Call Us Today: 608-226-0531

Blog

06 Sep
Top 8 Tips for Building a New Compliance IMS

Designing and implementing a new compliance Information Management System (IMS)—or improving an existing one—is not a task to be taken lightly. Change when it comes to any IT system is significant because of the investments of time, money, and resources required, not to mention the disruption to the current way of doing things. That is why it is important to do your homework before jumping in with a system that, if not properly designed, may not meet your needs in the long run.

The following eight tips can help ensure you end up with the right compliance IMS and efficiency tools for your organization:

  1. Inventory your existing systems – Identify how you are currently managing your compliance needs/requirements. What’s working well? What isn’t working? Do the systems work together? Do they all operate independently? This inventory should evaluate the following:
    • Current systems and tools
    • Status and functionality of existing processes
    • Data sources and ability to pull information from various sources
    • Organizational complexity
    • Compliance status
    • Existing management systems
  2. Determine your business drivers – Are you looking to save time? Create efficiencies? Reduce the number of resources required? Have better access to real-time information? Answer to senior management? Respond to regulatory requirements? These drivers will also drive the decisions you make when it comes to module development, dashboard design, reporting, and more.
  3. Understand the daily routine of the individuals using the system – Systems and modules should be built according to existing daily routines, when possible, and then implemented and rolled out in a way that encourages adoption. Having a solid understanding of routine tasks and activities will ensure that the system is built in a way that works for the individuals using it.
  4. Understand your compliance requirements – Do you have permitting requirements? Does your staff need training? How do you maintain your records? Are there regular (e.g., annual, semi-annual) plans and/or reports you need to submit? Do you have routine inspections and monitoring? All of these things can and should be built into a compliance IMS so they can be managed more efficiently.
  5. Get the right parties involved – There are many people that touch a compliance IMS at various points in the process. The system must be designed with all of these users in mind: the end user entering data in the field, management who is reading reports and metrics, system administrator, etc. A truly user-friendly system will be something that meets the needs of all parties. If employees are frustrated by lack of understanding, if the system isn’t intuitive enough, if it is hard to put data in or get metrics out, the system will hold little value.
  6. Make your wish list – While you may start your project one module at a time, it is important to define your ultimate desired end state. In a perfect world, how would the system operate? What parts and components would it have? How would things work together? What type of interfaces would users have?
  7. Set your priorities, budget, and pace – What is the most important item on your list? Do you want to develop modules one at a time or as a fully functional system? It often makes sense to start where you already have processes in place that can be more easily transitioned into a new system to encourage user buy-in. Priorities should be set based on ease of implementation, compliance risk, business improvement, and value to your company.
  8. Select the right consultant – For a compliance IMS, it is valuable to have a consultant who doesn’t just understand technology but also understands your operational needs, regulatory obligations, and compliance issues. An off-the-shelf software solution isn’t a silver bullet. A consultant who can understand the bigger picture of where you want to go and will collaborate to design the right compliance IMS and efficiency tools will bring the most value to your organization.

That is exactly the forward-thinking perspective Kestrel takes on all projects—thinking beyond individual efficiency tools, considering the desired state, and determining how technology can make that happen. By coordinating technology and compliance expertise, Kestrel offers unique capabilities and perspective. Our EHS and food safety professionals understand
the regulatory obligations, business needs, and needs of the users. This drives design and development of the right compliance IMS and efficiency tools. That includes the time it takes to develop, adapt, and populate your compliance IMS, including:

  • Understanding the bigger picture of where you want to go. We ensure your system is scalable and flexible; upfront planning
    enhances the outcome more efficiently.
  • Collecting and organizing the information in a way that reflects how you conduct business and that aligns with other
    systems/processes.
  • Offering guidance on compliance best practice and what modules and level of customization will bring you the most value.
  • Providing as needed compliance support (e.g., review of existing forms and checklists, program improvement, development of
    training content, compliance audits, audit protocol).

04 Sep
Technology & the 8 Functions of Compliance

Virtually every regulatory program—environmental, health & safety, security, food safety—has compliance requirements that call for companies to fulfill a number of common compliance activities. While they do not necessarily need to be addressed all at once or from the start, considering the eight functions of compliance (as outlined below) when designing a compliance Information Management System (IMS) helps define the starting point and build a vision for the “end point” when planning IMS improvements. These compliance functions translate into modules—facility profiles, employee counts, training tracking, corrective action tracking, auditing tasks, compliance calendars, documents and records management, permit tracking, etc.—that are instrumental in establishing or improving a company’s capability to comply. 

8 Functions of Compliance

  1. Inventory means taking stock of what exists. The outcome of a compliance inventory is an operational and EHS profile of the company’s operations and sites. In essence, the inventory is the top filter that determines the applicability of regulatory requirements and guides compliance plans, programs, and activities. For compliance purposes, the inventory is quite extensive, including (but not limited to) the following:
    • Activities and operations (i.e., what is done – raw material handling, storage, production processes, fueling, transportation, maintenance, facilities and equipment, etc.)
    • Functional/operational roles and responsibilities (i.e., who does what, where, when)
    • Emissions
    • Wastes
    • Hazardous materials
    • Discharges (operational and stormwater-related)
    • Safety practices
    • Food safety practices
  2. Authorizations, permits & certifications provide a “license to construct, install, or operate.” Most companies are subject to authorizations/permits at the federal, state, and local levels. Common examples include air permits, operating permits, Title V permits, safe work permits, tank certifications, discharge permits, construction authorization. In addition, there may be required fire and building codes and operator certifications. Once the required authorizations, permits, and/or certifications are in place, some regulatory requirements lead companies to the preparation and updating of plans as associated steps.
  3. Plans are required by a number of regulations. These plans typically outline compliance tasks, responsibilities, reporting requirements, schedule, and best management practices to comply with the related permits. Common compliance-related plans may include SPCC, SWPPP, SWMP, contingency, food safety management, and security plans.
  4. Training supports the permits and plans that are in place. It is crucial to train employees to follow the requirements so they can effectively execute their responsibilities and protect themselves, company assets and communities. Training should cover operations, safety, security, environment, and food safety aimed at compliance with regulatory requirements and company standards and procedures.
  5. Practices in place involve doing what is
    required to follow the terms of the permits, related plans and regulations.
    These are the day-to-day actions (regulatory, best management practices,
    planned procedures, SOPs, and work instructions) that are essential for
    following the required processes.
  6. Monitoring & inspections provide
    compliance checks to ensure locations and operations are functioning within the
    required limits/parameters and the company is achieving operational
    effectiveness and performance expectations. This step may include some physical
    monitoring, sampling, and testing (e.g., emissions, wastewater). There are also
    certain regulatory compliance requirements for the frequency and types of
    inspections that must be conducted (e.g., forklift, tanks, secondary
    containment, outfalls). Beyond regulatory requirements, many companies have
    internal monitoring/inspection requirements for things like housekeeping,
    sanitation, and process efficiency.
  7. Records provide documentation of what has
    been done related to compliance—current inventories, plans, training,
    inspections, and monitoring required for a given compliance program. Each
    program typically has recordkeeping, records maintenance, and retention
    requirements specified by type. Having a good records management system is
    essential for maintaining the vast number of documents required by regulations,
    particularly since some, like OSHA, have retention cycles for as long as 30
    years.
  8. Reports are a product of the above
    compliance functions. Reports from ongoing implementation of compliance
    activities often are required to be filed with regulatory agencies on a regular
    basis (e.g., monthly, quarterly, semi-annually, annually), depending on the
    regulation. Reports also may be required when there is an incident, emergency, recall,
    or spill.

Reliable Compliance Performance

Documenting procedures on how to execute these eight
functions, along with management oversight and continual review and
improvement, are what eventually get integrated into an overarching management
system (e.g., environmental, health & safety, food safety, security,
quality). The compliance IMS helps create process standardization and,
subsequently, consistent and reliable compliance performance.

In addition, completing and organizing/documenting these
eight functions of compliance provides the following benefits:

  • Helps improve the company’s capability to comply
    on an ongoing basis
  • Establishes compliance practices for when an
    incident occurs
  • Creates a strong foundation for internal and 3rd-party
    compliance audits and for answering outside auditors’ questions (agencies,
    customers, certifying bodies)
  • Helps companies know where to look for
    continuous improvement
  • Reduces surprises and unnecessary spending on
    reactive compliance-related activities
  • Informs management’s need to know
  • Enhances confidence of others (e.g. regulators,
    shareholders/investors, insurers, customers), providing evidence  of commitment, capability, reliability and
    consistency in the company’s compliance program

02 Sep
Case Study: Integrated Compliance IMS

This is the next article in Kestrel’s series about Technology-Enabled Business Solutions.

What do you do when your company has multiple
grandfathered-in systems that don’t talk to each other? How about when not all
locations have access to the same systems…and you have over 150 locations and
are still growing? What about when employees are spending excess time
collecting and combining information manually instead of electronically? What
if you can’t correlate data and generate reports because of multiple systems?

Cut Your Losses, Prioritize Your Needs

These things happen—probably more frequently than one might think. For one of Kestrel’s clients, a large chemical distribution company, all these things were happening simultaneously, and the cost to upgrade existing systems to respond to these needs was getting out of hand. How do you manage that? Do you just cut your losses and find a new compliance IMS solution? Do you address one issue at a time, or does that introduce the risk that everything won’t work together? Again.

Transitioning from one system to another—whether in part or
completely—isn’t simple. It takes planning and forethought to create a scalable
solution that can be adapted to the company’s overall needs. Proactively
managing any sort of technology transition—including prioritizing needs and scheduling
how quickly modules are developed and rolled out—is key.

From the beginning, Kestrel’s EHS and IT consultants worked
to fully understand the company’s operations, existing systems and workflows,
and desired outcomes of the overall system before recommending an approach.
Without these upfront conversations, this company could’ve ended back in the
same situation with a different system. Instead, they are on their way to
developing a robust and scalable compliance IMS that can be adapted to the company’s
overall needs and will eventually replace their off-the-shelf software. 

Starting with the Data

Our client’s initial request was for dashboard reporting
that would:

  1. Provide
    a visual of the Excel reports the company was pulling from multiple independent
    systems, and
  2. Create
    efficiencies in the data collection and reporting approach.

During initial conversations about the company’s compliance,
information management, and overall business needs, it became clear to Kestrel
that the existing facility database forms the foundation for the overall
system. All content stems from this database. To create the efficiencies and
dashboards the company wanted, building the facility database needed to happen
first.

Facility information was originally tracked on individual
Excel spreadsheets that were later combined to create a quarterly report. This
very manual practice presented risks of user error in data entry, data
manipulation, analysis, and reporting. Kestrel developed a facility database in
SharePoint to serve as a centralized list, with detailed information on each
location. Multiple other databases were then created that filter content into
each facility page to create a simplified view of all items associated with
each facility. Those other databases currently include:

  • Employee counts
  • Facility audits
  • Sustainability reports
  • List of storage tanks, with other assets to be
    added in the future
  • Facility images
  • Managed requirements

Let’s look at the employee database as one example of data
that flows into the facility database. The employee database is used to track
the number of employees in each location and each department. Information is
filtered into the facility database, updating the employee count section. This
employee database is also used to track access/permissions to the company site,
look up individuals within other forms, and assign training based on job title.

The facility database now acts as the centralized core to the
entire system. Information available here can be used to drive other actions
and lists within the site, such as compliance tasks, corrective and preventive
actions (CAPAs), inspections, near-misses, incidents, permitting requirements, etc.

Bringing in Forms

Where does all the data in those databases come from? That is where mobile forms and checklists enter the picture. Integrating various Office 365 technologies, Kestrel is creating several mobile forms, such as the near-miss app, to allow employees in the field to capture data electronically. The forms are accessible at multiple levels and can be assigned down to an individual location. Importantly, there is no need to log in to submit data, ensuring ease of access and use for all employees.

As employees complete the forms, data is collected and
uploaded into the company’s related database(s) in real-time. All forms and
databases are integrated. Not only does this eliminate the problems associated
with manual data entry and manipulation, it provides real-time access to
valuable data.

Compliance Dashboard

Kestrel has also created a login-driven compliance dashboard
that houses key metrics, compliance tasks, and an at-a-glance compliance
calendar. The dashboard can be customized for various applications based on the
company’s needs as they continue to use the system—employees, management,
departments, divisions, facilities, etc.

Currently, various compliance tasks (and associated
reminders) are assigned to individuals throughout the 150+ locations. The
dashboard filters assigned tasks to the individual logged in, so each employee
can view his/her compliance-related tasks. At the same time, management can
view outstanding issues that fall under their area(s) of responsibility, and
the calendar provides a quick overview of compliance deadlines throughout the
year.

The dashboard provides additional visibility for compliance
tasks and alerts management to issues that need attention/resolution across the
organization. It can also incorporate data analytics to help identify patterns
and trends, inform business decisions, and guide resources.

Building for the Future

Now that the company has a solid foundation, work can
commence to bring the independent systems into a single platform. Kestrel’s EHS
team continues to identify additional compliance management needs, including
checklists and mobile forms, internal audits, permit tracking, training
tracking, safety meetings, mobile inspection/audit functionality, document
control, incident reporting, and more. As these needs are identified, they can
be built into the larger compliance IMS to create one integrated system going
forward.

As Kestrel’s lead SharePoint Specialist Jaime Doty stated in a recent Q&A, “If you know where you want to end in an ideal world, it becomes a lot easier to find the starting point. It also makes creating a scalable system much more likely, because you are designing the system with the end in mind.”

This has ensured development of a system that:

  • Is built from the perspective of the people who
    will be using them—in the field, in the plant, in the office, in the board room
  • Integrates various databases and forms into a
    single, familiar platform
  • Allows information to be shared and tracked in
    multiple ways 
  • Gives the ability to manage
    sites/facilities/plants/departments for compliance purposes 
  • Simplifies the data entry process by providing
    user-friendly functionality 
  • Provides for continual adaptation to meet future
    data management and reporting needs 

That is exactly the forward-thinking perspective Kestrel takes
on all projects—thinking beyond individual efficiency tools, considering the
desired state, and determining how technology can make that happen. By
coordinating technology and compliance expertise, Kestrel
offers unique capabilities and perspective. Our EHS and food safety
professionals understand the regulatory obligations, business needs, and needs
of the users. This drives design and development of the right compliance
IMS and efficiency tools—one that works within the company’s implementation
timeline and budget—to reduce compliance risk, create operational efficiencies,
and generate business improvement and value.

31 Aug
Q&A with Kestrel’s SharePoint Specialist

This is the next article in Kestrel’s series about Technology-Enabled Business Solutions.

Today, we sit down with Kestrel’s own SharePoint Specialist, Jaime Doty, to pick her brain on all things related to developing a compliance Information Management System (IMS), particularly as it relates to using Office 365 and SharePoint. Jaime has over 15 years of experience analyzing and streamlining business processes, from operational needs to workflow and application needs, to develop IT solutions. She has a wealth of experience and knowledge to share on how to create a successful and valuable compliance IMS.

Q: How do you start a project?

As I have worked with different clients over the years, I
always start with asking what their “pie in the sky” wishes are. If you know
where you want to end in an ideal world, it becomes a lot easier to find the
starting point. It also makes creating a scalable system much more likely,
because you are designing the system with the end in mind.

In reality, that means considering the immediate issue within the context of the overall business need, and then formulating platforms/systems, as required, into an aligned system. This requires truly understanding the daily routine of the individuals using the system and looking at the bigger picture of where you want to go, not just where you are right now. It’s a forward-thinking perspective, where we look beyond the singular project need to the big picture and then design backward. This requires a shift in mindset from “How can I use technology to make this efficient?” to one that asks, “Ultimately, what does the big-picture, desired state look like…and how can technology get us there?”

As one example, we worked with a chemical distributor who wanted to pull data from facility reports for 150+ locations into one database—that was the “simple” problem. Understanding that the facility data is intertwined with many aspects of the business, Kestrel looked beyond this singular issue at the bigger picture. The forward-thinking solution would be to create a technology platform that would solve this facility data problem and could easily be expanded to other business needs. We built the facility form into SharePoint as the base application for the company’s overall system. The SharePoint system is continuing to be expanded to integrate other systems into a single source that will create significant business efficiencies. 

SharePoint Approach

Q: I understand the approach, but what does that process look like for my company?

The process will vary a bit depending on your company’s
current state in a variety of areas:

  • Current systems and tools in use
  • Status and functionality of existing processes
  • Data sources and ability to pull information
    from various sources
  • Organizational complexity
  • Compliance status
  • Existing management systems

We recommend starting with something simple that is already working well—perhaps a paper checklist that can be turned into a mobile form. We can build an initial trial module with the end in mind. We help set priorities based on ease of implementation, compliance risk, business improvement, and value to your company. And then work at your pace and budget to build and integrate only the modules you need, one at a time or as a fully functional system. Our goal is to develop the system in a way that will work with your business.

Q: But why Office 365 and SharePoint? Aren’t there better systems out there?

It is not uncommon for people to cringe when you mention SharePoint due to negative past experiences! However, in the past 15 years that I have been working with Microsoft Office and SharePoint platforms, I have discovered that virtually everything can be done through SharePoint—if you are working with a developer who is willing to think outside the box.

The key to creating a positive experience is in how the system is built and, equally important, how it is rolled out. What makes SharePoint so great is that it is a dynamic solution tool that can be adapted and designed to capture data and provide consolidated reporting to all levels of management. One platform allows for multiple solutions that meet business and overall compliance needs. On top of that, most people have familiarity working with Microsoft Office products, so the learning curve isn’t too steep, allowing for easy adoption and buy-in from all users. Plus, there aren’t typically additional license fees, and that helps keep the budget in check.

Because of SharePoint’s flexibility, the possibilities of
what it can do are virtually endless:

  • Creates a single, familiar platform that simplifies access
  • Provides functionality for continual adaptation to meet future data management and reporting needs
  • Adapts to the needs of the business, rather than the business adapting to the capabilities of the program
  • Maximizes efficiency and connectivity between many field and corporate groups
  • Allows information to be shared and tracked in multiple ways
  • Allows users to easily create complex databases that are both manageable and flexible
  • Gives the ability to manage sites/facilities/plants/departments for compliance purposes
  • Simplifies the data entry process by providing user-friendly functionality
  • Consolidates reporting
  • Provides a dynamic solution – updates made to the tool are reflected immediately
  • Allows local users to control and build sites to their specifications
  • Allows all levels of users to work with it easily due to its intuitive nature

Q: What makes Kestrel different than other SharePoint and compliance IMS developers?

Kestrel is not a software company. Rather, we integrate and apply IT, along with compliance know-how. Our team is made up of EHS, quality, and food safety professionals with the technology expertise to design and build scalable systems that allow you to more efficiently and effectively manage compliance and business processes. Behind Kestrel’s systems, we have professionals with real-world industry experience, who understand your business and regulatory compliance obligations. This ensures that systems are built from the perspective of the people who will be using them—in the field, in the plant, in the office, in the board room—so they function the way you need them to.

Many companies look at software as a silver bullet—a fix for everything. But applying technology to operations isn’t about just finding and buying a software tool. It is about understanding the business need, adapting and integrating the appropriate tool into existing operations, and deploying it so it is effectively applied. That’s why we focus on taking a business approach versus an IT approach. That means we start with the end user and build around that. If the system doesn’t work for the end user, then it’s not going to be used, no matter how fancy or how many bells and whistles it has.

In short, we build scalable systems that allow you to more efficiently and effectively manage compliance and business processes and have over two decades of experience creating compliance and business solutions using tools (i.e., Office 365) already available to you.

Q: It doesn’t quite sound like I’m just buying software. What exactly am I buying?

Working with Kestrel, you’re getting EHS, quality, and food safety professionals who collaborate with you to design the right compliance IMS and efficiency tools for your organization. That includes the time it takes to develop, adapt, and populate your compliance IMS, including:

  • Understanding the bigger picture of where you want to go. The system is scalable and flexible, but upfront planning will enhance the outcome more efficiently.
  • Collecting and organizing the information in a way that reflects how you conduct business and that aligns with other systems/processes.
  • Offering guidance on best practice and what modules and level of customization will bring you the most value.
  • Providing as needed compliance support (e.g., review of existing forms and checklists, program improvement, development of training content, compliance audits, audit protocol).

Q: Changing an IMS is hard. How do you effectively manage the transition?

The good news is that change management and adoption of a system like this (i.e., Office 365, SharePoint) is far easier than working with proprietary software because it’s familiar technology. I can’t stress how big of a deal this is. Many people are so afraid of change that they will continue operating with inefficiencies and without getting the information they need (and often at a greater expense) rather than implementing a new IMS! 

We build systems according to what your users are familiar with and then implement and roll out the technology in a way that encourages adoption—often one module at a time, starting with a familiar form or checklist.

For example, when possible, we take an existing format (e.g., an Excel file) and re-create it in the new system to look and act similarly to what employees are accustomed to. This helps users become comfortable using the new system much more quickly. Additional modules can be added with relative ease since employees are already comfortable with the new system.

Q: From a technical standpoint, what will my IT department want to know if we already use SharePoint – or if we don’t?

If you already use SharePoint, we can either build into your
existing system, or we can create a new instance of SharePoint. To do this, we leverage
your company’s Microsoft accounts to give you seamless access to the system we
help you build. 

If you don’t have SharePoint, we create an environment for you and “hand it over” once we have piloted system development and users are comfortable with the applications. 

All applications run on a Microsoft platform—there are no external or proprietary software requirements. The system and information are all yours. Kestrel does not charge subscription fees or house any data. Your company can make modifications or continue to retain Kestrel to update and adapt the system, as needed.

Be sure to check out the rest of our series on Technology-Enabled Business Solutions, compliance IMS, case studies, and efficiency tools.

29 Aug
Making the Most of Mobile Technology

This is the third in Kestrel’s series of articles about Technology-Enabled Business Solutions.

A decade ago, when “handheld computers” (i.e., smartphones)
first became popular, storing appointments and contact information on a
portable electronic device was the prime functionality of the smartphone. Convenient?
Yes. Robust? Not quite yet.

Mobile technology has clearly come a long way since then.
Your smartphone and other mobile devices/tablets are every bit as powerful as
any computer you have in the office—perhaps even more so when it comes to collecting
real-time data and creating operational efficiencies.

Forms, Checklists, and More

Think about this for a minute…how many forms and checklists
do you use in your operations? Maybe it is a daily forklift checklist,
near-miss form, behavioral-based safety observation, daily housekeeping
checklist, food safety sanitation inspection, hazardous waste inspection
checklist, near-miss form,
and so on.

What if—instead of taking a clipboard into the plant or
field—employees were able to simply pull out a phone, complete the checklist
online, and hit submit? What if they were able to do it from anywhere and
without any login information? What if management could access the data
immediately to run reports and get real-time analytics?

Case Study: There’s an App for That

That is precisely what a large chemical distribution company
needed. In the most basic terms, they asked Kestrel to create a mobile form for
forklift inspections that would provide:

  • Simple electronic access to the forms employees already
    use daily
  • Ability for employees in the field to submit
    data without logging into the system for ease of use
  • Data in CSV format that could be sent immediately
    via email to management for review/analysis
  • Dashboard reporting to show a real-time view of
    checklist status, outstanding issues, overdue items, and other metrics

By integrating various Office 365 technologies, Kestrel created an app using the company’s familiar forklift inspection form, which can be customized per location. The mobile version allows employees in the field to capture forklift inspection data electronically. The forms are accessible at multiple levels and can be assigned down to an individual location. Importantly, there is no need to log in to submit data, ensuring ease of access and use for all employees. Shortcuts to forms can also easily be added to mobile devices, computers, or other websites for ease of access.

As employees complete the checklists, data is collected and uploaded into the company’s Office 365 compliance information management system (IMS) in real-time. Not only does this eliminate the problems associated with manual data entry and manipulation, it provides real-time access to valuable data. Kestrel has created dashboards that house key metrics on inspections completed and issues identified that are updated immediately and automatically whenever a new checklist is completed. Beyond that, using the simple forklift checklist, we can now automatically create an entire series of events that had traditionally been done manually (e.g., maintenance requests, part orders, inspection requests).

Mobile Technology, Operational Efficiencies

For employees, mobile technology makes completing checklists of almost any type easier and faster in the field. For management, mobile technology takes things a step further by creating operational efficiencies:

  • Provides central management of inspection schedule, forms, and other requirements.
  • Increases productivity through reductions in prep-time and redundant/manual data entry.
  • Improves data access/availability for reporting and planning purposes.
  • Allows data to be submitted directly and immediately into SharePoint so it can be reviewed, analyzed, etc. in real time.
  • Creates workflow and process automation, including automated notifications to allow for real-time improvements.
  • Allows follow-up actions to be assigned and sent to those who need them.
  • Integrates with the overall compliance IMS for a comprehensive view of compliance status.

Stay tuned for coming articles in our series, which will continue to dig deeper into functionality, highlight some case studies of Office 365 in action, and tap the insights of Kestrel’s Office 365 developer.

26 Aug
Back to Basics
Back to Basics: Leveraging Existing IT Systems

This article is part of Kestrel’s series on Technology-Enabled Business Solutions.

It’s not uncommon to think more is better when it comes to software. It’s also not uncommon for companies to gravitate toward specialty software, whether related to certification support, QEHS compliance, cGMP, food safety, incident management, audits, permit tracking, or any number of other areas.

However, as robust as companies want their information management system to be, a simple and adaptable solution is often a better approach. As the NAEM survey we summarized in our first article in this series stated, some EHS&S software experts are migrating clients away from commercial systems to basic tools such as Microsoft Office 365 and SharePoint, which can be easier to understand, easier to use and navigate, and easier to adapt to ongoing business needs.

Flexibility in the Familiar

Many companies look at software as a silver bullet—a fix for everything. But applying technology to operations isn’t about just finding and buying a software tool. It is about:

  • Understanding the business need;
  • Customizing and integrating the appropriate tool into existing operations; and
  • Deploying it so it is effectively applied.

Information management systems and compliance efficiency tools built on an Office 365 platform offer an adaptable/scalable solution that can meet business and overall compliance needs, while offering the familiarity that encourages employee buy-in.

Robust Functionality

But really, what can Office 365 and SharePoint do? Perhaps surprisingly to many, Office 365 is highly adaptable and, with the right resources, can offer the solutions a company needs to address a plethora of operational and compliance requirements, including the following:

Compliance Management 
Many companies—especially those that are not large enough for a dedicated team of full-time staff—struggle with how to effectively resource their regulatory compliance needs. Kestrel’s experience over many years suggests that reliable and effective regulatory compliance is commonly an outcome of consistent and reliable information management system implementation. Office 365 can allow you to more efficiently manage compliance tasks, corrective and preventive actions (CAPAs), and other project activities to ensure you are meeting your compliance requirements. Compliance management components may include:

  • Compliance tracking/calendar
  • Audit assessment & inspection
  • Mobile forms & checklists
  • Audit tracking
  • Permit management/tracking

Training/Learning Management
Having a system that records employee training is critical to compliance, especially to ensure policies, procedures, and work instructions are followed. Office 365 allows for the centralized implementation, management, tracking, scheduling, assignment, and analysis of organizational training efforts. From simply logging and tracking training to creating training plans and generating quizzes, training management ensures that the workforce is knowledgeable and appropriately trained.

Complaint & Issues Management
From a quality perspective, it is important to effectively track and manage customer complaints/issues and corresponding follow-up actions, including any resulting nonconformances. Doing so electronically can help you identify and respond to complaints more quickly. With an aligned system, you can also connect nonconformance reports (NCRs) to other systems for CAPA management.

Incident Management
Most organizations plan for and continually strive to prevent incidents. Effective incident management provides the opportunity to learn about and improve overall performance. Web-based tools can be particularly helpful in documenting, tracking, and reporting on all incidents and near-misses, including injuries, illnesses, spills, releases, and recalls. What’s better is that this can happen in real-time (thanks to mobile functionality) to ensure compliance with reporting requirements and internal incident management processes.

Document Management
Document management is a key tool that will help companies in their efforts to go paperless. However, document management is not only for managing files. A quality document management system can also establish document structure, streamline content creation, create version control, and organize your workflows. Office 365 document management systems are scalable to the organization and designed to store, secure, and ultimately help you make sense of the documents your business uses.

Achieving the Big Picture

By having so many features and applications on a single platform, it is easy to tie them all together into an aligned system and to create multiple functions/uses for the data being collected from so many sources. With an aligned system, achieving the big-picture, desired state (rather than the short-term fix) becomes entirely possible.

This approach offers the following benefits:

  • Scalability. Office 365 is scalable to ensure it meets organizational/ business needs, as well as regulatory requirements. Your system can contain the parts and pieces your company needs to operate efficiently and in compliance with regulations, standards, and customer requirements.
  • Alignment. The system can be expanded to integrate, connect, and support multiple standards (e.g., ISO, FSSC, SQF, IFS, Responsible Distribution) and/or regulatory requirements. Integration of multiple management systems into a single platform makes management more effective and efficient than when systems operate independently.
  • Accessibility. The central, web-based system is accessible from any location. Mobile access and forms allow you to capture data via phones, tablets, or PCs—anytime, anywhere—even in remote locations, where a data connection has not yet been established, or in facilities that do not have consistent wireless connection. Data are automatically synchronized when a connection is made and stored in the Cloud to improve data access/availability, generate real-time analytics, and create workflow and process automation.
  • Measurement. Data can be collected and compiled for review and analysis, as well as more sophisticated predictive analytics. Dashboards and reporting capabilities provide insights into system health, operational results, and business performance for senior management. A standardized approach for reporting further creates accountability and ongoing performance monitoring and measurement.
  • Easy Adoption. Building off a common Microsoft platform allows for easier adoption due to its familiarity. It also limits the number of solutions, software, and systems needed by a company, as well as the extra fees associated with additional software, such as license, user, and change fees.

Stay tuned for coming articles in our series, which will dig deeper into functionality, provide tips to help with your information management system, and tap the insights of Kestrel’s Office 365 developer.

24 Aug
Information Management System
Compliance IMS: Are You Getting What You Need?

This is the first in Kestrel’s series of articles about Technology-Enabled Business Solutions.

It goes without saying that change is hard. Even positive change for the better is not without challenges. Change when it comes to Information Technology (IT)/software systems can be flat out painful because of the significant investments of time, money, and resources required. That is why many companies choose to avoid making a change until absolutely necessary.   

How do you know when that time has come? How do you know when you are investing more in your compliance Information Management System (IMS) than you are getting out of it? What are those hot buttons that drive companies to seek a system change? And when seeking a new compliance IMS, what do you look for to ensure it will meet your business needs? 

Why Companies Seek New Systems

According to a March 2019 survey conducted by the National Association for EHS&S Managers (NAEM) entitled Why Companies Replace Their EHS&S Software Systems, the following is the rank order of key reasons why companies seek a new IMS:

  • Current system doesn’t perform as advertised.
  • New business objective(s) aren’t supported by
    the current system.
  • Current system costs too much to maintain.
  • Current system doesn’t integrate well with other
    business IT systems.
  • Platform being used has changed.

Criteria for New Systems

These reasons tie directly to what companies in the NAEM survey say are the most important criteria when shopping for a new software system:

Software selection criteria

Let’s review a few of these top criteria and why they are so important in any decisions made about implementing a new compliance IMS. We will dig deeper into these reasons throughout our series of articles on compliance information management solutions. 

Integration
As indicated by the NAEM survey, it can be a real challenge to integrate technology, whether it is with hardware, other compliance/certification software, ERP software, global systems, legacy systems, human resources systems, financial/inventory systems, etc. When it comes to having multiple systems, it’s not that you necessarily need one system to manage every business function. However, you do need your systems to talk. Lack of integration can contribute to duplication of effort, data inaccuracy, and business inefficiencies across multiple departmental functions.

Real-Time Metrics Tracking/Mobile Accessibility
With today’s technology, we are accustomed to instant gratification. There should be no reason why your IMS cannot provide that when it comes to real-time metrics tracking. Mobile accessibility allows for data to be collected on-the-go rather than re-entering information from the field back in the office. Data can be collected and compiled in real-time for review and analysis, as well as more sophisticated predictive analytics. Dashboards and reporting capabilities provide insights into system health, operational results, and business performance for senior management. A standardized approach for reporting further creates accountability and ongoing performance monitoring and measurement.

User Friendliness
What does it mean to be user friendly? Is that focused on the end user entering data in the field? Does it pertain to management who is reading reports and metrics? Are we talking about the system administrator? A truly user-friendly system will be something that meets the needs of all parties. If employees are frustrated by lack of understanding, if the system isn’t intuitive enough, if it is hard to put data in or get metrics out, the system will hold little value. In fact, according to NAEM, if a system isn’t user-friendly, employees may end up using workarounds that create more inefficiencies and inaccuracies. 

Customization, Updates & Maintenance Costs
Perhaps the functionality was oversold, perhaps the system cannot handle your data in the ways you anticipated, perhaps the solution you need requires additional customization that you did not anticipate. Whatever the case, not getting what you paid for is an exercise in frustration and a waste of resources. Business priorities and objectives change. If your system cannot adapt to these changes, users will fail to engage, and it will become obsolete. At the same time, if you continually seek customization, it can come at a price—not just for the customization but for the expertise required to maintain a customized solution. Customization can quickly become a money pit that you cannot climb out of. The key is to find an IMS that is simple and adaptable to respond to business changes. 

Simple Solution

It’s not uncommon to think more is better when it comes to software. However, as robust as most companies want their compliance IMS to be, a simple and adaptable solution is often the best approach. According to the NAEM survey, some software experts are helping to migrate clients away from commercial systems to basic tools such as Microsoft Office 365 and SharePoint, which can be easier to understand, easier to use and navigate, and easier to adapt to ongoing business needs.  

The next article in our series will explore the idea of going back to basics and leveraging familiar tools like Office 365 to meet compliance IMS and overall business needs. 

07 Aug
Drones 101 Top 6 Tips
Drones 101: Tips for Managing Your Drone Program

This is the fifth article in Kestrel’s Drones 101 series.

As we’ve discussed in our Drones 101 series, both large and small companies can establish safe and reliable drone programs; however, lack of planning will (at best) add up to a short-lived drone program or (at worst) cause your company undue risk or injury.

In short, buying and operating UAS equipment without a plan in place can lead to:

  • Sunk costs
  • Delayed success
  • Safety incidents
  • Service delays
  • Employee injury
  • Loss of financial backing legal and regulatory issues

On the flip side, when implemented appropriately, using drones often results in a solution that is:

  • Faster – Significantly reduce manhours to complete work (e.g., inspections, audits, monitoring) without requiring plant shutdown.
  • Safer — Eliminate the need for humans to complete high-risk activities (e.g., climbing towers, entering confined spaces, inspecting disaster zones).
  • More accurate — Gather comprehensive and reliable data with less room for human error and less variability.

Top Tips

Here are Kestrel’s top six tips for managing a successful drone program:

  1. Establish a plan and budget to accurately track and communicate costs and determine your return on investment.
  2. Establish standard processes, procedures, and communication protocols to ensure end users, company, and management teams understand expectations and obligations.
  3. Engage a cross-functional team, which may include program management, field operations, engineering and maintenance, human resources, legal, information technology, etc. to effectively manage all aspects of your UAS program.
  4. Create a UAS program operations manual that lays out expectations and company-approved applications of UAS technology.
  5. Set metrics and evaluation methods for the UAS program overall and its impacts on the core business. This will help show the value of your UAS program.
  6. Follow the classic management system plan-do-check-act cycle to drive continual improvement in not only the drone program, but in the core business, as well.

Learn more about Kestrel’s UAS Program Management services. Be sure to check out the entire Drones 101 series:

02 Aug
Drones 101 UAS Program Management
Drones 101: UAS Program Management

This is the fourth article in Kestrel’s Drones 101 series.

Drones can reduce risk in commercial operations, but it is important to acknowledge that they can also introduce risk through damage to property, safety incidents, loss of UAS assets, and legal and regulatory issues. And without a planned, organized UAS program, your risks increase significantly.

Why UAS Programs Fail

Why do some drone programs fail? Both large and small companies can establish safe and reliable drone programs, but a solid foundation early in the process is essential for success. Lack of planning will (at best) add up to a short-lived drone program or (at worst) cause your company undue risk or injury.

In short, buying and operating UAS equipment without a plan in place can lead to:

  • Sunk costs
  • Delayed success
  • Safety incidents
  • Service delays
  • Employee injury
  • Loss of financial backing legal and regulatory issues

Foundations of a Drone Program

A solid, sustainable UAS program starts with consideration of a handful of essential elements, as discussed below.

Financial Resources. Your program needs to consider cost. Not only will you need to create a budget for approval, but you will want to be aware of and able to accurately communicate costs and have a basis for arriving at a return on your investment. A good approach is to categorize your costs into one-time capital costs; recurring costs related to equipment, software and pilots; and costs for expansion.

Financial Resources UAS ProgramIncidentally, the cost to take the Part 107 Airmen Knowledge Test is $150 per attempt. A prep course online will run about $200 -$300.  To stay current, pilots are required to take a test every two years, which also costs $150 per attempt

 The key point is to understand your costs, budget for them, and put the drone program in the best position to be funded as needed.

Cross-Functional Strategy

Ideally, you want a team of people with different functional expertise working toward the common goal of helping the company achieve the benefits associated with a drone program. Consider involving individuals in program management, operations management, legal/compliance, human resources, information technology, and others.

Depending on how large your organization is, the team may be one or two individuals who wear many hats and juggle responsibilities. Larger organizations may expand the size and functions beyond this example. Think about how your organization might function:

  • Is your program manager and operations manager the same person?
  • Which of the following is the highest priority for your legal team: data security, regulatory compliance, or employee safety?
  • Do you have the in-house IT resources to support the technical needs of a UAS program?

You don’t necessarily have to have a large team, but you do need to consider how you’ll cover all the related functions and responsibilities.

UAS Program Operations Manual

A UAS program operations manual – whether it is a paper binder or an online resource – is a must. It’s important that you have well thought-out policies and procedures, standard practices, and emergency plans. It is just as important that all your pilots and team members are familiar with them, so everyone is operating from the same playbook.

Your operations manual should lay out expectations and company-approved applications of UAS technology. In general, it should include the following:

  • Policies, procedures, standard operating practices, safety programs
  • Identified risks, hazards, and emergency situations; mitigation measures
  • Data management and documentation requirements
  • How/when to verify federal and state regulations for UAS technology
  • Employment terms/contracts (employee, contractor, vendor)

Integrated Systems

Much like the cross-functional team we just covered, your internal business systems should include drone program-related tasks and subsystems. These should be integrated into the normal flow of business in your organization.

If your company operates under an ISO-style management system (e.g., ISO 9001, ISO 140001, or ISO 45001), you have the opportunity to align and integrate systems with your existing program and take advantage of the plan-do-check-act cycle associated with ISO management systems. Consider systems for communication, inventory management, data management, employee management, and technical support, among others.

Measurable Goals

It’s a standard exercise in any management system to set measurable goals and track progress against them. The same standard should be upheld for drone program management. Setting metrics and evaluation methods will allow you to show the value of your UAS program.

  • First, set goals for the drone program overall. This may include:
    • UAS pilot effectiveness (e.g., safety, training status, reportables, compliance)
    • Effectiveness of policies and procedures
    • ROI of the UAS program (e.g., money saved, time saved, fewer injuries, lower workers compensation rates)
  • Second, set goals to measure the impact of the drone program on your core business.
    • How will UAS enhancements change/improve existing company performance metrics?
    • For example, can you move from biannual inventory of resources to quarterly due to ease of inspections? Or monitor high-risk bridges, wind turbines, etc. every 3 months?
    • Set or adjust thresholds based on the knowledge you gain from UAS enhancements.

Plan for Continuous Improvement

Finally, you should have a plan for continuous improvement. An effective plan will follow the classic management system plan-do-check-act cycle to drive improvement in not only the drone program, but in the core business as well.

In the diagram below, drone program goals related to improved policies and procedures lead to standard operations practices. The effectiveness of these actions is evaluated, gaps are identified, and additional goals are set. As an example, let’s say one of those policies and procedures is to address how we manage flight data. A goal is set, the procedure is examined, previously unidentified risks are discovered, and mitigation measures are put in place in the policies, procedures and SOPs.

UAS Plan for Continuous ImprovementKey Takeaways

Drones can enhance your current business operations by reducing the time and safety risks involved with routine tasks, but they bring with them their own operational and regulatory considerations. To help ensure your drone program’s success:

  • Establish a solid foundation early.
  • Establish policies and procedures to reduce inefficiencies and ensure compliance.
  • Create systems to reliably track the location, status, and condition of your drone fleet – regardless of size.
  • Establish systems to track and manage the training and certification status of all employees or contractors in the UAS program.
  • Monitor and manage maintenance and repairs/replacements of the drone fleet to reduce operational risks of drone failure during flight and to ensure that employees are operating their drones safely and efficiently.
  • Develop systems to manage and organize huge quantities of data from drone flights so you can easily find footage/stills and leverage the data gathered.
  • Design and implement integrated software systems to prevent liabilities, loss of ROI, and safety risks.

Learn more about Kestrel’s UAS Program Management services. Be sure to check out the entire Drones 101 series:

 

01 Aug
Drones 101 sUAS Regulations
Drones 101: Regulations for sUAS

This is the third article in Kestrel’s Drones 101 series.

Drone usage is regulated by the Federal Aviation Administration (FAA). In 2016, FAA issued new rules for non-hobbyist (i.e., commercial) small Unmanned Aircraft System (sUAS) operations in 14 CFR Part 107. Part 107 covers a broad spectrum of commercial uses for drones weighing less than 55 pounds at time of takeoff and landing.

Commercial vs. Hobby

For the purposes of Part 107, commercial is considered as anything except recreational or hobby use. Whether you are making money directly with your drone or just using it as a tool within your company, Part 107 applies to drone pilots and drones used for business purposes.

Operating Requirements

Many of the rules in Part 107 are common sense; others are not. This list provides an overview of the operating requirements for complying with Part 107:

  • The remote pilot must keep the drone within visual line of sight (VLOS) at all times.
  • The operator should always avoid manned aircraft.
  • Neither the pilot nor a visual observer can be responsible for more than one sUAS at a time.
  • You are only allowed to fly during daylight hours. If you attach the proper anti-collision lighting, you may conduct operations during twilight hours. Night operations are prohibited without proper authorization from the FAA.
  • Minimum weather visibility is three miles from your control station.
  • Maximum allowable altitude is 400 feet above the ground (higher if your drone remains within 400 feet of a structure, such as when you inspect a tower or tall building).
  • Maximum speed is 100 mph (87 knots).
  • You cannot fly directly over any people unless they are directly and knowingly involved in the operation.
  • You can carry an external load if it is securely attached, does not adversely affect the flight characteristics or controllability of the aircraft, and maintains the weight limit of 55 lbs. at time of takeoff and landing.
  • The National Airspace System is divided into several categorizations and it is imperative that all UAS operators know and understand the various airspace designations.
    • Operations in Class A are prohibited unless authorizations from the FAA are secured and the operators coordinate their operation through air traffic control. sUAS operations in Class A airspace is extremely unlikely due to the altitude.
    • Class B and Class C airspace designations surround all major and minor airports. Operations in Class B and Class C airspace require prior authorization from the FAA, which can be difficult to obtain. Certain exceptions are made and, in the event that operations are approved in either of these airspaces, coordination with air traffic control and/or airport operator is required.
    • Class E airspace resides between the top limits of all the other airspace designations and the bottom of Class A airspace. Class E airspace can also be found around non-towered airports with instrument approach requirements and can require air traffic control or airport operations coordination during hours when the tower is operational. This varies, and operators should refer to their sectional maps and flight planning tools before every flight to verify their current airspace requirements.
    • Class G airspace does not require any additional approvals for operations; a majority of commercial UAS operations occur within these areas.
    • Airspace designations can change, and temporary flight restrictions are frequently established for various reasons. Operators should always refer to their sectional maps and flight planning tools before, during, and after all UAS operations.

You can request a Certificate of Waiver from certain Part 107 regulations, and/or authorization to operate in restricted airspace by submitting a request directly to the FAA. There are tools that can help with this process, but waiver requests can be complicated, and most are not approved by the FAA. Kestrel can help you write effective waivers.

Low Altitude and Notification Capability (LAANC)

For access to restricted airspaces that are at low altitudes (under 400 feet), operators can use a new tool recently released by the FAA referred to as LAANC (Low Altitude Authorization and Notification Capability). LAANC aims to provide near real-time airspace authorizations for UAS operations under Part 107.

LAANC automates the application and approval process for airspace authorizations at nearly 300 air traffic facilities covering approximately 500 airports. It dramatically decreases the wait time experienced with the manual authorization process, provides greater flexibility in operational planning, and directly supports UAS integration into the airspace.

Pilot Certification

To operate a sUAS under Part 107, pilots need a remote pilot airman certificate with a small UAS rating or must be under the direct supervision of a person who holds such a certificate. This certification entails passing a two-hour Airmen Knowledge Test to become certified, and then applying for your certificate online, which includes passing a TSA background check. Operators must retake the Airmen Knowledge Test every two years to stay current.

If you already have a Part 61 pilot certificate, other than a student pilot certificate, you must have completed a flight review in the previous 24 months and you must take a sUAS online training course provided by the FAA. Pilots receive a certificate of completion, which must be renewed every 24 months.

If you are acting as pilot in command, you must:

  • Make your drone available to the FAA for inspection or testing on request, and provide any associated records required to be kept under the rule.
  • Report to the FAA within 10 days any operation that results in serious injury, loss of consciousness, or property damage (to property other than the UAS) of at least $500.

Drone laws and regulations are constantly evolving as the industry evolves.

. As an example of the ever evolving regulations, effective February 25, 2019 the FAA now requires that all sUAS display their aircraft registration number on an external surface of the aircraft. This rule was established under 14 CFR Part 48. Additional rules regarding night operations and flights over people are in the proposed rule phase and are expected to become effective by the end of April. In addition, record retention laws are forthcoming for drone footage and may vary by state.

Not surprisingly, pilots can unknowingly (and easily) violate FAA regulations. One very important task as part of your overall UAS program management strategy should be to keep current on pilot certifications, drone registrations, and regulatory changes to remain compliant.

Learn more about Kestrel’s UAS Program Management services. Be sure to check out the entire Drones 101 series:

Sidebar: