Compliance Overview: Standard Operating Procedures
Every organization has rules, policies, procedures, and standards by which its constituents must abide to. The choice to abide must be a voluntary action by the employees to agree and to physically act in accordance with the standards of the organization. This makes the application of standards difficult as they must be communicated to the employee base through documentation, managerial involvement, and company culture. These three principals are the basis for policy acceptance and consistent behavior modification. (See Compliance: Do People or Processes Guide Our Compliance Efforts?)
Culture is passed on through the organization, but it is also constantly evolving – much like the governmental regulations and standards by which our organizations are required to abide by. The SOP guide becomes the living-breathing foundation that evolves with the organization. It becomes the backbone for the personality of the organization.
The goal during the application of Standard Operating Procedures (or SOP) is to create a uniform and detailed set of instructions to achieve a specified standard during organizational operations. SOPs are the instructions that denote how a policy is to be implemented within an organization – or in other words the procedure for the organizational policy. While a policy is an outline on what to react to on external stimuli or situation, the procedure defines the how to schematics of the policy reaction. SOPs are the basis for our job descriptions, training measures, standards for operations, and employee accountability.
Lets take a look at an example of a policy and procedure to better understand SOP application. We can all relate to a fire evacuation plan, this is an important aspect of employee safety. The fire evacuation policy would outline that the company has method or reacting to the external stimuli of a fire. The procedure would then outline the details of the fire evacuation – how the evacuation must be properly executed upon the fire alarm sounding. The procedure outlines answers such as – how do the employees exit the building? Where do the employees meet upon exiting? How does the company ensure everyone is out of the building? Who is responsible for ensuring everyone is accounted for? Simplified, the procedure outlines the steps necessary for execution while providing accountability to the policy. This combination of policy and procedure can be denoted as an SOP.
Read More About SOP Management in SharePoint
The fire evacuation example is a very simplified version of an SOP. We have to keep in mind what else these policies and procedures are being utilized for. In healthcare they denote the standards and procedures by which surgical devices are cleaned and processed. In global organizations they denote the standards on how 3rd party international vendors are selected and utilized for their services. In banking they denote what assets are purchased and how they are processed. In reality, policies and procedures (SOP) govern every aspect of the organizational output.
Organizations Differ In Their SOP Management Structures
Through our consulting experience we have came to understand that SOP structures are organized differently for every organization. Documentation and accountability are two factors that widely vary between companies – mostly due to industry best practices and where the compliance efforts are structured.
First lets take a look at documentation or how the SOP is structured for the organization – documentation is largely based on what technology the organization is using to organize their information. Many organizations are still utilizing a paper based system for their SOP documentation – they create SOPs through email chains then combine all of the procedures into one large publication that is printed and updated as needed. The publication references multiple sheets of amendments and is often difficult to get employees to read and adopt SOPs through paper documentation and training materials. These materials then have to be collected and maintained by administrative staff, with additional costs associated with paper materials and storage. Email provides low accountability and documentation when it comes to the creation audit trails of creating SOPs as it is difficult to reorganize and find information several years later in email chains.
The next level of documentation we have seen is a use of shared department drives to distribute SOP material. Again these materials are created within emails with poor audit trails and lack of approval captures. Often these groups are working in the right direction as they only display information pertinent to specific departments. Instead of one large SOP guide, these groups have often broken SOPs by relevant literature to reduce the amount of clutter the employees have to search through. Often there are multiple shared drives that must be updated by the compliance team which gets quickly confusing when one or two drives are not updated properly. This causes a mismatch of information when policies are not centralized, which can be a regulatory nightmare. (See: Policy Management: Are Your Policies Centralized?)
A major disadvantage of shared drives is the lack of search functionality for the employees – it is not straightforward to find what they are looking for unless they know exactly where it is. Compliance teams struggle to keep all the information cohesive across multiple drives, and employee adoption is not as cohesive. There is not a way to certify that the employee read and agreed to the SOP and adoption is slow.
Read More About SOP / Policy Management Best Practices
Compliance team structures widely vary from organization to organization – some organizations tackle compliance at the HR level, some at the operational, or from the auditing team. This is a function of company culture as well as industry best practices. No matter where the compliance effort comes from, it is important is that the organization has a proactive stance towards compliance.
Accountability for creating SOPs within the organization is often dynamic as policy creation should be a combined effort from both the regulatory compliance team and the operational leaders. One without the other is a recipe for disaster as external regulatory needs must be addressed from an operational standpoint. This poses a significant challenge because operational leaders are not always in the same location as compliance team members – This is where the right technology can bring the right compliance leaders together to collaborate on the creation of relevant SOPs. The creation process and underlying discussions should now be captured to provide pertinent information to upper management while also providing clear audit trails as to how an SOP evolved from creation to implementation. This becomes even more relevant as people come and go from the company to ensure that knowledge is not lost during the movement of human resources.
SOP define what an organization’s policies are while outlining the steps necessary to respond to the situation denoted in the policy. They become our quick reference guide on the daily in-and-outs on how to perform necessary functions. This becomes especially important given the amount of turnover, promotions, and general human resource movement between organizations. They reduce risk by ensuring employee knowledge and procedures are transferred when human resources are lost or otherwise reallocated. Its the quick guide that serves as the basis for our training materials, employee certifications, and the reference when an employee is unsure of how to respond in a given situation.
By having a set of SOP that define the personality of the organization, it sets the standards by which the organization requires its constituents to abide by. In this way it mitigates risk by ensuring that all employees are on a level playing field and have the knowledge of how to act in a given scenario. If this information is not communicated to the employee roles become ambiguous and company culture is not cohesive.
Read More About SOP Management in SharePoint
Organizations can mitigate risk by responding to changing conditions and updating the SOP guide as new scenarios and conditions present themselves. In a society that is constantly evolving, especially at the rate of the digital revolution, it is important that a company is agile in a way that they can recognize a new situation, create policies and procedures around that situation, and proactively distribute the SOP to the employee base in an efficient manner. This is also pertinent when the organization recognizes that an internal process that is currently being utilized does not fit with the mission and values of the organization. By having an agile and proactive stance towards SOP creation and distribution, the organization can reduce risk through quick intervention to unscrupulous business practices.
2. Facilitate Compliance:
As technology and global interaction increase, so will the need for regulatory constraints placed on our organizations – we have seen this with the recent increases in regulatory oversight and requirements. Regulatory measures are meant to be placed to require organizations to act within specific boundaries while protecting groups from capitalistic greed, corruption, and ensuring organizational transparency. Alan Watts foretold this well in 1966 before the advent of much of our technology in use today –
We can take an excursion into an aspect of science-fiction which is very rapidly becoming science-fact. Applied science may be considered as the game of order-versus-chance (or, order-versus-randomness), especially in the domain of cybernetics”the science of automatic control. By means of scientific prediction and its technical applications, we are trying to gain maximum control over our surroundings and ourselves. In medicine, communications, industrial production, transportation, finance, commerce, housing, education, psychiatry, criminology, and law we are trying to make foolproof systems, to get rid of the possibility of mistakes. The more powerful technology becomes, the more urgent the need for such controls, as in the safety precautions for jet aircraft, and, most interesting of all, the consultations between technicians of the Atomic Powers to be sure that no one can press the Button by mistake. The use of powerful instruments, with their vast potentialities for changing man and his environment, requires more and more legislation, licensing, and policing, and thus more and more complex procedures for inspection and keeping records (1).
SOP are a product world we live in with progressive technology and the ability to amass information and applications. Regulation organizes our business around processes and values so that there is a method or transparency to the madness. Even incorporating as a business requires specific procedures to have the ability to engage in the business process. It is a fine line between stifling innovation and ensuring fair practices; this is where we look to regulatory agencies and policy makers to weigh all aspects of policy implementation without favor to specific groups. In application, SOP define the policies and procedures necessary to be in compliance with regulatory measures.
Read More About SOP / Policy Management Best Practices
3. Ensure Corporate Cohesion
SOP are the backbone of the organizational personality that ensures the organization is in compliance while setting organizational culture standards. They provide a method to compare quality to, document an organization’s missions and values, and serve as a reference for the employee. They are the basis of our job titles, our training materials, and hiring standards which become important as human resource effort and organization have an immediate impact on culture success. Without policy and procedure communication to the employee base, there are often multiple ways of processing scenarios that may not be ethical or hold to the organizational standards.
Documentation is an important aspect of Standard Operating Procedures that will always go hand in hand with regulatory compliance. Without documentation there is no basis for our compliance efforts. They record our incidents, our failures, and mistakes so that we can learn from them and take an a proactive approach to creating policies and procedures out of our knowledge learned over the years. Documentation then allows us to pass this knowledge forward.
Now that we have explored the realm of SOP and regulatory compliance, lets take a look at the types of features to consider when looking at SOP solutions.
1. SOP Creation Workflows – SOP creation requires the input of multiple people within the organization – including both operational and compliance team leaders. It takes a team to write the policy which can be tricky as these leaders may not always be in the same physical location. Utilizing technology that makes sure all employees are working on the most current version of the document and captures the discussions around the SOP creation is key. Look for a solution with configurable workflows that encompass every element of policy creation, including drafting, reviewing, approving, revising, amending, and publishing.
2. Approval Workflows – Once SOP are created, they must go through a stamp of approval before they are implemented within the organization. These approvers must understand where the initiative is coming from and the conditions the end users work with to ensure SOP are in line with existing business conditions. It is important to capture who approves what so that there is a clear audit trail as to where the SOP came from and what conditions it applies to. This ensures knowledge and discussions are transferred over the years so that they may be referenced for future concerns.
3. Audit Trails – When an internal or external audit is performed, approvals and employee discussions are key indicators of how and why a policy was implemented. They provide evidence on how the document evolved, who was a part of the process, and where the policy initiative occurred. They are also helpful when it comes time for reviewing policies – organizations know who to talk to or where to look for pertinent information.
4. Version Control – The efficiency of your compliance team to work with operational leaders is important, version control ensures that employees are always accessing the most current version of the document. Often when collaborating through email and shared drives, employees are left out of the loop with reply alls and employees may be working on different versions of the document. By providing collaborative workflows that utilize version control, we get a clear audit trail of how the document evolved and who was involved in the process during what part.
5. Centralized SOP Hub – SOP Software should include a centralized hub that brings employees together in one area for SOP distribution and training. When compliance teams use shared drives there are often multiples of the same policy in different locations which makes it troublesome when it comes time for updating. Often some files are updated while others are accidental overlooked which creates instances where there are multiple differing policies across the organization. By bringing everything together in one hub employees know where to look for information and all information is automatically updated. This material should be automatically distributed upon effective date and retired from the central hub upon expiration so that this is not a manual process for the compliance team.This information should be able to be permissioned off by employee or department so that employees are only looking at information that is relevant to them. This ensures someone from R&D is not also viewing asset procurement procedures, thereby reducing clutter in the SOP document. By providing only relevant material you can ensure the employee can find what they need and the information has more weight in the eyes of the employee.
6. Revision and Amendments – An important feature of SOP software is what happens when a policy comes up for renewal or must be adjusted to reflect new regulation or business need. There should be a streamlined process for retaining the document and the data associated with the document (including approvals, versions, metadata, dates, discussions, and supporting documentation). There should be both a process to amend a document – for instance changing a grammatical error, where there in central oversight an approval trails. There should also be a revision process – a process to review the old policy upon expiration to ensure the policy is meeting relevant business conditions. The documents should always go through an approval process so that there is a clear audit trail as to where the policy implementation came from.
7. Employee Training and Certification / Business Intelligence – A large piece of the compliance puzzle is to ensure that your employees actually read and understand the SOP material your organization provides. This can be difficult through email as there is no way to record whether or not the employee read the SOP email. Instead SOP software should include a training and certification module that automatically distributes materials to your employees upon effective date and requires employee sign off. The solution should remind the employee multiple times upon non-completion of the acknowledgement and send notification to managers upon escalation of non-compliance. This provides managers with actionable insight and business intelligence in the aspect of non-compliance. Managers should be able to run reports on specific departments or facilities to see employee compliance and be able to take action when and where it is necessary.
8. Active Directory Integration – A major component of SOP software is who is going to have to manage the employees within the system. Organizations are constantly evolving, employees are promoted, leave the organization, and new resources are hired. The HR team already has to manage the active directory (the email lists associated with employees and departments) why not find a solution that actively integrates with your active directory so that HR doesn’t have to manage yet another program? Your SOP certification should also integrate with your active directory so that employee non-compliance issues are directly reported to the right people so that they may take action where necessary.
The ConvergePoint Solution – SOP Management Software for SharePoint
ConvergePoint has introduced best practices in SOP management within the Microsoft SharePoint Platform. We have been a part of the movement towards enterprise content management on SharePoint – allowing quick SOP business process implementation into your organization’s existing SharePoint environment.
Our SOP / Policy Management Solution brings all of your employees into one central hub for all of your SOP needs including SOP Creation, SOP Distribution, and SOP Training and Document Acknowledgement. The solution is completely configurable to capture your data needs, while being flexible with specific viewing permissions based on integration with your active directory. We manage the entire lifecycle by creating checks and balances within the system, create complete collaboration audit trails, and capture all approvals and managerial sign offs. We provide an acknowledgement portal to ensure employees read and agree to abide by the SOPs you created, while capturing the data you need about their sign offs.
Our software implementation team automates your entire SOP lifecycle with a turn key solution that allows quick transfer of legacy SOP documents. The solution is cost efficient as it utilizes your current SharePoint environment and allows the movement of Legacy SOP documentation over quickly and straightforwardly.
Free whitepaper achieving efficien policy & procedure Management
Industries served
Manufacturing and Retail Industry
Many manufacturing and retail companies have a decentralized business model with
Healthcare
The healthcare industry encompasses a wide range of facilities from hospital
Financial Services and Banking
Every organization in the financial service industry — whether a commercial bank,
Insurance and Employee Benefits
The insurance and employee benefits industry knows more than anyone else
Energy and Utilities
Navigating the increasingly complex regulatory requirements can be tough for
Transportation
Abide by FAA, DOT, FMCSA, FRA and FTA regulations, educate drivers and third party vendors on guidelines, and streamline overall compliance.