Savvy Compliance Strategy Can Ease GMP, Electric Reliability Regulatory Challenges

Article title
Sal Lucido, VP Enterprise Solutions, AssurX

Sal Lucido, VP Enterprise Solutions, AssurX

The primary function of the compliance department is to ensure that the company complies with all of the applicable regulations, rules, and laws. Regardless of industry (life science, energy and utilities, financial services, etc.) this is a universal charter.

As someone who serves customers across many heavily regulated industries, I think I’ve got a unique perspective — and I’d like to share some of what I’ve learned along the way in the hopes that it helps you in some small way .

One particularly useful tool I see used across all industries is what I call the ‘Circle of Compliance’. Before I explain this concept, let’s take a deeper look at the job of the compliance department.

As I’ve already mentioned, the compliance department is put in charge of ensuring that all applicable compliance requirements are met. For example U.S. medical device companies must comply with the FDA’s Good Manufacturing Practices (GMP). Regulation 21 CFR Part 820.90 states that each manufacturer shall establish and maintain procedures to control product that does not conform to specified requirements. So the compliance department must determine if their company follows this process.

This is not so different from a U.S. power company that owns transmission lines. They must comply with Reliability Standard FAC-003 that mandates a clearance be maintained between transmission lines and vegetation. It also requires the company to report any vegetation related outages. These are different industries and different regulators (FDA, NERC), but each has the same fundamental task.

So how does the compliance department go about ensuring these regulations are met? Typically they audit the company for compliance. If there is a gap between the requirement and current practice, they work with the appropriate departments to close the gap. Take a look at this illustration for a visual representation of this ‘push’ exercise.

Relying on the Compliance Department to close compliance gaps is a time consuming, never-ending job…

Relying on the Compliance Department to close compliance gaps is a time consuming, never-ending job…

You can see from the illustration that this is a manual task. The problem is that it is a time consuming, never-ending job. As soon as the compliance department shifts their attention to another area of the company, compliance gaps can (and usually do) reappear. This is then addressed with ‘periodic’ audits. What we end up with is an endless and expensive merry-go-round of audits and fixes.

The solution? Set up a process that continuously ‘pulls’ the operations towards the regulations. I’ve illustrated this type of system below.

…it is better to implement processes that automatically and continuously close compliance gaps.

…it is better to implement processes that automatically and continuously close compliance gaps.

You can see the advantage of this system from the illustration. It does not require the constant and repeated attention of the compliance department.

So what is this process? I call it the ‘Circle of Compliance’ as illustrated below.

The Circle of Compliance

The Circle of Compliance

In a nutshell, this is a closed-loop corrective/preventive action process. While you might recognize the process as it relates to quality systems, you may not have considered its application to the job of regulatory compliance.

This is how the process works: Let’s look at the U.S. power company that must ensure that trees are kept away from transmission lines. Of course the compliance group would first check to make sure the vegetation inspection and removal procedure is ‘Documented’ adequately.

Next the compliance group would see if there is a ‘system’ in place for monitoring that the process remains effective. This is the ‘Check’ part of the process. Also they would ensure that there is a process for documenting problems such as vegetation related outages. Most compliance departments do a good job of auditing these two steps, but it is crucial that the next two steps are completed.

Any and all problems with the vegetation monitoring system must be ‘Tracked’. This means they must be documented in a system that links directly to the next step: Improve. All problems must be looked at to determine how the problem occurred and how the system can be ‘Improved’ to prevent reoccurrence. This improvement must then result in a change to the ‘Documented’ process followed by retraining of the workforce to the new process.

If implemented properly this closed-loop ‘Circle of Compliance’ will save the company time and money while improving its ability to comply with industry regulations.

Next time: I’ll explore each of these steps (Document, Check, Track and Improve) in more detail.

Read Part II, III and IV.

Sal Lucido is Vice President, Enterprise Solutions at AssurX, Inc. You can follow him at





Showing 5 comments
pingbacks / trackbacks

Leave a Reply

Quality Management Software
AssurX Quality + Compliance ManagementA single versatile system can improve quality, compliance and streamline workflow
Don't Miss A Post

Subscribe to our blog to receive an email when we publish new content.

Recent Posts
Quality and Compliance Systems for Every Enterprise
A single versatile system can improve quality, compliance and streamline workflow.