Another question that needs to be answered is who will carry out and with what frequency periodic verification (assessment) and whether these requirements are met by the organization or not.
Due to the multitude of requirements resulting from various documents, conformity assessment is not an easy process to organize. Often the problems that arise concern how to carry out the verification of compliance with the requirements, who is to perform this verification and, most importantly, how to document the results of the conducted assessments and who is to finally check these results.
Due to these and many other problems, the compliance assessment mechanism is often narrowed down to a selected group of requirements, and the rest is left outside the assessment area. Such a situation may cause that, despite the obligation to know the requirements resulting from the applicable law, this awareness is insufficient, which may lead to an increased risk related to non-compliance with these requirements.
During inspections carried out by authorized inspection units, irregularities related to non-fulfillment or improper implementation of requirements resulting from the legal basis to which the scope of the inspection relates are often found in the organization’s activities.
Additionally, the concept of conformity assessment appears in the requirements of standards related to management systems. Assessment of compliance with legal requirements, in terms of environmental protection, occupational safety, business continuity, etc.
If in your organization the subject of compliance assessment with the requirements resulting from internal regulations or from generally applicable law needs to be improved, but you have no idea how the improvement should be implemented, the BPM Compliance module is the solution.
The functionalities of the module have been designed in such a way that the Content Owner assigned to the document from which the requirements arise (or another authorized person) could run an analysis of the requirements resulting from the document and, during this analysis, define specific requirements for the organization.
For each of the requirements, it is indicated which organizational units the requirement applies to and assigned to which area of activity it relates. In addition, it is specified who and with what frequency will verify the compliance of activities in a given area, and if necessary, many responsibilities can be indicated.
On the basis of the indicated definitions, the system will send the defined users the task of carrying out and documenting the results of the conformity assessment carried out in the system at the indicated time.
Conformity assessment may show the fulfillment, non-fulfillment or partial fulfillment of the requirements.
In each case of incomplete compliance with the requirement, the system will require defining the cause of this situation and launching the necessary actions to remove non-conformities and their causes. In this regard, the module is supported by the functionality of the BPM module for Improvement Actions (link), which contains a predefined flow of recommendations related to non-compliance resulting from the compliance assessment.
In addition, the system has a built-in matrix showing which requirement to which organizational cells has been assigned. In the event of non-compliance with the requirements and implementation of corrective actions in relation to them, the system allows you to monitor the progress in the implementation of activities, as well as a quick summary of the number of identified non-conformities.
The module integrates:
- with the Audits module – which, based on the issues that can be defined in the system for each of the requirements, can download to the definition of a planned audit the issues to be examined as audit questions (optional integration);
- the Document library module in the scope of the possibility of launching the requirements analysis on each of the documents
- the Improving actions module (link) – in which the actions taken in relation to the non-compliance identified as a result of the compliance assessment are documented.
Compliance management is a topic raised both among small, medium and large enterprises, as well as in public administration units.
The Compliance module is intended for organizations that want to collect information on the level of achieved compliance with the requirements applicable to the organization.
If there is an assessment of compliance with the requirements in your organization or the mechanism of its implementation requires improvement, the BPM Compliacne Module is the solution for you.
BPM Compliance module is a solution operating in a web browser and communicating with users through tasks assigned in the system, as well as e-mail messages addressed to system users. Moreover, the system enables:
- Defining the requirements resulting from the documents included in the document library;
- The possibility of creating documents such as a legal act from the library level and defining the requirements for documentation from individual acts of generally applicable law;
- Conducting periodic analyzes of the validity of defined requirements and their updating;
- Defining for each of the requirements which organizational units it relates to and who and with what frequency will conduct the assessment of compliance with the requirements;
- Running compliance assessments ad hoc and automatically, according to the planned frequency;
- Confirming the compliance of the operation with the requirement, or defining non-compliance with the requirement and their causes;
- Activation and supervision in the system of corrective actions taken in relation to non-compliance with the requirements;
- Reporting progress in the implementation of actions aimed at removing non-conformities;
- Ongoing monitoring of the progress in the implementation of activities in relation to non-compliance with the requirements;
- Monitoring the status of the compliance assessment as well as the level of compliance with the requirements;
- Generating a matrix of relations between requirements and organizational cells;
- Optional definition of issues that require checking within a given requirement, which can be presented in the Audit module (link) as audit questions;
- High flexibility of the system in designing new functionalities for the individual needs of the Ordering Party.
When assessing compliance with requirements, the most common problem is a high level of generalization of requirements, omitting some of the requirements subject to compliance assessment, and high bureaucracy in the process.
The solution is to introduce a mechanism that allows for precise determination of the requirements resulting from the documents and their proper addressing in the organizational structure. This ensures quick access to information answering the question “What obligations do I have to fulfill?” and makes it easier to answer the question about meeting these requirements. An IT tool with a built-in workflow allows for unambiguous collection and presentation of compliance assessment results. In this regard, the Compliance module is the right solution.
If the assessment of compliance with the requirements is carried out correctly, it is possible, without any additional involvement of time and human resources, to prepare a report presenting the compliance level for each of the requirements subject to assessment. In the event of non-compliance with the requirements, it is possible to quickly answer the question which requirements have not been met, from which document they arise and what is the status of implementation of actions aimed at removing irregularities.
If this information is not readily available in your organization’s compliance assessment mechanism, you should consider using the BPM Compliance tool.
A large manufacturing enterprise assessing compliance with generally applicable procedures. The results were collected from each organizational unit in spreadsheets. It took a month to analyze the collected data and collect the results. The implementation of BPM Compliance was supposed to shorten the time spent on preparing summary results of the compliance assessment. The assumption was achieved - collecting the results and preparing a collective report in the current scope was shortened to 1 day.
An entity with a multi-site structure that conducts compliance audits in relation to internal regulations. In order to confirm the compliance of their implementation, he prepared a list of audit questions with regard to each requirement, without a detailed analysis of each document. The implementation of BPM Compliance made it possible to create a database of issues, which was supervised by the owners of regulations who wanted to obtain clear evidence confirming that the requirements were met within specific issues.
An organization maintaining a health and safety management system adapted to the compliance with the requirements of ISO 45001. So far, it has kept a register of legal and other requirements in the form of a table in a spreadsheet without compliance assessment. In order to ensure compliance with the requirements of ISO 45001, the Compliance module was used, which enables planning and periodic documentation of the assessment of compliance with the requirements resulting from legal regulations and other OHS requirements.
Related blog articles
Krajowy System Cyberbezpieczeństwa to wymagania dla operatorów usług kluczowych oraz usług cyfrowych. Czym są te wymagania opisane w dość oszczędny sposób w Ustawie? Co mówi sama ustawa o tym jak zapewnić bezpieczeństwo i ciągłość realizacji usług kluczowych?
Częstym problemem organizacji jest zapewnienie efektywnego i gwarantującego właściwą rozliczalność kanału komunikacji wewnętrznej, np. związanej z realizacją praw podmiotów danych, czy zgłaszaniem i obsługą naruszeń ochrony danych osobowych
Ile faktycznie zajmuje identyfikacja i realizacja praw podmiotu danych? Czy nasz rejestr czynności wspiera realizację praw? Czy potrafimy automatyzować procesy realizacji praw podmiotu danych?