The need to comply with regulations and standards is a necessary part of every business. In fact, companies need to comply with several regulations and standards at the same time. How this is done can often lead to a duplication of effort and resources all of which contribute to waste.
Within each organization there is often a different role for each compliance program. There is one for: quality, process safety, occupational health and safety, environmental, and so on. This structure often reflects the way accountability for safety is assigned. A benefit of this approach is that it allows each program to advance in maturity at different rates. At the same time, this can and often leads to separate systems each with their own procedures, practices, and supporting technologies. Without having a plan to leverage capabilities the overall compliance program can suffer from: a duplication of effort, inconsistent practices, and a slow down in advancement of overall compliance competencies.
To counter this, companies can take common capabilities that are needed across the various compliance programs, and combine them to benefit from best practices, standard procedures, and shared tools and techniques. To illustrate this, the following chart highlights the elements that require the same or similar capabilities across ISO 9001, OSHA 1910 Process Safety, OHSAS 18001, and ISO 140001 standards:
Compliance capabilities that are in common include: risk management, change management, document management, measurement and monitoring capabilities, and continuous improvement. A next step for companies could be to establish a common document management system, for example, and build out standard processes across their entire compliance program.
By taking a capabilities view to compliance systems, companies can:
Better understand what is needed to achieve compliance
Leverage common capabilities to improve compliance outcomes
Reduce waste in getting there
Plan-Do-Check-Act Questions:
What examples exist within your organization of using different systems to manage similar compliance elements?
What practices are duplicated that could be standardized?
What capabilities are lacking or inconsistent that if improved would significantly improve your compliance program outcomes?
What step can you take to advance those improvements?