According to Wikipedia, compliance is the action or fact of complying with a wish or command. Commands tend not to be optional nor open to interpretation, they are rules that exist to be followed. Each rule has an inherent logic, however obvious or abstract and exists for a purpose, the purpose designed to have assist a positive outcome for given situations.
Policies, according to Wikipedia, are a course or principle of action adopted or proposed by an organization or individual. Typically a policy is aligned to a compliant purpose so that a course of action leads to performing the action itself, which in turn ensures the rule is followed and the positive outcome obtained.
Where there are no policies, there are no rules, actions become random and interpreted and outcomes unpredictable. As a result this all leads to business chaos. There is a presumption that all aspects of business are underpinned by assigned policies. However in an ever evolving world and fast changing business landscape, new requirements appear regularly. Consequently there are frequently important and sometimes risky gaps prior to new policies emerging. These temporary gaps can provide dangers to both business and employees unless they are realised, published and complied with rapidly. Therefore by design, policy compliance is an agile landscape, and not as is all too often the case a laborious, fixed facet of business.
In short, organisational compliance requires agility, regular analysis, ownership, reviews, updates and quantifiable response.
Historically, policies were written documents of various formats published to be read, followed, remembered and referenced. Within Egyptian, Greek and Roman civilizations edicts were written, or carved in stone. Our legal systems are founded on statutes, official rules. Prior to the digital revolution, policies were distributed as hard copies to relevant audiences as papers, handbooks and other documents.
Over time policies were aligned and underpinned by courses of training. We can all think of dreaded emergency drills, fire training courses and basic health and safety awareness training sessions (don’t run with scissors) which we paid lip service to by attending in person and then forgetting instantly we returned to our desks. Remember the inspirational one-line posters on office and factory walls? – no neither can we!
As the digital revolution has taken place so inevitably policies have taken the form of Word documents or PDFs, PowerPoint slides and info graphics distributed via email as a regular, one-way communication stream from the powers that be. Training sessions commence with an induction process where we have signed our lives away by agreeing to any policy without reading and taking in much at all. This scenario has largely continued unhindered for decades. Anything we receive into our inboxes from HR etc. are largely ignored or simply paid lip service to.
The desks and inboxes of the land are all too often filled with unread manuals, policy documents and handbooks. Vast numbers of organisations continue to print voluminous staff handbooks each year and post them out hoping that everyone will read them, whilst acknowledging that many won’t and with no plausible way of knowing or quantifying who read what and when.
The digitization of policy compliance has led to quiz software accompanying online training modules, designed to quantify an employee’s understanding what is being presented to them. A good principle in theory but far too many are well versed in option-ticking and speed reading to ensure the real validity of such services.
An issue that organisations face is that as compliance went digital it largely became a box-ticking exercise whilst not necessarily reducing compliance issues and bettering business practices. One only needs to review the 2019 HSE reports on fines to determine the extent of the problem. Health and Safety remains a major issue in the workplace with public bodies regularly being fined for accidents and injury in the workplace. Sustainability compliance is yet to take hold and SMCR is still rolling out to single role practices.
Digital document management solutions do not generally record who read a document and when – email distribution cannot do that either. Therefore most compliance solutions built around a document management solution are not able to help an organisations prove who read a policy and complied with it.
Digital policy publication and distribution does not typically move the onus of compliance to the employee themselves – the act of distribution ticks the box, the act of training ticks the box – the process is defined largely around something an employee fulfils and generally with little consequence once completed. Completing a digital training course may add an edge however the employee is simply stating ‘I have been trained and appear to understand the content‘.
The employee has not been asked to explicitly state that the agree to comply. This means that the onus of compliance remains largely with the organisation and less with the individual. By ensuring that the employee digitally agrees to comply with any given policy, standard or procedure means that:
- You have a record the document has been read and accepted by a named individual through the digital compliance process
- You have a record of the date and time when each employee complied with any policy, standard or procedure
- You have actively asked each employee to take responsibility for stating they agree to comply
- You have provided the business with evidence of compliance on a per employee basis
- You have an additional level of business protection in legal situations such as tribunals where rules have not been followed
- You are able to locate those who have not complied and are presenting a business risk in real-time
- You are able to locate areas of weaker compliance or teams that are not engaging as much as others in real-time
- You can see the versions of all policies and their histories at a glance in teal-time
- You are making compliance a real-time check rather than a periodic chore
- You are able to respond to any compliance audit request immediately
By using a read and comply solution you are ensuring that rules are being followed by moving the act of compliance further onto the employee themselves – the act of signing is ensuring they are connected directly with the compliance process. You ask the employee to take specific responsibility for stating they will comply to each published policy version and you are not only able to record who has complied with which policy and when.
You are also able to quantify and report in a myriad of ways on compliance levels. This allows your business to ensure the workforce is more engaged with the act of compliance, ensure a better daily compliance culture – and is able to refine its compliance training, its policy content and its levels of compliance on the fly.
Why it matters for your business?
- Compliance levels in every sector are becoming overwhelming
- Compliance requirements are updating faster and business needs to respond more quickly
- Businesses need to move the burden of proof of compliance towards the employee so that they are not fully liable in every situation
- Senor managers need to protect themselves with a far greater layers of compliance responsibility to their teams
- Risk and injury to staff as well as potential behavioural and cultural issues need to be addressed more proactively in the workplace
- Auditing and reporting is an increase burden in all sectors
Your people may say they have compliance solutions in situ already and publish policies, however unless they have a service that explicitly records an employee agreeing to comply and is able to achieve all the above then you may be risking your business more than you think.
Get in touch with us at Signarus to find out more about Orchestra Read and Comply® on (UK) 0207 788 9445.