because you are designing the system with the end in mind.
In reality, that means considering the immediate issue within the context of the overall business need, and then formulating platforms/systems, as required, into an aligned system. This requires truly understanding the daily routine of the individuals using the system and looking at the bigger picture of where you want to go, not just where you are right now. It’s a forward-thinking perspective, where we look beyond the singular project need to the big picture and then design backward. This requires a shift in mindset from “How can I use technology to make this efficient?” to one that asks, “Ultimately, what does the big-picture, desired state look like…and how can technology get us there?”
As one example, we worked with a chemical distributor who wanted to pull data from facility reports for 150+ locations into one database—that was the “simple” problem. Understanding that the facility data is intertwined with many aspects of the business, KTL looked beyond this singular issue at the bigger picture. The forward-thinking solution would be to create a technology platform that would solve this facility data problem and could easily be expanded to other business needs. We built the facility form into SharePoint as the base application for the company’s overall system. The SharePoint system is continuing to be expanded to integrate other systems into a single source that will create significant business efficiencies.
Q: I understand the approach, but what does that process look like for my company?
The process will vary a bit depending on your company’s
current state in a variety of areas:
Current systems and tools in use
Status and functionality of existing processes
Data sources and ability to pull information
from various sources
Organizational complexity
Compliance status
Existing management systems
We recommend starting with something simple that is already working well—perhaps a paper checklist that can be turned into a mobile form. We can build an initial trial module with the end in mind. We help set priorities based on ease of implementation, compliance risk, business improvement, and value to your company. And then work at your pace and budget to build and integrate only the modules you need, one at a time or as a fully functional system. Our goal is to develop the system in a way that will work with your business.
Q: But why Office 365 and SharePoint? Aren’t there better systems out there?
It is not uncommon for people to cringe when you mention SharePoint due to negative past experiences! However, in the past 15 years that I have been working with Microsoft Office and SharePoint platforms, I have discovered that virtually everything can be done through SharePoint—if you are working with a developer who is willing to think outside the box.
The key to creating a positive experience is in how the system is built and, equally important, how it is rolled out. What makes SharePoint so great is that it is a dynamic solution tool that can be adapted and designed to capture data and provide consolidated reporting to all levels of management. One platform allows for multiple solutions that meet business and overall compliance needs. On top of that, most people have familiarity working with Microsoft Office products, so the learning curve isn’t too steep, allowing for easy adoption and buy-in from all users. Plus, there aren’t typically additional license fees, and that helps keep the budget in check.
Because of SharePoint’s flexibility, the possibilities of
what it can do are virtually endless:
Creates a single, familiar platform that simplifies access
Provides functionality for continual adaptation to meet future data management and reporting needs
Adapts to the needs of the business, rather than the business adapting to the capabilities of the program
Maximizes efficiency and connectivity between many field and corporate groups
Allows information to be shared and tracked in multiple ways
Allows users to easily create complex databases that are both manageable and flexible
Gives the ability to manage sites/facilities/plants/departments for compliance purposes
Simplifies the data entry process by providing user-friendly functionality
Consolidates reporting
Provides a dynamic solution – updates made to the tool are reflected immediately
Allows local users to control and build sites to their specifications
Allows all levels of users to work with it easily due to its intuitive nature
Q: What makes KTL different than other SharePoint and compliance IMS developers?
KTL is not a software company. Rather, we integrate and apply IT, along with compliance know-how. Our team is made up of EHS, quality, and food safety professionals with the technology expertise to design and build scalable systems that allow you to more efficiently and effectively manage compliance and business processes. Behind KTL’s systems, we have professionals with real-world industry experience, who understand your business and regulatory compliance obligations. This ensures that systems are built from the perspective of the people who will be using them—in the field, in the plant, in the office, in the board room—so they function the way you need them to.
Many companies look at software as a silver bullet—a fix for everything. But applying technology to operations isn’t about just finding and buying a software tool. It is about understanding the business need, adapting and integrating the appropriate tool into existing operations, and deploying it so it is effectively applied. That’s why we focus on taking a business approach versus an IT approach. That means we start with the end user and build around that. If the system doesn’t work for the end user, then it’s not going to be used, no matter how fancy or how many bells and whistles it has.
In short, we build scalable systems that allow you to more efficiently and effectively manage compliance and business processes and have over two decades of experience creating compliance and business solutions using tools (i.e., Office 365) already available to you.
Q: It doesn’t quite sound like I’m just buying software. What exactly am I buying?
Working with KTL, you’re getting EHS, quality, and food safety professionals who collaborate with you to design the right compliance IMS and efficiency tools for your organization. That includes the time it takes to develop, adapt, and populate your compliance IMS, including:
Understanding the bigger picture of where you want to go. The system is scalable and flexible, but upfront planning will enhance the outcome more efficiently.
Collecting and organizing the information in a way that reflects how you conduct business and that aligns with other systems/processes.
Offering guidance on best practice and what modules and level of customization will bring you the most value.
Providing as needed compliance support (e.g., review of existing forms and checklists, program improvement, development of training content, compliance audits, audit protocol).
Q: Changing an IMS is hard. How do you effectively manage the transition?
The good news is that change management and adoption of a system like this (i.e., Office 365, SharePoint) is far easier than working with proprietary software because it’s familiar technology. I can’t stress how big of a deal this is. Many people are so afraid of change that they will continue operating with inefficiencies and without getting the information they need (and often at a greater expense) rather than implementing a new IMS!
We build systems according to what your users are familiar with and then implement and roll out the technology in a way that encourages adoption—often one module at a time, starting with a familiar form or checklist.
For example, when possible, we take an existing format (e.g., an Excel file) and re-create it in the new system to look and act similarly to what employees are accustomed to. This helps users become comfortable using the new system much more quickly. Additional modules can be added with relative ease since employees are already comfortable with the new system.
Q: From a technical standpoint, what will my IT department want to know if we already use SharePoint – or if we don’t?
If you already use SharePoint, we can either build into your
existing system, or we can create a new instance of SharePoint. To do this, we leverage
your company’s Microsoft accounts to give you seamless access to the system we
help you build.
If you don’t have SharePoint, we create an environment for you and “hand it over” once we have piloted system development and users are comfortable with the applications.
All applications run on a Microsoft platform—there are no external or proprietary software requirements. The system and information are all yours. KTL does not charge subscription fees or house any data. Your company can make modifications or continue to retain KTL to update and adapt the system, as needed.
Be sure to check out the rest of our series on Technology-Enabled Business Solutions, compliance IMS, case studies, and efficiency tools.
Before food can be imported into the U.S., it is subject to FDA inspection. These inspections are intended to ensure food imports are safe, sanitary, and properly labeled. While important in maintaining food safety, this process can be long and onerous. The Voluntary Qualified Importer Program (VQIP) was created by FDA to expedite this process.
What Is VQIP?
In essence, VQIP acts as the “TSA line” for food into the
U.S. The voluntary program allows foreign suppliers to get expedited entry for
their food products into the U.S., provided importers meet all eligibility
criteria, including offering food from a facility certified under FDA’s
accredited third-party program (see below).
Why Is VQIP Important?
There are a number of reasons a U.S. importer might choose
to participate in VQIP, including the following:
Enables expedited entry into the U.S. for all
foods included in an approved application.
Limits examination and/or sampling to “for
cause” situations in which there is a potential threat to public health; any
sampling or examination is done at destination or another location chosen by
the importer and laboratory analysis of any samples is expedited.
Provides assurance that a foreign supplier
complies to FSMA rules, avoiding the need to further assess the supplier.
Incentivizes importers to adopt a robust system
of supply chain management.
Moves any perishable or short shelf-life product
through the border quickly.
For foreign suppliers, there are also several benefits:
Reduces the extra work of proving status as it
relates to compliance to FSMA rules.
Opens doors to new clients by making it easier
for a U.S. importer to choose certified products versus a non-certified
competitor.
Beyond that, VQIP further benefits public health by allowing
FDA to focus its resources on food entries that pose a higher risk to public
health.
What Are the Eligibility Requirements?
A company must be a food importer to participate in VQIP
(i.e., a person/entity that brings food or causes food to be brought from a
foreign country into the U.S.). In addition, the following criteria must be met
on the importer and the foreign supplier sides:
Have 3+ years history of importing food to the
U.S.
Have a Dun & Bradstreet Data Universal
Number System (DUNS) number (used as a unique identifier number)
Use paperless filers/brokers who have received
acceptable results during their last FDA Filer Evaluation
Do not have any food you import subject to
detention under an Import Alert or Class 1 recall
Do not have any ongoing FDA administrative or
judicial action, or other history of non-compliance with food safety
regulations by the importer, other entities in the supply chain, or food
Are in compliance with supplier verification and
other importer responsibilities under the applicable FSVP or HACCP (i.e.,
juice, seafood) regulations
Have not been the subject of any CBP penalties,
forfeitures, or sanctions related to the safety or security of any
FDA-regulated product imported or offered for import
Have current facility certification, including
farms, issued under FDA’s Accredited Third-Party Certification regulations for
each foreign supplier of food in VQIP (see below)
Develop and implement a Quality Assurance
Program (QAP) (see below)
What Is Foreign Supplier Facility Certification?
VQIP is regulated by the FSMA rule on Accredited Third-Party
Certification. This is a voluntary, fee-based program for the recognition of
third-party auditors to conduct food safety audits and issue certifications of
foreign sites and the foods they produce. An accredited third-party can perform
audits against the Food, Drug and Cosmetics (FD&C) Act and other FDA
applicable regulations, and issue a certificate attesting compliance.
Foreign suppliers must have a facility certification, which
would be issued following a regulatory audit conducted by an accredited
third-party certification body. This audit attests that the foreign supplier
complies with applicable food safety requirements of the FD&C Act and FDA
regulations. Note that certifications are
not required for Foreign Supplier Verification Program (FSVP) and Preventive
Controls rules.
What Is Included in the QAP?
According to the FDA, the VQIP QAP includes all the written
policies and procedures the facility will use to ensure adequate control over
the safety and security of foods being imported. The QAP should include the
following information:
Corporate quality policy statement relating to
food safety and security throughout the supply chain
Organizational structure, as well as functional
responsibilities for those implementing the VQIP QAP
Food safety policies and procedures to be
implemented to ensure food safety from source to entry into the U.S.
Food defense policies and procedures to ensure
compliance with FDA’s intentional adulteration regulation
Qualification requirements for employees
responsible for implementing the VQIP QAP (e.g., knowledge of regulations,
understanding of the QAP)
Procedures for implementing your VQIP QAP
Procedures for establishing and maintaining
records regarding the structure, processes, procedures and implementation of
the QAP
Definitions
References
How Do I Become Part of VQIP?
Importers must apply between January 1 and May 31 annually
to be considered for VQIP. The VQIP fiscal year/benefit period is between
October 1 and September 30, following application approval. Participants must
submit an application every year; however, you may use data from the previous
year’s application.
FDA will conduct a VQIP inspection to verify that you meet
all eligibility criteria and have fully implemented food safety and food safety
defense systems, as established in your QAP. FDA may also:
Conduct an FSVP inspection
Request a copy of food labels for those foods
included in the application
Ask you to submit supporting documentation
(e.g., hazard analysis, lab results, food labels)
Additional information on VQIP and the application process
can be found on the FDA
website.
This is the third in Kestrel’s series of articles about Technology-Enabled Business Solutions.
A decade ago, when “handheld computers” (i.e., smartphones)
first became popular, storing appointments and contact information on a
portable electronic device was the prime functionality of the smartphone. Convenient?
Yes. Robust? Not quite yet.
Mobile technology has clearly come a long way since then.
Your smartphone and other mobile devices/tablets are every bit as powerful as
any computer you have in the office—perhaps even more so when it comes to collecting
real-time data and creating operational efficiencies.
Forms, Checklists, and More
Think about this for a minute…how many forms and checklists
do you use in your operations? Maybe it is a daily forklift checklist,
near-miss form, behavioral-based safety observation, daily housekeeping
checklist, food safety sanitation inspection, hazardous waste inspection
checklist, near-miss form,
and so on.
What if—instead of taking a clipboard into the plant or
field—employees were able to simply pull out a phone, complete the checklist
online, and hit submit? What if they were able to do it from anywhere and
without any login information? What if management could access the data
immediately to run reports and get real-time analytics?
Case Study: There’s an App for That
That is precisely what a large chemical distribution company
needed. In the most basic terms, they asked Kestrel to create a mobile form for
forklift inspections that would provide:
Simple electronic access to the forms employees already
use daily
Ability for employees in the field to submit
data without logging into the system for ease of use
Data in CSV format that could be sent immediately
via email to management for review/analysis
Dashboard reporting to show a real-time view of
checklist status, outstanding issues, overdue items, and other metrics
By integrating various Office 365 technologies, Kestrel created an app using the company’s familiar forklift inspection form, which can be customized per location. The mobile version allows employees in the field to capture forklift inspection data electronically. The forms are accessible at multiple levels and can be assigned down to an individual location. Importantly, there is no need to log in to submit data, ensuring ease of access and use for all employees. Shortcuts to forms can also easily be added to mobile devices, computers, or other websites for ease of access.
As employees complete the checklists, data is collected and uploaded into the company’s Office 365 compliance information management system (IMS) in real-time. Not only does this eliminate the problems associated with manual data entry and manipulation, it provides real-time access to valuable data. Kestrel has created dashboards that house key metrics on inspections completed and issues identified that are updated immediately and automatically whenever a new checklist is completed. Beyond that, using the simple forklift checklist, we can now automatically create an entire series of events that had traditionally been done manually (e.g., maintenance requests, part orders, inspection requests).
Mobile Technology, Operational Efficiencies
For employees, mobile technology makes completing checklists of almost any type easier and faster in the field. For management, mobile technology takes things a step further by creating operational efficiencies:
Provides central management of inspection schedule, forms, and other requirements.
Increases productivity through reductions in prep-time and redundant/manual data entry.
Improves data access/availability for reporting and planning purposes.
Allows data to be submitted directly and immediately into SharePoint so it can be reviewed, analyzed, etc. in real time.
Creates workflow and process automation, including automated notifications to allow for real-time improvements.
Allows follow-up actions to be assigned and sent to those who need them.
Integrates with the overall compliance IMS for a comprehensive view of compliance status.
Stay tuned for coming articles in our series, which will continue to dig deeper into functionality, highlight some case studies of Office 365 in action, and tap the insights of Kestrel’s Office 365 developer.
OSHA, EPA, and DOT each have requirements for personnel that are working with chemicals, hazardous waste, or onsite emergency management activities. Join Kestrel Management in Ankeny, Iowa this summer for the following training sessions – designed to help you meet your regulatory training requirements.
8-hr OSHA HAZWOPER Technician Refresher
Learn to recognize basic hazard classes, how to read labels and use SDS to understand risk, how to use engineering controls or PPE to prevent exposure, basic information addressing field analytical equipment, and how to correctly respond to spills and implement emergency response site plans.Cost: $165/participant
This course will address a variety of complex EPA hazardous waste topics, including completion of Hazardous Waste Determinations, hazardous waste documentation, generator status, evaluation of waste reduction strategies, RCRA hazardous waste coding, and preparation strategies for EPA inspections. Cost: $495/participant
This course is applicable for all companies that ship or prepare shipments of hazardous materials/waste for transport. It covers all topics required for DOT general awareness and security training and will meet the requirements for triennial training certification. Cost: $195/participant
This course is offered at the Technician level and covers broad issues pertaining to hazard recognition at work sites. Participants will learn strategies and protective measures to reduce or eliminate hazards in the work place. Cost: $495/participant
Training is scheduled to begin at 8:00 am and end at 4:30 pm (or until material is complete).
Snack and lunch will be provided.
Participants will receive a training manual, pre-/post-competency test, exercises, and a certificate of completion, provided they receive an 80% or above on the test.
Registration closes 72 hours prior to the scheduled training. Kestrel has the authority to cancel training with 72-hours notice if class size is not large enough.
Kestrel is looking forward to seeing many of our chemical distribution friends and customers at the NACD Central Region Meeting in Chicago June 10-12! It’s always such a great time to gain important insights from the NACD speakers.
Jake Taylor, Kestrel’s Responsible Distribution Adviser, will be available throughout the workshop to talk more about how Kestrel can help chemical distributors more effectively manage management system requirements (e.g., Responsible Distribution, ISO 9001) and ongoing EHS&S and Food Safety Modernization Act (FSMA) compliance obligations.
Plus, don’t forget the featured NACD Regulatory Workshop: Overview of FSMA for Chemical Distributors following the Central Region Meeting on June 12-13. Kestrel Food Safety Principal Roberto Bellavia will be discussing the Food Safety Modernization Act (FSMA) and how chemical distributors can build a food safety plan to meet FSMA requirements.
It’s not uncommon to think more is better when it comes to software. It’s also not uncommon for companies to gravitate toward specialty software, whether related to certification support, QEHS compliance, cGMP, food safety, incident management, audits, permit tracking, or any number of other areas.
However, as robust as companies want their information management system to be, a simple and adaptable solution is often a better approach. As the NAEM survey we summarized in our first article in this series stated, some EHS&S software experts are migrating clients away from commercial systems to basic tools such as Microsoft Office 365 and SharePoint, which can be easier to understand, easier to use and navigate, and easier to adapt to ongoing business needs.
Flexibility in the Familiar
Many companies look at software as a silver bullet—a fix for everything. But applying technology to operations isn’t about just finding and buying a software tool. It is about:
Understanding the business need;
Customizing and integrating the appropriate tool into existing operations; and
Deploying it so it is effectively applied.
Information management systems and compliance efficiency tools built on an Office 365 platform offer an adaptable/scalable solution that can meet business and overall compliance needs, while offering the familiarity that encourages employee buy-in.
Robust Functionality
But really, what can Office 365 and SharePoint do? Perhaps surprisingly to many, Office 365 is highly adaptable and, with the right resources, can offer the solutions a company needs to address a plethora of operational and compliance requirements, including the following:
Compliance Management Many companies—especially those that are not large enough for a dedicated team of full-time staff—struggle with how to effectively resource their regulatory compliance needs. Kestrel’s experience over many years suggests that reliable and effective regulatory compliance is commonly an outcome of consistent and reliable information management system implementation. Office 365 can allow you to more efficiently manage compliance tasks, corrective and preventive actions (CAPAs), and other project activities to ensure you are meeting your compliance requirements. Compliance management components may include:
Compliance tracking/calendar
Audit assessment & inspection
Mobile forms & checklists
Audit tracking
Permit management/tracking
Training/Learning Management Having a system that records employee training is critical to compliance, especially to ensure policies, procedures, and work instructions are followed. Office 365 allows for the centralized implementation, management, tracking, scheduling, assignment, and analysis of organizational training efforts. From simply logging and tracking training to creating training plans and generating quizzes, training management ensures that the workforce is knowledgeable and appropriately trained.
Complaint & Issues Management From a quality perspective, it is important to effectively track and manage customer complaints/issues and corresponding follow-up actions, including any resulting nonconformances. Doing so electronically can help you identify and respond to complaints more quickly. With an aligned system, you can also connect nonconformance reports (NCRs) to other systems for CAPA management.
Incident Management Most organizations plan for and continually strive to prevent incidents. Effective incident management provides the opportunity to learn about and improve overall performance. Web-based tools can be particularly helpful in documenting, tracking, and reporting on all incidents and near-misses, including injuries, illnesses, spills, releases, and recalls. What’s better is that this can happen in real-time (thanks to mobile functionality) to ensure compliance with reporting requirements and internal incident management processes.
Document Management Document management is a key tool that will help companies in their efforts to go paperless. However, document management is not only for managing files. A quality document management system can also establish document structure, streamline content creation, create version control, and organize your workflows. Office 365 document management systems are scalable to the organization and designed to store, secure, and ultimately help you make sense of the documents your business uses.
Achieving the Big Picture
By having so many features and applications on a single platform, it is easy to tie them all together into an aligned system and to create multiple functions/uses for the data being collected from so many sources. With an aligned system, achieving the big-picture, desired state (rather than the short-term fix) becomes entirely possible.
This approach offers the following benefits:
Scalability. Office 365 is scalable to ensure it meets organizational/ business needs, as well as regulatory requirements. Your system can contain the parts and pieces your company needs to operate efficiently and in compliance with regulations, standards, and customer requirements.
Alignment. The system can be expanded to integrate, connect, and support multiple standards (e.g., ISO, FSSC, SQF, IFS, Responsible Distribution) and/or regulatory requirements. Integration of multiple management systems into a single platform makes management more effective and efficient than when systems operate independently.
Accessibility. The central, web-based system is accessible from any location. Mobile access and forms allow you to capture data via phones, tablets, or PCs—anytime, anywhere—even in remote locations, where a data connection has not yet been established, or in facilities that do not have consistent wireless connection. Data are automatically synchronized when a connection is made and stored in the Cloud to improve data access/availability, generate real-time analytics, and create workflow and process automation.
Measurement. Data can be collected and compiled for review and analysis, as well as more sophisticated predictive analytics. Dashboards and reporting capabilities provide insights into system health, operational results, and business performance for senior management. A standardized approach for reporting further creates accountability and ongoing performance monitoring and measurement.
Easy Adoption. Building off a common Microsoft platform allows for easier adoption due to its familiarity. It also limits the number of solutions, software, and systems needed by a company, as well as the extra fees associated with additional software, such as license, user, and change fees.
The ultimate responsibility for food safety lies with food service providers and their ability to develop and maintain effective food safety management systems. Currently, there is a shift in the emphasis of hazard analysis and preventive controls related to both Process Safety Management (PSM) and Hazard Analysis and Critical Control Points (HACCP). This is of particular concern for the food industry, where many regulations include both EHS and food safety requirements.
Many food operations fall under both PSM and HACCP requirements. In general, PSM is bulk chemical-centric for food operations, while HACCP is food safety risk-centric for maintaining food purity. (Common chemicals subject to both include anhydrous ammonia for cooling and chlorine for sanitation of product and processes. In addition, many large food processing types include process aids at levels under PSM.)
Changing regulations and the increased emphasis on hazard analysis require the food industry to develop well-documented and managed programs that address both PSM and HACCP using common approaches:
Better use of organizational resources
Standard programs
Training efficiency and effectiveness
Shared knowledge and approaches
More effective and aligned hazard analysis management
About PSM
PSM is a key risk management practice that must be implemented for qualifying plants. PSM is covered in the recent Executive Order focused on modernization of high-risk sites and, as a result, is under greater scrutiny with regulator focus and recent events. While PSM is a highly visible requirement, it is currently not widely inspected and reviewed—though that may be changing. PSM generally entails a more event-driven inspection by interested parties other than the company. As a growing area of focus and concern, PSM will require plants to reassess and, potentially, update systems and operations to meet requirements.
About HACCP
HACCP, on the other hand, is widely implemented for food processing and is expanding with high visibility. HACCP is the historic requirement providing the accepted food safety plan for some food industries. HACCP is rapidly being advanced with FSMA and GFSI-level requirements, but requirements have not been fully established based on FSMA rulemaking. The complexity of programs is rapidly increasing, while the level of food industry sectors is expanding to include all food contact, packaging, GRAS, and distribution and transportation companies.
Hazard Analysis Methods
The hazard analysis methods under PSM and HACCP are similar but different:
Process Hazard Analysis (PHA) is associated with high-risk chemicals or materials, and is required for compliance with PSM. A PHA is designed to protect people and the environment from specific hazards. PHA methods vary based on an organization’s determination of the best method for their situation. These methods are directed to the overall process and operating condition by the process step. PHA focuses largely on equipment, instrumentation, utilities, human actions, and external factors that might impact the process. It involves an organized, systematic analysis of potential hazards to improve safety and reduce the potential consequences of those hazards.
Hazard Analysis and Preventive Control (HAPC) is associated with food safety risk under Hazard Analysis and Risk-based Preventive Controls (HARPC) and is an aspect of HACCP. HAPC is a growing regulatory compliance requirement related to food safety plans (FDA and USDA) that focuses on process, equipment, contamination, procedures, and control points. HAPC involves an organized and systematic analysis of potential risks to food and food materials to improve the purity of food during processing/handling by reducing contamination.
PHA and HAPC are required for facilities, as determined by the regulations, and include the following common requirements:
Develop preventive control plan
Perform hazard analysis for foreseeable hazards (written)
Conduct “what-if” scenarios, rating, and ranking
Identify and implement preventive controls, as well as intentional hazards and controls
Under both PSM and HACCP, all plans and records may be subject to inspections. Failures to act may be interpreted as willful non-conformance or probable cause for expanded inspection.
Additional Requirements
Companies subject to PSM and HACCP need to consider other related regulatory requirements, as well. This relationship in itself is key under GFSI.
Records
Maintain evidence
Conduct development programs and hazard analysis adequately
Establish programs to ensure preventive controls
Conduct training
Validate and verify programs, completed forms
Record all key information relevant periods
Inspections
PSM-level inspections can be part of incident follow-up or planned OSHA or NEP inspections; there is state registering of PSM inspections.
HACCP will be part of mandatory FDA inspections, by any qualified agency to FSMA, and required under GFSI; customers may also require HACCP as part of their supplier programs.
Cleanup and Catch-up
Monitor effectiveness
Establish corrective actions
Verify programs and preventive controls
Monitor and support SOPs/GMPs
Diligently follow and record Management of Change (MOC)
In addition, hazardous materials and communication are key for both EHS and FDA, as well as areas like air quality, water quality, sanitation, and blood borne pathogen/bodily fluids.
The Right Resources
A higher level of compliance requires plans to be reassessed and, subsequently, the resources to reassess them. For many, once programs are developed, they are put into “maintain” mode. Historical knowledge isn’t captured or is lost to turnover.
Beyond that, PSM and HACCP both require that “qualified individuals” develop and manage these systems. Qualified individuals include a designated lead with certain experience and qualifications, as outlined in the requirements. Availability of resources is almost always an issue, as maintaining systems with just one person is very difficult, especially given organizational change.
Keeping qualified resources at the proper certification is difficult. New employees are now typically required to provide both oversight and operational capability. The mix of education, work experience, and certification are all important. The growing approach is to maintain teams with alternates to supplement the leads and to provide coverage for all situations, including daily/weekly schedules. This is an area that must be continually monitored and subjected to corrective action.
Alignment Strategy
The following tips will help to effectively align PSM and HACCP programs and strategies, and provide for efficient compliance with both regulatory programs:
Establish plans to assess existing programs
Apply continuous improvement (Plan-Do-Check-Act)
Take inventory of qualified resources
Align qualified personnel to PSM and HACCP teams
Use a sub-team approach to ensure the necessary level of participation and backup
Maintain multi-year strategy, planning, and training
Establish a cleanup and catch-up approach for hazard analysis activities to move forward
Use continuous improvement to maintain validated and verified programs
The Global Food Safety Initiative (GFSI) relies on a number of benchmarked schemes to establish food safety requirements; all are designed to ensure the quality and safety of a company’s products. In order to become certified to one of these GFSI-recognized schemes, a company must undergo a third-party audit by a certified auditor. Kestrel’s experience conducting these audits has revealed that companies who successfully achieve certification demonstrate a number of common attributes—regardless of their chosen scheme:
Corrective and preventive actions are up-to-date and current.
Continuous improvement/root cause analysis process is in place to make ongoing improvements and to ensure final resolutions to all out-of-control issues or non-conformances to the Food Safety Program.
Premises, facility, and building programs are established and operating, including controls, signage, direction, job training, and physical evidence of a fully implemented Food Safety Program.
Preventive maintenance system links scheduled maintenance to Hazard Analysis & Critical Control Points (HACCP) critical equipment monitoring requirements.
Approved materials and process specifications are managed and controlled.
Product identification and traceability processes are in place, including complete records detailing all activities for the production of food product.
Document management and control program is updated, validated, and maintained. Developing program management systems helps ensure compliance with document management and control.
Food safety program updates and management are completed through annual and multi-year planning for maintaining the Food Safety Program, including management of change, management review, approvals, and internal audit.
Records and verification management systems provide access to supporting data, as determined by FDA/FSMA and company programs.
Data management of food safety records outlines processes for assuring prompt or immediate access to critical records, as needed, for audit, compliance, or regulatory purposes.
This is the first in KTL’s series of articles about Technology-Enabled Business Solutions.
It goes without saying that change is hard. Even positive change for the better is not without challenges. Change when it comes to Information Technology (IT)/software systems can be flat out painful because of the significant investments of time, money, and resources required. That is why many companies choose to avoid making a change until absolutely necessary.
How do you know when that time has come? How do you know when you are investing more in your compliance Information Management System (IMS) than you are getting out of it? What are those hot buttons that drive companies to seek a system change? And when seeking a new compliance IMS, what do you look for to ensure it will meet your business needs?
Why Companies Seek New Systems
According to a March 2019 survey conducted by the National Association for EHS&S Managers (NAEM) entitled Why Companies Replace Their EHS&S Software Systems, the following is the rank order of key reasons why companies seek a new IMS:
Current system doesn’t perform as advertised.
New business objective(s) aren’t supported by
the current system.
Current system costs too much to maintain.
Current system doesn’t integrate well with other
business IT systems.
Platform being used has changed.
Criteria for New Systems
These reasons tie directly to what companies in the NAEM survey say are the most important criteria when shopping for a new software system:
Let’s review a few of these top criteria and why they are so important in any decisions made about implementing a new compliance IMS. We will dig deeper into these reasons throughout our series of articles on compliance information management solutions.
Integration As indicated by the NAEM survey, it can be a real challenge to integrate technology, whether it is with hardware, other compliance/certification software, ERP software, global systems, legacy systems, human resources systems, financial/inventory systems, etc. When it comes to having multiple systems, it’s not that you necessarily need one system to manage every business function. However, you do need your systems to talk. Lack of integration can contribute to duplication of effort, data inaccuracy, and business inefficiencies across multiple departmental functions.
Real-Time Metrics Tracking/Mobile Accessibility With today’s technology, we are accustomed to instant gratification. There should be no reason why your IMS cannot provide that when it comes to real-time metrics tracking. Mobile accessibility allows for data to be collected on-the-go rather than re-entering information from the field back in the office. Data can be collected and compiled in real-time for review and analysis, as well as more sophisticated predictive analytics. Dashboards and reporting capabilities provide insights into system health, operational results, and business performance for senior management. A standardized approach for reporting further creates accountability and ongoing performance monitoring and measurement.
User Friendliness What does it mean to be user friendly? Is that focused on the end user entering data in the field? Does it pertain to management who is reading reports and metrics? Are we talking about the system administrator? A truly user-friendly system will be something that meets the needs of all parties. If employees are frustrated by lack of understanding, if the system isn’t intuitive enough, if it is hard to put data in or get metrics out, the system will hold little value. In fact, according to NAEM, if a system isn’t user-friendly, employees may end up using workarounds that create more inefficiencies and inaccuracies.
Customization, Updates & Maintenance Costs Perhaps the functionality was oversold, perhaps the system cannot handle your data in the ways you anticipated, perhaps the solution you need requires additional customization that you did not anticipate. Whatever the case, not getting what you paid for is an exercise in frustration and a waste of resources. Business priorities and objectives change. If your system cannot adapt to these changes, users will fail to engage, and it will become obsolete. At the same time, if you continually seek customization, it can come at a price—not just for the customization but for the expertise required to maintain a customized solution. Customization can quickly become a money pit that you cannot climb out of. The key is to find an IMS that is simple and adaptable to respond to business changes.
Simple Solution
It’s not uncommon to think more is better when it comes to software. However, as robust as most companies want their compliance IMS to be, a simple and adaptable solution is often the best approach. According to the NAEM survey, some software experts are helping to migrate clients away from commercial systems to basic tools such as Microsoft Office 365 and SharePoint, which can be easier to understand, easier to use and navigate, and easier to adapt to ongoing business needs.
The next article in our series will explore the idea of going back to basics and leveraging familiar tools like Office 365 to meet compliance IMS and overall business needs.
A management system is the organizing framework that enables companies to achieve and sustain their operational and business objectives through a process of continuous improvement. A management system is designed to identify and manage risks—safety, environmental, quality, business continuity, food safety (and many others)—through an organized set of policies, procedures, practices, and resources that guide the enterprise and its activities to maximize business value.
The management system addresses:
What is done and why
How it is done and by whom
How well it is being done
How it is maintained and reviewed
How it can be improved
Creating an Effective and Valuable Management System
Each company’s management system reflects its unique culture, vision, and values. To be effective and valuable, the management system must be tailored and focused on how it can enhance the business performance of the organization. It must also be:
Useful to people in the operations
Intuitive—organized the way operations people think
Flexible—making use of methods and tools as they are developed and documented
Valuable from the outset—addressing the most critical risks and processes
Linked to the business of the business (not “pasted on”), with ownership at the operational level
A means to better align operational quality, safety, and environment with the business
Attributes of an effective management system are senior management expectations and guidance coupled with employee engagement. Importantly, a management system involves a continual cycle of planning, implementing, reviewing, and improving the way in which safety, quality, and environmental obligations and objectives are met. In its simplest form, this involves implementing the Plan, Do, Check, Act/Adjust (P-D-C-A) cycle for continuous improvement.
Auditing for Ongoing Compliance
The connection between management systems and compliance is vital in avoiding recurring compliance issues and in reducing variation in compliance performance. In fact, reliable and effective regulatory compliance is commonly an outcome of consistent and reliable implementation of a management system.
Conducting periodic audits is a practical way to test a management system’s implementation maturity and effectiveness. One of the many advantages of audits is that they help identify gaps so that corrective/preventive actions can be put into place and then sustained and improved through the management system.
Audits also help companies with continuous improvement initiatives; properly developed audit programs help measure results over time. To achieve best value, audits should emphasize finding patterns that can yield opportunities for learning and continual improvement, rather than “gotchas” for exceptions that are discovered.
Management System Standards
Several options are available for structuring management systems, whether they are certified by third-party registrars and auditors, self-certified, or used as internal guidance and for potential certification readiness.
The International Organization for Standardization (ISO) standards are some of the most commonly applied. The ISO standards for quality (ISO 9001), environment (ISO 14001), health & safety (OHSAS 18001), business continuity (ISO 22301), and food safety (FSSC 22000) have consistent elements, allowing organizations to more easily align their various management systems. Aligned management systems help companies to achieve improved and more reliable quality, environmental, and health & safety performance, while adding measurable business value.
Certification
Companies can become certified to each of the standards discussed above. Certification has a number of benefits, including the following:
Meet customer or supply chain requirements
Use outside drivers to maintain management system process discipline (e.g., periodic risk assessment, document management, compliance evaluation, internal audits, management review)
Take advantage of third-party assessment and recommendations
Improve standing with regulatory agencies (e.g., USEPA, OSHA, FDA, and state programs)
Demonstrate the application of industry best practice in the event of incidents/accidents requiring defense of practices
However, if there is no market or other business driver, certification can lead to unnecessary additional cost and effort regarding management system development. Certification in itself does not mean improved performance—management system structure, operation, and management commitment determine that.
Business Value
There are a number of reasons to implement a management system. A properly designed and implemented management system brings value to organizations in a number of ways:
Risk management
Identify risks
Set priorities for improvement, measurement, and reporting
Provide great opportunity to identify, share, and learn best practices, while recognizing operational differences
Protection of people
Send people home the way they arrived at work
Protect the public and the environment
Compliance assurance
Improve and sustain regulatory compliance
Business value
Continually improve quality, environmental, and safety performance across the organization (employee, public, equipment, infrastructure)
Reduce incident costs and accrued liabilities
Protect assets
Reliability
Assure processes, methods, and practices are in place, documented, and consistently applied
Reduce variability in processes and performance
Employee engagement
Help employees to find and use current versions of all procedures and documents
Provide a ready reference for field management to structure location-specific procedures
Enable the effective transfer of standards, methods, and know-how in employee training, new job assignments, and promotions