The Global Food Safety Initiative (GFSI) relies on a number of benchmarked schemes to establish food safety requirements; all are designed to ensure the quality and safety of a company’s products. In order to become certified to one of these GFSI-recognized schemes, a company must undergo a third-party audit by a certified auditor. Kestrel’s experience conducting these audits has revealed that companies who successfully achieve certification demonstrate a number of common attributes—regardless of their chosen scheme:

1. Corrective and preventive actions are up-to-date and current.
2. Continuous improvement/root cause analysis process is in place to make ongoing improvements and to ensure final resolutions to all out-of-control issues or non-conformances to the Food Safety Program.
3. Premises, facility, and building programs are established and operating, including controls, signage, direction, job training, and physical evidence of a fully implemented Food Safety Program.
4. Preventive maintenance system links scheduled maintenance to Hazard Analysis & Critical Control Points (HACCP) critical equipment monitoring requirements.
5. Approved materials and process specifications are managed and controlled.
6. Product identification and traceability processes are in place, including complete records detailing all activities for the production of food product.
7. Document management and control program is updated, validated, and maintained. Developing program management systems helps ensure compliance with document management and control.
8. Food safety program updates and management are completed through annual and multi-year planning for maintaining the Food Safety Program, including management of change, management review, approvals, and internal audit.
9. Records and verification management systems provide access to supporting data, as determined by FDA/FSMA and company programs.
10. Data management of food safety records outlines processes for assuring prompt or immediate access to critical records, as needed, for audit, compliance, or regulatory purposes.

This is the first in KTL’s series of articles about Technology-Enabled Business Solutions.

It goes without saying that change is hard. Even positive change for the better is not without challenges. Change when it comes to Information Technology (IT)/software systems can be flat out painful because of the significant investments of time, money, and resources required. That is why many companies choose to avoid making a change until absolutely necessary.   

How do you know when that time has come? How do you know when you are investing more in your compliance Information Management System (IMS) than you are getting out of it? What are those hot buttons that drive companies to seek a system change? And when seeking a new compliance IMS, what do you look for to ensure it will meet your business needs? 

Why Companies Seek New Systems

According to a March 2019 survey conducted by the National Association for EHS&S Managers (NAEM) entitled Why Companies Replace Their EHS&S Software Systems, the following is the rank order of key reasons why companies seek a new IMS:

• Current system doesn’t perform as advertised.
• New business objective(s) aren’t supported by the current system.
• Current system costs too much to maintain.
• Current system doesn’t integrate well with other business IT systems.
• Platform being used has changed.

Criteria for New Systems

These reasons tie directly to what companies in the NAEM survey say are the most important criteria when shopping for a new software system:

Let’s review a few of these top criteria and why they are so important in any decisions made about implementing a new compliance IMS. We will dig deeper into these reasons throughout our series of articles on compliance information management solutions. 

Integration
As indicated by the NAEM survey, it can be a real challenge to integrate technology, whether it is with hardware, other compliance/certification software, ERP software, global systems, legacy systems, human resources systems, financial/inventory systems, etc. When it comes to having multiple systems, it’s not that you necessarily need one system to manage every business function. However, you do need your systems to talk. Lack of integration can contribute to duplication of effort, data inaccuracy, and business inefficiencies across multiple departmental functions.

Real-Time Metrics Tracking/Mobile Accessibility
With today’s technology, we are accustomed to instant gratification. There should be no reason why your IMS cannot provide that when it comes to real-time metrics tracking. Mobile accessibility allows for data to be collected on-the-go rather than re-entering information from the field back in the office. Data can be collected and compiled in real-time for review and analysis, as well as more sophisticated predictive analytics. Dashboards and reporting capabilities provide insights into system health, operational results, and business performance for senior management. A standardized approach for reporting further creates accountability and ongoing performance monitoring and measurement.

User Friendliness
What does it mean to be user friendly? Is that focused on the end user entering data in the field? Does it pertain to management who is reading reports and metrics? Are we talking about the system administrator? A truly user-friendly system will be something that meets the needs of all parties. If employees are frustrated by lack of understanding, if the system isn’t intuitive enough, if it is hard to put data in or get metrics out, the system will hold little value. In fact, according to NAEM, if a system isn’t user-friendly, employees may end up using workarounds that create more inefficiencies and inaccuracies. 

Customization, Updates & Maintenance Costs
Perhaps the functionality was oversold, perhaps the system cannot handle your data in the ways you anticipated, perhaps the solution you need requires additional customization that you did not anticipate. Whatever the case, not getting what you paid for is an exercise in frustration and a waste of resources. Business priorities and objectives change. If your system cannot adapt to these changes, users will fail to engage, and it will become obsolete. At the same time, if you continually seek customization, it can come at a price—not just for the customization but for the expertise required to maintain a customized solution. Customization can quickly become a money pit that you cannot climb out of. The key is to find an IMS that is simple and adaptable to respond to business changes. 

Simple Solution

It’s not uncommon to think more is better when it comes to software. However, as robust as most companies want their compliance IMS to be, a simple and adaptable solution is often the best approach. According to the NAEM survey, some software experts are helping to migrate clients away from commercial systems to basic tools such as Microsoft Office 365 and SharePoint, which can be easier to understand, easier to use and navigate, and easier to adapt to ongoing business needs.  

The next article in our series will explore the idea of going back to basics and leveraging familiar tools like Office 365 to meet compliance IMS and overall business needs. 

A management system is the organizing framework that enables companies to achieve and sustain their operational and business objectives through a process of continuous improvement. A management system is designed to identify and manage risks—safety, environmental, quality, business continuity, food safety (and many others)—through an organized set of policies, procedures, practices, and resources that guide the enterprise and its activities to maximize business value.

The management system addresses:

• What is done and why
• How it is done and by whom
• How well it is being done
• How it is maintained and reviewed
• How it can be improved

Creating an Effective and Valuable Management System

Each company’s management system reflects its unique culture, vision, and values. To be effective and valuable, the management system must be tailored and focused on how it can enhance the business performance of the organization. It must also be:

• Useful to people in the operations
• Intuitive—organized the way operations people think
• Flexible—making use of methods and tools as they are developed and documented
• Valuable from the outset—addressing the most critical risks and processes
• Linked to the business of the business (not “pasted on”), with ownership at the operational level
• A means to better align operational quality, safety, and environment with the business

Attributes of an effective management system are senior management expectations and guidance coupled with employee engagement. Importantly, a management system involves a continual cycle of planning, implementing, reviewing, and improving the way in which safety, quality, and environmental obligations and objectives are met. In its simplest form, this involves implementing the Plan, Do, Check, Act/Adjust (P-D-C-A) cycle for continuous improvement.

Auditing for Ongoing Compliance

The connection between management systems and compliance is vital in avoiding recurring compliance issues and in reducing variation in compliance performance. In fact, reliable and effective regulatory compliance is commonly an outcome of consistent and reliable implementation of a management system.

Conducting periodic audits is a practical way to test a management system’s implementation maturity and effectiveness. One of the many advantages of audits is that they help identify gaps so that corrective/preventive actions can be put into place and then sustained and improved through the management system.

Audits also help companies with continuous improvement initiatives; properly developed audit programs help measure results over time. To achieve best value, audits should emphasize finding patterns that can yield opportunities for learning and continual improvement, rather than “gotchas” for exceptions that are discovered.

Management System Standards

Several options are available for structuring management systems, whether they are certified by third-party registrars and auditors, self-certified, or used as internal guidance and for potential certification readiness.

The International Organization for Standardization (ISO) standards are some of the most commonly applied. The ISO standards for quality (ISO 9001), environment (ISO 14001), health & safety (OHSAS 18001), business continuity (ISO 22301), and food safety (FSSC 22000) have consistent elements, allowing organizations to more easily align their various management systems. Aligned management systems help companies to achieve improved and more reliable quality, environmental, and health & safety performance, while adding measurable business value.

Certification

Companies can become certified to each of the standards discussed above. Certification has a number of benefits, including the following:

• Meet customer or supply chain requirements
• Use outside drivers to maintain management system process discipline (e.g., periodic risk assessment, document management, compliance evaluation, internal audits, management review)
• Take advantage of third-party assessment and recommendations
• Improve standing with regulatory agencies (e.g., USEPA, OSHA, FDA, and state programs)
• Demonstrate the application of industry best practice in the event of incidents/accidents requiring defense of practices

However, if there is no market or other business driver, certification can lead to unnecessary additional cost and effort regarding management system development. Certification in itself does not mean improved performance—management system structure, operation, and management commitment determine that.

Business Value

There are a number of reasons to implement a management system. A properly designed and implemented management system brings value to organizations in a number of ways:

• Risk management
  • Identify risks
  • Set priorities for improvement, measurement, and reporting
  • Provide great opportunity to identify, share, and learn best practices, while recognizing operational differences
• Protection of people
  • Send people home the way they arrived at work
  • Protect the public and the environment
• Compliance assurance
  • Improve and sustain regulatory compliance
• Business value
  • Continually improve quality, environmental, and safety performance across the organization (employee, public, equipment, infrastructure)
  • Reduce incident costs and accrued liabilities
  • Protect assets
• Reliability
  • Assure processes, methods, and practices are in place, documented, and consistently applied
  • Reduce variability in processes and performance
• Employee engagement
  • Help employees to find and use current versions of all procedures and documents
  • Provide a ready reference for field management to structure location-specific procedures
  • Enable the effective transfer of standards, methods, and know-how in employee training, new job assignments, and promotions

A recent episode of The Daily, a podcast from The New York Times, discussed the safety culture of the Boeing manufacturing plant in Charleston, South Carolina—the plant that builds the 737 MAX 8, the aircraft involved in two fatal crashes worldwide in the last six months.

Concerns About Culture

The Boeing 737 MAX 8 was grounded by the FAA on March 11, 2019 amid concerns that recently introduced flight control software contributed to both crashes. The subsequent scrutiny on the company brought attention to the safety culture of the Charleston plant.

Interviews in the podcast suggest common characteristics of a negative safety culture were present at Boeing. For example, there was reportedly significant pressure to meet production deadlines, including financial incentives for meeting hourly production goals. Some managers allegedly took defective parts and installed them on aircraft to meet these deadlines. One such incident described on the podcast episode included an attempt to rub off the red paint that is applied to defective parts to prevent installation. Related to defective parts, managers were reportedly pressured to reduce the number of parts damaged by employees during manufacturing. A former quality manager interviewed in the episode alleges that this pressure led to damaged parts being installed rather than reported to management or quality control.

Safety culture is often defined informally as “the way we do things around here” when it comes to safety practices. Essentially, safety culture is the product of the shared values, beliefs, norms, and organizational practices in a company about working safely. An organization’s safety culture is ultimately reflected in the way safety is managed in the workplace. The culture breaks down when the disregard for safety becomes “management practice.”

Characteristics of a Strong Safety Culture

A strong safety culture has several characteristics in common. Kestrel’s research into the topic of safety culture has identified two traits that are particularly important to an effective safety culture: leadership and employee engagement. Best-in-class safety cultures have robust systems in place to ensure that each of these traits, among others, is mature, well-functioning, and fully ingrained into the standard practices of the organization.

Organizations with strong safety cultures typically exhibit many of the following attributes:

• Communication. Communication is most effective when it comprises a combination of top-down and bottom-up interaction. Senior management sets the strategic goals and vision for the company’s safety program. It is vital that all levels of management (senior, middle, supervisory) communicate the strategy clearly to the workers who carry out the company’s mission. It is equally important that workers provide feedback on a practical level about what’s working and what’s not.
• Commitment. When it comes to safety, actions truly speak louder than words. A lack of commitment, as demonstrated by action (or lack thereof), comes across loud and clear to staff. For example, requiring staff to work excessive hours or use defective parts to meet productivity goals sends a clear message that productivity is more important than safety.
• Caring. Caring is about doing whatever is necessary to ensure employees return home safely every night. It involves showing concern for the personal safety of individuals, not just making a commitment to the overall idea of safety.
• Cooperation. Safety works best if management and workers are on the same team. Cooperation means working together to develop a strong safety program (e.g., management involving line workers in creating safety policies and procedures). It means management seeks feedback from workers about safety issues—and uses that feedback to make improvements. And it means there is no blame when incidents occur.
• Coaching. Coaching each other—peer to peer, supervisor to employee, even employee to management—is an important way to keep everyone on track. Coaching involves non-judgmentally providing feedback for improvements and, correspondingly, accepting and incorporating that feedback as constructive criticism.
• Procedures. There should be documented, clear procedures for every task. This not only prevents disagreement about what is required, it also shows commitment when things are put in writing. Procedures should be designed jointly by management and workers for practicality and to encourage improved cooperation, communication, and buy-in.
• Training. Training is a more formal, documented process for ensuring that employees follow safety processes and procedures. Formal training should happen frequently enough for employees to feel prepared to safely do their jobs.
• Tools. All equipment and tools should be in good repair, free of debris, and functioning as designed. Inadequate tools directly impact safety/protection and indirectly impact perception of management commitment. Boeing’s alleged practices send a clear message that safety is not as important as productivity.
• Personnel. There must be enough workers to do each task safely. The company should not sacrifice individual safety because of being understaffed (i.e., requiring shortcuts/overtime to meet production goals).
• Trust. Trust in the safety program, in senior management, and in each other is built when each of these characteristics is present and treated as a company-wide priority.

Benefits of a Best-in-Class Safety Culture

Strong safety performance is a cornerstone of any business. When these characteristics come together to create a best-in-class safety culture, everyone wins:

• Fewer accidents, losses, and disruptions
• Improved employee morale
• Increased productivity
• Lower workers compensation and insurance claims
• Improved compliance with OSHA regulations
• Improved reputation to attract new customers and employees and retain existing ones
• Better brand and shareholder value

When business is disrupted, the costs can be substantial. Unfortunately, every organization is at risk from potential operational disruptions—natural disasters, fire, sabotage, information technology (IT) viruses, data loss, acts of violence. Recent world events have further challenged organizations to prepare to manage previously unthinkable situations that may threaten the future of the business.

Securing Company Assets

This goes beyond the mere Emergency Response Plan or disaster recovery activities that have been previously implemented. Organizations must now engage in a more comprehensive process to secure their companies’ assets (e.g., people, technology, products, and services). Today’s threats require implementation of an ongoing, interactive process that assures the continuation of the organization’s core business activities and data center(s) before, during, and, most importantly, after a major crisis event.

Creating a Resilient Organization

Business continuity planning helps ensure that companies have the resources and information needed to maintain service, reliability, and resiliency under adverse conditions. While companies can’t plan for everything, they can take steps to understand and effectively manage events that might compromise their products/services, supply chain, quality, security, and future as an organization.

A Business Continuity Plan ensures that all involved parties understand who makes decisions, how the decisions are implemented, and what the roles and responsibilities of participants are when an incident occurs. Through business continuity planning, companies are able to:

• IDENTIFY the human, property, and operational impacts of potential business threats
• EVALUATE the potential severity of associated risks
• ESTIMATE the likelihood of business threats occurring
• CREATE timelines for restoration and strategies that proactively mitigate the most pressing business threats, take advantage of opportunities that lie ahead, and provide for a more resilient and sustainable future

Systematic Approach

A sound Business Continuity Program relies on a systematic approach to identify and critically evaluate risks/opportunities, as outlined below. This approach broadens the scope of issues beyond mere emergency response and allows companies to budget for and secure the necessary resources to support critical business activities before, during, and after a major crisis event. Ultimately, following this process helps companies to stay in business through a time of crisis.

Sustaining Business for the Long Term

Sustainability is about staying in business for the long term, and today, business continuity is key to sustaining business over time. That is because a well-developed and implemented Business Continuity Plan:

• Keeps employees and the community safe when an incident occurs
• Protects the organization’s important assets (e.g., people, technology, products, services)
• Reduces disruption to critical functions in order to limit financial impacts due to loss of product/service
• Reduces adverse publicity, loss of credibility, and loss of customers
• Reduces legal liability and regulatory exposure
• Reduces the risk of losing critical business data (e.g., historical, operational, customer, regulatory compliance)
• Provides for an orderly and timely recovery by allowing critical decisions to be made in a non-crisis mode
• Helps companies mitigate risks and focus on the future

*****
Guiding Standards

ISO 22301: Societal Security – Business Continuity Management Systems is specifically designed to help organizations protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. Like other ISO standards, ISO 22301 applies the Plan-Do-Check-Act/Adjust model to developing, implementing, and continually improving a Business Continuity Management System. Following this internationally recognized standard allows organizations to leverage their existing management systems and ensure consistency with any other ISO management system standards that may already be in place (e.g., ISO 14001 – environment, ISO 9001 – quality, ISO 45001 – safety, ISO 22000 – food safety).

The American Society for Industrial Security (ASIS) Business Continuity Management System Standard, National Fire Protection Association (NFPA) 1600: Standard on Disaster/Emergency Management and Business Continuity Programs, and Office of the Comptroller of the Currency (OCC) federal banking requirements for business continuity provide further industry-specific guidance on business continuity management.

Today’s business managers face greater complexities than ever when it comes to making business decisions. For every business decision, there are a number of factors that impact the associated risks. Fortunately, the use of statistics, predictive analytics, and data mining has become increasingly useful in taking the “gut feel” out of making important and often complex business decisions.

Data-Driven Decisions

Most people are familiar with common descriptive statistical techniques, like measures of central tendency (e.g., mean, median, mode) or variability (e.g., interquartile range, standard deviation). More advanced data mining and predictive analytical techniques are increasingly being used to explore and investigate past performance to gain insight for future business decision making.

Data mining draws on large amounts of data to identify patterns, which are often classified as opportunities or risks. Predictive analytics encompasses a variety of statistical techniques that are used to analyze historical data to predict the most probable future events. A few examples of these include the following:

• Discriminant Analysis – a machine learning model where a computer program “learns” a pre-existing data set that includes attributes and outcomes for each individual, and then predicts probable outcomes for individuals in the new data set based on attributes.
• Linear Regression – creates an equation so that one variable can be predicted based on the known values of other variables.
• Logistic Regression – a machine learning model where a computer program “learns” a pre-existing data set that includes attributes and a binary (“yes/no”) outcome for each individual, then predicts “yes/no” outcome for each individual in a new data set, along with a probability associated with the decision.
• Decision trees – machine learning model where a computer program “learns” a pre-existing data set that includes attributes and outcomes (not necessarily binary) for each individual, then predicts outcomes for each individual in a new data set, along with confidence in the decision; also identifies the attributes that are most helpful for making predictions (i.e., those that are best able to discriminate between outcomes).
• Neural networks – similar to decision tree, but more effective if finding the connections between attributes is a concern.

Together, this information can help decision makers to predict the outcome(s) of a decision before it is made—and make smarter decisions based on data instead of gut feelings. The following case studies demonstrate the value that statistics provide when it comes to making important business decisions.

Case Study: Wildfire Risk Index

For a large transportation organization, wildfires have historically presented a unique challenge. The company has worked diligently over the past several years to control its fire risk through research and a number of assessments. To help further minimize the wildfire risk, the company turned to past data and is working with Kestrel to develop a comprehensive Wildfire Risk Index to:

1. Quantify the operational risks of wildfires (i.e., identify environmental conditions, determine areas of concern)
2. Make informed business decisions to help minimize identified risks

Creating the Index requires a significant amount of data from both internal and external resources, including traffic, weather, geography, internal fire incidents, and others. This information is used in several components contained within two main models that create the Wildfire Risk Index. These model components are relatively simple when used on their own. The complexity arises when combining the various models and their components into a single Wildfire Risk Index that reasonably reflects relative risks, while considering all variables.

The ultimate output of the Wildfire Risk Index is a single number that quantifies the relative risk of wildfire by location and by month. This information will help the company to:

1. Identify the areas of greatest risk.
2. Focus resources on those areas.
3. Make more informed decisions regarding operations—like when to plan hot work and when and where to perform vegetation control—to help prevent future incidents.

Case Study: Incident Data

For a large petroleum refining organization, safety and environmental incidents present a significant risk to operations. In order to reduce incident frequency, the company has implemented a robust safety management system, which includes frequent audits and inspections. Despite the company’s best efforts, however, incidents have continued to occur.

To further improve safety and environmental performance, Kestrel is working with the company to conduct detailed reviews of previous incidents using Kestrel’s proprietary Human Performance Reliability (HPR) approach. This approach identifies and classifies the human factors contributing to incidents, as well as the controls associated with those human factors (engineered, administrative, and/or PPE). Once the reviews are finished, the results are statistically analyzed to generate a prioritized list of human factors to be addressed. Kestrel’s Human Factors Integration Tool (HFIT™) software then generates a list of existing controls associated with the top human factors, as well as a list of missing controls that could be created and implemented.

The ultimate output of the incident review process is to help the company identify the human factors contributing to incidents, create or improve associated controls, manage operational risks, and protect the health and safety of workers and the surrounding environment.

Versatility

These examples demonstrate how predictive analytics can be used to support decision making. The versatility of predictive analytics, combined with the variety of statistical techniques available, can be applied to help companies analyze a wide variety of problems and gain insight for future business decision making.

A Safety Management System (SMS) is a systematic organization of policies, processes, programs, procedures, and records. Like other management systems, an SMS is built on the Plan, Do, Check, Act/Adjust (PDCA) cycle. Ideally, safety-related activities are planned, done, checked (through auditing, inspections, investigations), and finally reviewed by both local and executive management to facilitate continuous improvement (i.e., adjust).

Keys to a Successful SMS

The primary purpose of an SMS is to effectively manage safety-related risks. But how does an organization ensure that its SMS—new or existing—actually does this? Kestrel has compiled the following best practice tips for implementing an effective SMS:

1. All employees with management or supervisory responsibilities must be visibly and conspicuously committed to safety and the SMS. Management demonstrates leadership and promotes commitment to improving safety performance through active and visible participation. It is up to management to routinely demonstrate that this is not just the “flavor of the month” but the organization’s way of doing business. (Choudhry, Fang & Ahmed, 2008; Hansen, 2006; Lyon & Hollcroft, 2006; OSHA, 2015)
2. Employees are engaged in the SMS—emotionally and cognitively. Employees must understand how the SMS works and believe in the value that it offers them and the organization. (Wachter & Yorio, 2014; Moraru, Babut & Cioca, 2011)
3. The SMS is integrated into other business objectives and aligned with other in-place management systems (e.g., quality, environmental). The SMS should support the company’s goals and objectives. Aligning and integrating with other systems further improves efficiency, consistency, and understanding. This also provides the flexibility needed to function in a dynamic business environment. (Hansen, 2006)
4. There are clearly defined safety policies and principles. Policies should be established, communicated, and updated, as necessary. (Hansen, 2006)
5. The SMS establishes challenging objectives, goals, and plans. High standards of performance that are tracked and measured ultimately lead to performance improvements. (Hansen, 2006; OSHA, 2015)
6. Contractors and other third parties are effectively managed. Contractors, suppliers, and others must be assessed and monitored for their capabilities and performance. Clear performance standards should be established to ensure that these third parties meet needs and uphold safety management expectations. (Hansen, 2006; OSHA, 2015)
7. The SMS ensures compliance with legal and other requirements. The SMS should help the organization to measure and verify compliance with applicable legal and regulatory requirements. (Hansen, 2006)
8. There is effective communication about the SMS, including clearly defined roles and responsibilities. Employees need to understand the purpose of the SMS and their roles in achieving related goals and objectives. (Hansen, 2006; OSHA, 2015)
9. Staff receive continuous safety training and development opportunities. Safe operations rely on well-trained employees and contractors who understand the SMS and how to perform their jobs in the safest ways possible. (Choudhry, Fang & Ahmed, 2008; Moraru, Babut & Cioca, 2011; Lyon & Hollcroft, 2006; OSHA, 2015)
10. The organization is committed to hazard identification, risk assessment, and implementing effective controls. Identifying, assessing, and prioritizing hazards can mitigate risks to employees, customers, contractors, and the general public. Procedures should be put into place to continually identify workplace hazards and evaluate risks. Doing so must be a continuous process with periodic inspections to identify new hazards. (Hansen, 2006; OSHA, 2015)
11. The organization conducts injury and incident investigations, produces reports, and follows through on corrective actions. Effective incident investigations provide the opportunity to learn about and improve safety performance. Investigations should identify the root cause and contributing factors, determine and track corrective actions, and share lessons learned across the organization to prevent recurrence. Perhaps most importantly, the organization should refrain from using the investigation to figure out who to blame for the incident. Fault-finding, rather than fact-finding, leads to mistrust and a negative safety culture. (Singh, 2014; OSHA, 2015)
12. Audits provide the opportunity for ongoing re-evaluation and to demonstrate a strong commitment to continuous improvement. The SMS must be regularly reviewed to ensure that it is delivering consistent, desired performance. Planning and implementing internal audits helps verify whether safety processes and activities are meeting goals and creating the desired outcomes. Audits also help determine the effectiveness of the SMS and uncover new opportunities to systematically guide the PDCA continual improvement process. Sharing best practices and lessons learned further promotes ongoing improvement. (Hansen, 2006; Choudhry, Fang & Ahmed, 2008)
13. Risk-based, data-driven decision-making is informed by both leading and lagging indicators. While lagging indicators provide valuable information for SMS improvement, leading indicators provide that information without waiting until someone gets hurt. Advanced statistical techniques and predictive analytics can help predict where and when an incident will happen based on leading indicators. Organizations can make drastic safety performance improvements by making a strategic, sustainable investment in gathering and analyzing leading indicators.
14. Implementation is guided from the top down; buy-in is obtained in all levels of the organization. Ownership of the SMS resides with the safety department and executive management, while ownership of implementation and performance resides with all departments and operations. Safety should be continually reinforced as a line-organization responsibility. (OSHA, 2015; Choudhry, Fang & Ahmed, 2008; Moraru, Babut & Cioca, 2011)
15. The SMS builds on and improves what already exists. The SMS should fit within the organization’s existing business structure and be tailored to the organization’s needs, operations, risks, processes, culture, and existing strengths.

SMS Benefits

For organizations that are able to implement a strong SMS, there can be many benefits. For example, the Health and Safety Executive in the UK (Greenstreet Berman Ltd, 2006) published six case studies in 2006 illustrating the benefits of implementing an SMS. Some of the business benefits identified in these case studies included the following:

• 50% reduction in absenteeism
• Static or decreased insurance premiums
• Access to wider market based on improved safety outcomes

Another case study published in 2010 describes Newell Rubbermaid’s SMS success, as the company realized an 80% reduction in recordables and an 81% reduction in workers compensation costs after implementing a proactive SMS (Zahn, 2010).

In general, most organizations that adhere to the best practices described above may realize:

• Improved health and safety performance and compliance
• Greater operational efficiency
• Reduced injuries and injury-related costs
• Lower insurance premiums by demonstrating to insurers that risk is effectively controlled
• Better morale when employees see employers actively looking after their health and safety
• Improved reputation that comes with the public noticing the organization’s responsible attitude toward employees
• Improved business efficiency and, correspondingly, reduced costs

Spring is here…warmer temperatures, melted snow, anticipated rain, and, unfortunately, elevated flood warnings. Is your facility set with its flood preparations/Storm Water Pollution Prevention Plan (SWPPP)?

Safeguarding Against Spring Thaw

Many areas, primarily across the Midwest, are at a far higher risk of flooding this spring due to heavy winter snowpack, near record levels of soil moisture, and existing stream flows that are already significantly higher than normal. Spring thaw is a critical time to evaluate potential runoff impacts from storm waters and to ensure compliance with regulatory requirements for storm water management, particularly this year.

Permit Requirements

According to the U.S. Environmental Protection Agency (EPA), “The National Pollutant Discharge Elimination System (NPDES) permit program addresses water pollution by regulating point sources that discharge pollutants into the waters of the United States.” NPDES permits are issued by states that have obtained EPA approval to issue permits or by EPA Regions in states without such approval.

Businesses with specific SIC/NAICS codes are required to have NPDES general permits in place to help assure protection of the nation’s surface waters. If a business is required to have an NPDES general permit, they are also required to have a Storm Water Pollution Prevention Plan (SWPPP) for their site.

What Is a SWPPP?

A SWPPP is a site-specific, written document that is required to comply with a storm water general permit. The SWPPP describes:

• Potential sources of storm water pollution at the site
• Activities to control sedimentation and erosion
• Practices to reduce pollutants in storm water discharges from the site
• Procedures to comply with the terms of the general permit and Clean Water Act requirements

SWPPPs are intended to be “living” documents that are updated to reflect changes at the site. With thawing, raining, and flooding in the forecast, it is important to review the SWPPP and any Best Management Practice (BMP) strategies to ensure the site is effectively managing storm water and meeting permit and regulatory requirements.

SWPPPs and BMP Strategies for Low-Level Contamination

Kestrel recently talked with the Iowa Department of Natural Resources (IDNR) about how sites can manage the potential impacts of storm water runoff due to anticipated flooding. Here are a few tips to share based on discussions and consultation with IDNR:

Q: If the sites have had no known spills and have evaluated the contained storm water (visual evaluation for sheen, pH testing, BOD, VOCs, Tier II chemicals, and/or any requirements listed on their NPDES permit), is it an acceptable management practice for them to pump the storm water from their containment areas if they are filled with storm water? If they can pump the storm waters, where is the best option to pump them to? Is it acceptable for the industry to pump the retained, non-impacted storm waters to a ditch/culvert basin off their industrial site property?

A: Under the conditions described, storm water can be pumped out of the containment areas when the facilities are permitted if they are required to have permits. The water can be pumped anywhere to which storm water runoff could otherwise be discharged. The discharge by pumping is no different than a discharge by natural runoff, but if the water is clean, it is best to pump during low flow to not exacerbate any issues caused by high flows.

Q: If a business meets the SIC code requirement and all they store outside is a garbage dumpster with a poly lid that covers the top, do they still have to have an NPDES general permit and a SWPPP?

A: Unless the dumpster is covered by a storm-resistant shelter that also precludes run-on and subsequent runoff from the area of the dumpster, including loading and unloading areas, a permit would still be required despite the presence of the lid on the dumpster.

Storm Water Preparedness

Kestrel has worked with many industrial sites that have engineered detention basins designed to help with storm water management and, in some cases, containment for chemical spills or fire waters. Frequently, management of these sites during high water events and in compliance with regulatory requirements can be confusing. Kestrel understands how to manage onsite detention basins that have filled with spring thaw waters and rain.

Contact Kestrel today for a 30-minute, no-obligation consultation to discuss your storm water management and permitting needs. We can help you identify and implement SWPPP and Best Management Practice (BMP) strategies to effectively deal with storm water and potential runoff impacts—and ensure compliance with your National Pollutant Discharge Elimination System (NPDES) permit requirements.

Join NACD and Kestrel on Thursday, April 4 at 12:00 p.m. (EDT) for a webinar on the U.S. Food and Drug Administration’s (FDA) Food Safety Modernization Act (FSMA). During this webinar, Kestrel’s Roberto Bellavia, Principal in Food Safety Compliance, will provide an overview of FSMA rules applicable to the chemical ingredients industry, focusing on the receiving, storage, production, blending, and transportation of these products. Register here.

This webinar is a precursor to an upcoming in-person NACD regulatory workshop during which Kestrel will cover the FSMA regulations in-depth. This workshop will take place on June 12-13 in Oak Brook, Illinois, immediately following the Central Region Meeting. Registration for the workshop is forthcoming.

Designing and implementing a compliant Food Safety Management System (FSMS) can help organizations improve in many areas beyond the system’s defined tasks. It is critical for management to align the food safety objectives with the business needs for a successful and meaningful program implementation. Here are some of the top reasons why companies that work in the food industry may want to pursue developing and implementing an FSMS:

10. Identify and categorize the organization’s food safety risks.
Once this information is known, management can prioritize and decide how to eliminate or reduce business risks and liabilities to acceptable levels. These risks are often better controlled through strict management accounting. As a bonus, employees will become more attuned to thinking about risks and helping management improve overall operations.

9. Develop work instructions and/or procedures to guide employees’ actions and to ensure that each food safety task is completed in a disciplined manner and approved by management.
This will reduce the risk to an organization of an employee accidentally making a food safety mistake that causes the employee or others to be harmed (or worse). It also reduces the company’s risk of government inspections, fines, poor public perception, and loss of business due to a possible recall.

8. Assure management that they, in fact, know and understand the regulatory food safety requirements that must be met daily.
These requirements can be a driver of continual improvement by ensuring that the company has up-to-date procedures and work instructions for employees to follow every day.

7. Develop meaningful goals and objectives that drive food safety performance improvements and possibly reduce additional costs.
Each business will have different goals and these goals will likely change each year. Goals assure continuous improvement in food safety performance for the business over time.

6. Create a strong training and educational program that stems from well-written procedures and work instructions and that clearly defines the company’s requirements.
A well-trained workforce is a motivated and happy workforce. Turnover is reduced, accidents and incidents decrease, and production efficiencies increase. Employees are very aware when an organization takes time to ensure that each job requested is completed in the safest manner possible.

5. Develop appropriate monitoring and measurement practices.
Once all food safety requirements (e.g., FSMA, USDA, GFSI) are known and understood, the organization will be able to gauge food safety performance based on scientific data and regulations, and then guide the organization’s actions in a direction of continuous improvement and compliance.

4. Verify the FSMS is functioning as designed and implemented.
By continuously auditing each food safety program and function, the organization will discover issues of concern and non-conformances prior to an incident or agency/certifying body finding. Routine, non-biased audits allow the company to choose a timeframe that will help improve the situation without undue influence by outsiders.

3. Monitor and trend issues of concern and/or non-conformance and the actions used to rectify them through a fully functioning corrective/preventive action program.
As employees watch management fix problems, they will learn that management is concerned about continuous improvement. This will prompt employees to start making their own improvement suggestions. These suggestions will further drive improvement in areas outside the original FSMS.

2. Evaluate the business model and the FSMS in a holistic fashion.
By using this self-reflection and identifying improvement opportunities, management can direct responsibilities for improvement actions across many departments of the company. Each of these improvement opportunities has the potential to help the bottom line and reduce the possibility of a food safety liability now or in the future.

1. Know that the company has done everything to maintain the business in a manner that meets all food safety rules and regulations.
The last and most important benefit for an organization that goes through the process of designing and implementing a compliant FSMS is knowing that the organization has done everything possible to maintain its business in a manner that meets all food safety laws, regulations, and statutes every day the doors are open for business. To a business owner, that knowledge is priceless. This is how brands are built and how they maintain the promise of food safety to consumers.