Embed Size (px)
DESCRIPTION
This presentation looks at how learning technologies and processes from highly regulated industries are filtering down to non compliance orientated businesses. We will focus on examples from Aviation and Life Sciences industries and how these can benefit the broader community.
Citation preview
The Trickle Down Effect of Compliance
January 29th, 2014Liam Butler, General Manager EMEA
What we will discussThe importance of compliance
Compliance and risk management requirements for L&D
LMS compliance and quality management features
Case studies – validating an LMS in the aviation, pharma & medical devices industries
How about non-compliance-oriented businesses?
Compliance-oriented industries
Compliance in highly-regulated industries
1. Authenticity - validated identity authentication (e.g. e-signatures or physical identification)
2. Integrity - secure infrastructure (e.g. ISO 27001)
3. Confidentiality - data privacy & control (e.g. Secure SaaS)
4. Availability - system architecture (e.g. intrusion/DOS detection & prevention)
5. Auditability - tracking & reporting
6. Regulations (e.g. 21 CFR Part 11, EU GMP equivalent)
SHOW OF HANDS
How important is compliance training to your organisation? Not at allSlightly ModeratelyVeryCritically
How important is your organisation’s need to demonstrate learning compliance to some external regulatory agency?
10.2%
23.5%
25.9%
40.4%
Not at all
Somewhat
Very
Critical
Source: Brandon Hall Group: BHG, Compliance, 2012 N=399
11.6%
27.9%
25.6%
34.8%
Overall EMEA
Preparedness is key
Highly Prepared Very highly prepared0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
High Performers
Low Performers
How prepared would you consider your organisation to be right now for a compliance audit?
Source: Brandon Hall Group: BHG, Compliance, 2012 N=399
SHOW OF HANDS
How is most of your organisation’s compliance training delivered?
Custom e-learningClassroom instructionOnline simulationsVirtual classrooms
How is compliance training delivered?
50.8%
30.8%
13.3%
7.5%
6.4%
4.1%8.8% Learning Management System
In-house developed system
Paper-based system
Content Management System
HR information system
Incident tracking system
Other
Source: Brandon Hall Group: BHG, Compliance, 2012 N=399
Overall
Compliance
Compliance is the #1 driver within highly-regulated industries
Comprehensive LMS functionality required:Access control and
e-signaturesTracking & auditingCompliance reporting
Key regulations
Aviation – EASA, CAA, TRTO, etc.
Finance – FCA, RDR, CII, SOX, etc.
Pharma – The GXPs (GLP, GMP, GCP)US FDA, e.g. 21 CFR Part 58, 210, 211, 820EU GMP – 9 chapters & 20 annexesUK Medicines & Healthcare Products Regulatory Agency (MHRA)
Data protection & local labour law
What is compliance training? Is it quality management? Compliance training is mandated training
Often multiple sources for mandatory training Internally mandated policy Legislation
Mandated training has several actions Courses, visual observations Tests and exams Documents that must be read and formally acknowledged in the case of Standard
Operating Procedures (SOPs)
Compliance training must be documented The completion of the training must be tracked and reported The completion may be measured by attendance, progress through a course, test
results, or a learner or supervisor’s signature (e-signature).
Key principles of compliance
1. Say what you doHave a written procedure that states what you do
2. Do what you sayFollow the procedure If there is a deviation – write what was doneDo you need to revise the procedure?
3. Document itWritten or electronic evidence is needed to demonstrate that the
procedure was followed
Compliance Training is part of a systematic approach for an organisation to prove it is controlling and recording a documented process in line with the regulations.
LMS compliance and quality management featuresSecurity
Hosting – infrastructure (the role of SaaS)User verification – tokens, IP address, etc.Application security – vendor audit
Audit TrailEvidence of behavior
E-Signatures
Certifications – exams, training & SOPs
Reporting & Analytics
Modern trends in real-world management of compliance Preparation: Plan for regulation specific requirements (such
as 21 CFR 21 Part 11)
Common management processes: Step 1: Communicating Requirements to UsersStep 2: Pushing Out Compliance TrainingStep 3: Monitoring Compliance and Follow-upStep 4: Optional validation and auditing
Pushing out compliance training
Not common: Self enrollment
Manager-based assignment Common: Administrator identification and bulk/batch
assignment. Not Common: External Batch Assignment (perhaps file from
external system) Very Common: Rules-based Assignment (e.g. new employees
with job title “Branch Manager”) Very Common: Automated. For example, expiration of a
certificate results in automatic new enrollment .
Communicating requirements to usersMost Common Technique: Push out requirements to users versus
self enrollment (next slide)
Email Notifications (bulk direct, automated, rules based)
Graphical Learning Path
Multiple Implementation Strategies Assign Individual Modules/Exams Define Complex Programs (mandatory and optional blended learning) Certifications for ease of tracking status and renewals, grace periods,
etc. Talent (Job Profiles/Competencies)
Monitoring compliance and follow-upCommon: Set deadlines/expiration: automatic email
notifications alert managers and administrators
Most admins: Drill-down Analytics
Common: Ad-hoc and Regularly Scheduled (often weekly) reports distributed to managers
Common: Re-enroll automated handling versus email notification handling
SHOW OF HANDS
Does your organisation conduct training gap analysis/risk assessment for compliance?
Yes No I don’t know
Compliance – theimpact of analytics CLIENT
Nuffield Health is the UK’s largest not for profit healthcare organisation 31 private hospitals, as well as a chain of fitness and well-being gyms in 200 locations in
the UK Over 10,000 employees
CHALLENGE Enterprise-wide risk management (“Automatic Compliance Engine”) Actionable compliance analytics based on individual employee risk profile
Automatically generated training plan custom to each employee Notification alerts to employee & business line manager Ongoing risk reporting to governance subcommittees and board stakeholders
RESULTS Solution: NetDimensions Learning & NetDimensions Performance (SaaS) Differentiators: Configurability, continuous innovation, overall TCO De-facto risk & compliance management platform Four-fold increase in auto-enrolments in compliance training, cost savings of £465,000 yearly
(based on streamlining learning)
Piecemeal collection of products Organically developed, fully integrated suite
One-size-fits-all Fully configurable for a personalized user experience in 34 languages
Monolithic, closed system Open architecture with public APIs &best-of-breed integrations
Inability to scale in complex environments Ideal for highly regulated industries withboth on premise and secure SaaS options
Limited mobile capabilities Comprehensive mobile offeringincluding on tablets & smartphones
Hidden ongoing costs =>low customer satisfaction “No client left behind” pledge
Other Solutions NetDimensions Talent Suite
Why NetDimensions
Our market focus
Our Market Focus – Compliance
Product portfolio – focused on compliance
How about non-compliance-oriented businesses?
Compliance covers a wide range of strategic and operational needs in many types of businesses.
Many of the techniques related to compliance also apply to simple “business requirements” management in non-regulated industries.
Automated management really does help in resource constrained or widely dispersed organisations!
A few suggestions to make compliance easier
1. Talk to your legal team and compliance officer to better understand who is responsible and what.
2. Define clear requirements and objectives for the training and LMS implementation.
3. Question your vendor and demand a software validation for the LMS.
4. Make compliance an on-going part of your business via well-defined workflows
QUESTIONS?
