Issues & Needs 1 - Records Management

By Tom Killam and Cyril Mecwan

June 24, 2021 | Series 1 / No. 5

The rise of the digital world and paperless technologies now offers maximization of business benefits and productivity improvement with proper Records Management.

The unique attributes of product regulatory compliance mandate a use of a dedicated and separate compliance repository with its own sets of terminology, rules, and features.

A proper system of organization and storage of the compliance related records enables a crisp business execution for all functions that are impacted by product regulatory compliance – Engineering, Legal, Product Management, Marketing, Distribution, Sales, Shipping & Logistics, and Customer Support!


Acquiring product regulatory compliance for disparate markets is a document-intensive process. Many documents are generated during the process of testing the product and obtaining the regulatory approval, which are used many times throughout the product life cycle by various business functions.

Issues and Needs:

Regulatory approval is a prerequisite to a successful product launch, general availability, order booking, and shipment of the product to the customer. The documents acquired through the regulatory approval process need constant monitoring for updates and proper management throughout the product life cycle.

Generic repositories are available to manage regular documents requiring basic functions such as add, edit, versioning, share, archive, delete etc. But the records related to the product regulatory compliance are unique in nature with their own nuances and specifications requiring special management.

Following are important problems and needs while managing the records related to product regulatory compliance:

  1. Storage:

    We have come across many examples where legacy businesses lack a formal storage policy for the regulatory compliance records. Without a policy, typically the compliance documents are housed in the computer and emails of a Compliance professional, making it hard to quickly find, retrieve and share the relevant documents with other interested parties. In some instances, the compliance documents remain with the test labs. We have also seen examples of companies growing rapidly through acquisitions, where the regulatory compliance continues to be managed in the silos of the newly acquired company (now one of the Business Units). As a result, getting an overall compliance view and assessment becomes difficult.

    In the event the Compliance professional leaves the company, both the ownership and whereabouts of these critical documents are lost. A lack of general access to the key documents for the stakeholders draws major operational disadvantages.

    Therefore, as far as the record-keeping is concerned, the first order of the business is having a secured repository that can be accessed by anyone from anywhere.

  2. Access, Privileges and Collaboration:

    In the era where internet access is now ubiquitous, stakeholders should have an easy, instant but secure access to the documents from anywhere, which in turn ensures a frictionless business operation. The Engineering, Document Control, Product Management, Marketing, Distribution, Sales, Order Management and Shipping & Logistics teams use the compliance documents in direct support of the sales and operations. The Legal team reviews, approves and is involved in the storage of the compliance documents to ensure governance and legal protection of the company’s brands and products.

    The stakeholders typically have different roles allowing them different level of access and privileges as they relate to the creation, modification, sharing, versioning, approval, archiving and deletion of documents. A Compliance Manager and Compliance professional should own full responsibility of the regulatory compliance activities and records, and hence enjoy full rights from creation to deletion of records. A test lab partner would like to upload documents, but they must be approved by the customer. A sales or shipping person may only want to review the approval certificates without having a need to modify them.

    Businesses are looking for collaborative platforms that allow the formation of teams and facilitate a real-time work environment for different team members. The users should be able to form teams based on a product, project, market(s), or discipline (such as EMC, Product Safety, Radio, Telecommunications, Environmental, etc.), where documents are created, edited, and finalized; they could further be modified with or without versioning. A key stakeholder should have an ability to approve a critical document such as a test report, without which it could not be finalized. A collaborative work environment speeds up the processing, keeps everyone on the same page, and makes the overall system more efficient.

  3. Organization:

    The function of product regulatory compliance is complex in nature as it deals with a maze of disparate and very important business attributes as listed below:

    • Industry: The business climate, technologies, regulations, and requirements greatly differ from one industry to another.  Appliance to Automotive, Information Technology Equipment to Medical Electronics, and Lighting to Aviation represent unique ecosystem of product regulatory compliance, requiring its own set of rules.
    • Multiple products: A mid-size to large company might represent a challenging product portfolio. The complexity further grows if these products represent different technologies
    • Global markets: There are 193 countries on the UN List, and there are additional markets. Then there are market groups that combine multiple countries as one association or consortium requiring a unified set of requirements and approvals; for example, Eurasian Economic Union (EAEU) represents 5 countries – Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia. In our opinion, shipping products to as little as 15 countries may already require a minimum level of organization in place to properly manage the product regulatory compliance; shipping to 50 countries would be considered a challenging operation; and shipping to 75 or more countries would be considered a complex operation!
    • Disparate record types: On an average, we have experienced 50 different record types being utilized; but some companies have as many as 100 applicable record types as they relate to the field of product regulatory compliance.  Overall, because of the varied record types, the organization of regulatory documents becomes complex, and keeping identification of a record type in a consistent fashion becomes critical.  Importantly, these record types & terms used are very different than the ones generally used in engineering, supply chain management, services, procurement, sales, marketing, finance etc., and therefore require a specific repository solution tailored to product regulatory compliance.
    • Different disciplines: Product Safety, EMC, Radio, Telecommunications, Energy Efficiency, Environmental, Quality, Performance etc. are some of the important disciplines for which the regulatory approvals are required. The regulatory authorities and laws may vary for these disciplines, requiring different type of testing and interaction with disparate regulatory authorities.
    • Technical Standards: A product tested to an incorrect standard does not qualify for a product regulatory approval. The continuously changing landscape of the global standards further makes the product regulatory compliance dynamic in nature, magnifying the need for identifying the exact standard used in testing and then associating it to the relevant documents.
    • Test Labs: Test labs specialize by the testing capabilities they offer. The expensive capital-intensive infrastructure makes it cost-prohibitive for a test lab to offer all capabilities. Therefore, a business usually ends up interacting with multiple test labs to support its testing needs.

    Therefore, the compliance repository must have the following capabilities:

    • The repository must capture the unique product regulatory compliance attributes of the records as described above, and then associate them with the records, which provides the necessary compliance intelligence.
    • The regulatory compliance records must be properly organized with specialized structured data to simplify the management of the information, while creating granular compliance views as needed.

    Considering the above, it is imperative that one utilizes a dedicated and separate compliance repository to bring the simplified structure to the space of product regulatory compliance, to quickly derive the required compliance intelligence, and to collaborate with the core compliance stakeholders.

  4. Record integrity & Single source of truth:

    Having a system is the correct way to manage one’s compliance repository. Some companies use the commonly available tools such as SharePoint, Google Docs, Box, or Dropbox as a repository to house the compliance documents. However, the pitfalls of using these traditional systems are its generic nature and its folder structure.

    The compliance documents – such as a Test Report, Type Approval Certificate, or a Declaration of Conformity (DoC) - may reference multiple products and markets. The use of a traditional repository requires that the compliance documents are now copied in multiple folders specific to different products or markets referenced on the documents. In the above example, one can see that the Compliance Certificate and Test Report have been generated for the Regulatory Model (Printer Laser); there are two copies of the same document, one each for Product 1 (Printer Laser 1200 dpi) and Product 2 (Printer Laser 600 dpi). Unfortunately, this leaves multiple copies of the same document in different folder locations, making verification of the authenticity of the document difficult. Additionally, the single source of truth is now lost, and as a result, the search gives multiple results for the same document opposed to a single outcome.

    In a nutshell, with multiple folder structure, finding a correct document with a high level of confidence becomes difficult and allows for multiple copies of the same file and different locations.

    Moreover, every time this document gets updated, one must remember to version up this document by revisiting all relevant folders where multiple copies of the original version reside.

  5. Quick Search, Find and Reporting:

    Additionally, the system should leverage the industry’s best practices and provide key, pre-configured attributes such as record types, disciplines, and market groups. This in turn will provide the following capabilities and need fulfillment:

    • Easy onboarding and ongoing maintenance of the compliance documents
    • Summary glance at the compliance status by a product-market mix
    • Business-specific compliance views
    • Quick search of compliance information by key compliance attributes
    • Easy retrieval of documents
    • Quick & secured share of documents
    • Intelligent reporting of the trends and usage analytics that allows creation of custom reports
  6. Out-tasking:

    The past twenty years have seen the emergence and adoption of core vs. context framework, where businesses focus on core and mission-critical activities that create a competitive advantage, whereas they form partnership for important but context activities.

    For businesses, the product testing is now universally identified as a mission-critical but context activity (only a few, multinational enterprises maintain in-house test labs). Since the test documents are generated by the test labs, the uploading of these documents should also be out-tasked to the publishers of the documents. The document control could be exercised by retaining and conducting reviews and approval of the documents by the Compliance professional working for the business. The Compliance repository should allow uploading of the documents by the third-party using approval rights defined by the Compliance professional working for the business. This activity frees up the administrative time of the Compliance professional, makes her/him more productive, and allows to do more with less.

In conclusion, the unique attributes and special requirements of product regulatory compliance mandate the use of a dedicated and separate compliance repository with its own sets of terminology, rules, and features. Such a dedicated repository will bring enormous benefits of important compliance views, quick search and retrieval of compliance records, ease of use and collaboration, while making the Compliance professional more productive.