Can Electronic Systems Foster Compliance?

Executive Summary

Compliance with standards and regulations is an important part of doing business in both domestic and global markets. Traditionally, compliance has been sought through paper based processes and associated support systems. These systems are often cumbersome, with reporting and record retrieval taking days or even weeks to complete. One solution is to implement an electronic system that can replace paper based data recording methods.

When selecting an electronic system to use for regulatory compliance, it is important to consider the system’s functionality in relation to the four major factors of any standard: Data Capture, Records Management, Best Practices and Responsibility.

The electronic system must be powerful enough to capture all current and future data that standards require of businesses, robust and scalable enough to manage thousands of observations gathered over long periods of time, flexible enough to allow businesses to adapt to changes in best practice recommendations, and be secure enough to give confidence to auditors that electronic signatures and workflow control is reliable.

One electronic system that has been built from the ground up with compliance in mind is InformationLeader. The system has been installed at businesses in heavily regulated environments for many years, with data stored in the system being audited successfully by industry bodies around the world.

Introduction

One of the biggest challenges that businesses competing in the global marketplace face is compliance with standards and legislation. With a myriad of standards, regulations, and state, federal and international laws that organisations must adhere to, compliance becomes an overwhelmingly convoluted and expensive proposition that can draw a business ever further from its core competencies.

This paper looks at how organisations can respond to this challenge by breaking down the key requirements shared by standards and legislation, and how organisations can use an electronic information management system to achieve compliance. Furthermore, it examines ways of using the captured information to increase competitiveness and to enable process refinement.

The legality of electronic records

One of the first considerations when deciding to use an electronic system to record business information is to determine if electronic records are legally sufficient in the business’ specific industry. Electronic transaction acts world wide validate the majority of electronic records as legally permissible in court. These laws also validate electronic signatures and electronic communication as legally binding, provided that the organisation uses electronic systems that can ensure the security and validity of the recorded information.

Organisations must also consider that various industry sectors in areas such as health care still carry a requirement for paper based copies records to be held. Businesses that operate with sensitive information should consult with legal representatives to determine if electronic records are sufficient.

Compliance with standards and regulations

Different industries have specific standards and regulations to abide by. In regulated industries, standards are enforced through legislation, making compliance a requirement to do business. Businesses in other industries follow standards to remain competitive and meet customer expectations.

Numerous standards and regulations exist across the globe, each made up of countless factors. Generally speaking, standards and regulates can be broken up into four key categories: Data Capture & Reporting, Records Management, Best Practices and Responsibility.

Each area places different demands on electronic systems and businesses must determine if the system they are choosing can help them achieve total compliance.

Data Capture & Reporting

Quality standards and regulations in many industries dictate what specific information needs to be captured for auditing and continual process improvement. Codes and legislation may enforce the level of detail that must be captured during production or provision of a service. To add further complication, these standards go through several revisions, changing the level of detail required to be captured over time.

In a paper based system, adherence to these requirements is relatively straightforward. Paper forms are designed to capture all the required information, with the paper stored as the data is captured. As regulations change the template is updated and new information is recorded. When an auditor reviews historical documentation they can view the revision number and determine that an adequate level of information had been captured at the specific time.

Paper based systems become cumbersome for data retrieval and collation, with storage space to house thousands of paper forms for years a major consideration. It can take hours to locate a single form, while gathering enough information to perform trend analysis and other statistical functions can take full time employees weeks to prepare.

An electronic system to replace existing paper based data capture excels at data extraction, collation, and analysis. Powerful search, filter, and reporting tools can expedite audits and provide a much clearer view of the organisation’s health status. Not all electronic systems are suitable for businesses in regulated industries, however. To remain compliant with standards and regulations, the system must be sufficiently flexible to adapt to changing requirements, while still remaining secure and maintaining full audit trails for each transaction with the system.

Many software programs exist that can generate electronic forms with searching and data reporting features. Fewer offer both flexibility in design while still maintaining comprehensive audit trails and change histories. Finding a software package that maintains the same level of flexibility and auditability required while taking full advantage of the electronic nature of the data is even more difficult. One such electronic system that has been working in auditable industries for a number of years is InformationLeader.

InformationLeader is a platform for the electronic management of auditable data in a regulated environment. Electronic forms in the system maintain full audit trails on individual data fields as well as the business process that manages the forms. To replicate the auditability of paper, electronic templates can go through multiple revisions ensuring that when an auditor looks through records entered five years ago, the forms look exactly the same as they did when the operator entered the data. Even reporting is versioned to ensure that when a report is re-run it will look like it did when it was originally generated.

Records Management

With various electronic transaction acts around the world validating the use of electronic records and transactions for record keeping, systems must be adequately robust to cope with both compliance and business requirements. Electronic systems must exhibit appropriate levels of record integrity, and maintain information about each form such as authenticity, author identity and date of creation. New legislation and initiatives in some countries require even greater levels of detail.

Record keeping systems must also be capable of handling large amounts of information. Various quality methodologies and more specifically the standards based on these methodologies such as ISO 9000 mean that some businesses generate hundreds of pages of compliance documentation a day. These records are usually maintained for up to seven years, meaning that a substantial amount of information is accumulated in the system at all times. An electronic system must be sufficiently scalable to be able to adapt to a growing level of information and have a high level of dependability.

Security is also emphasised in most regulations and record keeping guidelines, with businesses required to ensure to only people operating under certain roles have access to information in the system. An electronic system must have a security model granular enough to allow varying levels of access.

InformationLeader meets these requirements through an extensive feature set. All data fields entered or changed in the system are ‘stamped’ with the user’s name and the date that information was entered or altered. Change histories are also kept for each piece of information. All other form information is stored in the system and can also be reported on. Security is roles based, mirroring existing security systems that restrict and grant access through roles based permissions. InformationLeader also offers integration with security models offered by various operating systems. The system can also scale with the needs of individual systems, being installed on a range of devices from a single server through to multiple node server clusters, increasing the dependability of access and system performance.

Best Practices

Numerous quality standards exist that provide guidance in various industries. Consortiums and other industry bodies lay out specific requirements and systems to set out best practice guidelines in specific industries. These groups are motivated by the desire to raise the profile of the industry as a whole through high quality products and services. These standards include the Current Good Manufacturing Practices (CGMP), Current Good Laboratory Practices (CGLP), and the Current Good Clinical Practices (CGCP). These standards aim not only for high quality products and services now, but also continuous process improvement for the future.

As with other types of standards and regulations, current good practice standards require specific details to be covered and maintained in the system. The ‘Current’ nature of these best practices means that these requirements will change, and systems need to accommodate these changes.

InformationLeader supports these best practices by offering a highly customisable system that is configurable by end users with no prior programming experience. Trained end users can change form layout and design, applying features such as alerts and email notifications, connections to external databases, workflows and document attachments with full confidence that all form templates will have the traceability required to capture the compliance information demanded by the current best practices for the industry. There are also dozens of highly configurable, pre-made templates available for InformationLeader that replicate paper based forms from a wide range of regulated industries.

Responsibility

An important part of any compliant system is a clearly defined and enforceable approval process. From document release control to signing off forms, an approval process needs to be auditable and secure to achieve compliance and business security.

When auditors of various kinds first approach a business one of the first requirements is that someone representing the organisation step the auditor through their business processes. This requires businesses to have well defined procedures for many aspects of their day to day business processes. Electronic systems can help organisations gain better control and monitor their processes. Numerous off the shelf solutions exist for business process control. Important factors to consider from a compliance viewpoint is the need for full action histories for all stages of the business process and the ease of which process history and associated information can be retrieved during an audit.

A large part of business processes is approval and sign off. Electronic signatures have been proven in courts around the world as legally binding in a multitude of different scenarios from as far back as a contract agreement sent through Morse code in 1869. Jurisdictions worldwide have accepted the validity of electronic signatures in various forms including entering a PIN, signing a digital tablet, sending a fax, and confirming via email. The most important requirement for an electronic signature is that the person signing the record is doing so consciously of their own free will and that the signature is logically associated with the contract or record in question.

One electronic solution that many businesses have chosen to track and manage their chain of responsibility is InformationLeader. The software maintains an audit trail that tracks the location of information in an organisation and features reports that show the current status of various jobs and tasks performed as part of the business.

Signatures in InformationLeader function in a similar way to logging on to banking websites. Users select the electronic form, document, or individual observation on a form and type a user name and password to indicate that they are choosing to sign. The form is then locked down; assuring the signatory that there is no way to modify the form now that it has been signed.

Conclusion

One of the great business challenges in the global market is compliance with regulations and meeting customer expectations through industry standards and self imposed quality measures. The result is an increase in compliance documentation and greater control over business processes. Electronic systems have emerged as a powerful tool for managing and control this information. Businesses need to be assured that the electronic system they use allows their business to remain compliant with all related regulations and that the system is flexible enough to allow their organisation to adapt to changing requirements.

InformationLeader is an example of a software solution that has been designed with compliance in mind throughout all aspects of the system. Its expansive feature set has seen the software successfully installed in businesses from a wide range of regulated industries. Over the past decade, data recorded in InformationLeader systems have been successfully involved in audits from regulatory bodies around the world.