Embrace a SaaS solution and reap the benefits of digitization & cloud
December 09, 2021 | Series 1 / No. 14
The Product Regulatory Compliance is an underserved market when it comes to productivity improvement and automation solutions.
Globalization and advancing technologies have enabled the expansion of businesses, resulting in the launch of plethora of new products. In turn, the testing, inspection, and certification required for the new products launch have resulted in the emergence of the Product Regulatory Compliance as a critically important business process.
This function at large has skipped the first wave of technology revolution. While we are already in the middle of the second wave (termed as the digital age), it is important for the leaders and managers to capitalize on this opportunity to modernize this critical function and turn it into a competitive advantage for the businesses.
In the above table, Gartner estimates that the overall, global IT spend in 2022 will be $4.4 trillion. Notice that the “Enterprise Software” category leads the projection of IT spend (13.2% and 11.7% respectively for 2021 and 2022)! In 2022, enterprises are poised to spend a whopping $669 billion in further automating the business processes! Having missed the first wave of the technology revolution, for a Compliance leader, it is relatively easy to justify a spend for an Enterprise Software to streamline the compliance processes, manage the compliance projects and records, and to subscribe to compliance intelligence!
According to Gartner, “Boards and CEOs are much more willing to invest in technology that has a clear tie to business outcomes, and less so for everything else”.1
CEOs and the executive teams (C-Suite) are looking for continued differentiation of their businesses in order to gain and maintain the competitive advantage. The C-Suite is already aligned with the opportunity to capitalize on the wave of digitization and cloud based software as means to achieve paperless transactions, enhance productivity, improve time-to-market and further reduce costs.
With an appropriate investment in the Enterprise Software, the leaders, managers, and professionals practicing Product Regulatory Compliance can bring huge productivity gains through the attainment of the benefits of digitization, organization, automation, intelligence and collaboration. While social responsibility and environment are the most pressing cocern for the world, governments and businesses, the Compliance leaders can turn the Product Regulatory Compliance from ‘necessary evil’ into ‘competitive advantage’ by using Enterprise Software.
Following is the executive summary of strategic business outcomes attained through the use of the software, and a basis for budget allocation:
Based on the above explanation, it is relatively easy for the Compliance leaders to demonstrate a clean business case and justification for the budget allocation.
Facilitated by the globalization and advancing technologies, today, even a startup company aspires to sell its products into multiple markets. This brings up a need to understand and fulfill the disparate compliance requirements for different markets and technologies, bringing at the forefront the need for the compliance knowledge base.
The pandemic has forced and popularized the hybrid and remote work, bringing a sharp focus on teams’ ability to tactically collaborate beyond holding the online meetings. While working globally from different geographies, businesses are looking for uninterrupted continuity and quick processing of the business processes and documents throughout its value chain. The use of a cloud based software brings the benefits of digitization and collaboration.
The cloud based, Software-as-a-Service (SaaS) model offers superior technology based on simple design and industry-wide best practices. The SaaS provider supports and interacts with many customers, and therefore offers capabilities based on the implementation of the best practices. Correspondingly, the use of a SaaS product offers higher value while brining further standardization.
The upfront configuration and administrative capabilities allow the software product to be tailored and implemented to a company’s business processes, while bringing the standardization across the value chain. The administrative rights remain with the business (Compliance team), therefore, the business does not have to rely on the internal IT for any administrative tasks such as, but not limited to, managing the users and privileges.
The privilege management allows the Compliance teams to provide role based access to different users. Some users can upload and edit a document, whereas some users can merely view a document; some users can create a Smart DoC, but must obtain approvals and signatures from the respective responsible persons; a Compliance team member may initiate a compliance project and assign the deliverables to different owners, where the Compliance team and other key members can see all the deliverables and tasks identified in a project, however the owners of the deliverables may be restricted to see only their areas of ownership, and so forth. Further, the user access can be restricted by different parameters, such as, but not limited to, by products, record types, markets, disciplines, etc. Additionally, teams or user groups could be formed specific to a project or product or discipline (e.g. EMC vs. Product Safety, etc.), facilitating a close collaboration and sharing.
The new technology offers collaborative capabilities allowing different stakeholders to participate in a compliance project – from initiating, assigning tasks to different persons (insider or outside the company), providing support documents, reviewing the draft deliverables uploaded by the test labs and approving the final documents, viewing the status of the ongoing activities, and completion of the actual project, etc.
Event based management offers alerts, updates and notifications so that the users are prompted to review and take actions on the key events relevant to their specific roles.
Providing compliance knowledge and intelligence is one of the important and core competencies of the SaaS provider in the regulatory space.
The world of regulatory requirements is dynamic in nature due to the following, but not limited to, reasons:
The use of a vertical Enterprise Software product (catering to the space of Product Regulatory Compliance) can bring the regulatory intelligence to the Compliance teams for different markets and disciplines so that they do not have to put in an exorbitant efforts to keep pace with the changing requirements. This allows the Compliance teams to focus on testing and obtaining the approval for the new products and recertifications of the existing products.
Cybersecurity is a big concern in today’s interconnected world. Securing the SaaS application is ultimately the application provider’s (publisher) responsibility. The SaaS provider leverages the public cloud providers and their security toolset to secure the core infrastructure.
However, designing security within the application is still publisher’s responsibility. A well-designed system will resist and thwart external perpetrator and also provide data security and access control for internal organizational security.
This still leaves the burden of securing the login access with the user. However, the use of Multi-Factor Authentication (MFA) and Single Sign-On (SSO) capabilities take the anxiety away from securing the authentication process, while allowing the user to reap the benefits of cloud application.
The SaaS provider continuously works on enhancing the security of a product.
Cloud based, Software-as-a-Service model has dramatically lowered the total cost of ownership (TCO) of software systems through the implementation of annual subscriptions.
Generally, a SaaS provider offers multiple plans for a customer to choose from, allowing usage-based pricing to the customers. Therefore, a budget-conscious manager does not have to wait to organize the core compliance space as s/he can start with a smaller plan and fewer users, and gradually ask for more value by paying more.
Within a subscribed plan, the SaaS provider also releases enhancements and fixes. In addition, the SaaS provider continues to identify more opportunities for automation in the core and adjacent areas, gradually offering incrementally more value to the customers.
Importantly, the Compliance managers will NOT have to pay for company’s internal IT resources as the SaaS product is managed totally by the SaaS solution provider. There is no additional administrative cost in managing the SaaS product. Typically, the overall upkeep of the product, back up and other administrative tasks are the responsibility of the SaaS provider.
While determinig the budget for your SaaS product, consider the following at the least:
Lastly, the Enterprise Software for a vertical (in this case, the Product Regulatory Compliance) is developed specifically for the compliance professionals and their ecosystem partners, and addresses the compliance related complexities, changes, nuances, jargons, business processes, and business use cases. Therefore, its cost could not be equated to the low cost of the generic office suites from players such as Microsoft, Google, Box, etc. as the latter applications are developed for and supported by a huge customer base.
An investment into software is a wise investment which more than pays for itself.
Consider the following tactical benefits and ask yourself a question “what is the annual value (or price) pegged to these benefits”?:
An investment into an annual subscription, if paid off in eight to nine months, would be considered an excellent ROI forming a natural business case.
Because developing and marketing the software product is its core business, the SaaS provider continuously enhances its product offering, solving the industry constraints one by one, and streamlining the processes, thus bringing the benefits of digitization, organization, automation, intelligence and collaboration to the overall space. The Compliance managers and other users will see the automation, enhancements and features at a much quicker rate than they would have received from a tool built in-house.
The Organisation for Economic Co-operation and Development (OECD) defines the mid-size companies as having the number of employees between 50 to 249.2
Gartner defines a midsize enterprises are those organizations with 100 to 999 employees and that make more than $50 million, but less than $1 billion in annual revenue.3
Due to their immense focus on growth, scale, productivity, and agility, mid-size companies often experience the growing pains and require tools and automation to achieve and manage the next level of growth. The Compliance teams will be able to do things faster than before, create a better experiece for their customers, and create more efficient operations by using the SaaS solution for Compliance. Therefore, the mid-size enterprises benefit the most from the use of a SaaS solution.
Sometimes, these companies also grow through acquisitions, where the use of a SaaS product can come handy in obtaining compliance records of the acquired company and quickly organizing them in a standard and consistent manner, bringing the full understanding of the overall compliance landscape of the newly acquired business.
It is our strong recommendation to mid-size companies to stay away from ad-hoc and shadow IT projects, and embrace a SaaS solution!
Gartner defines a small business as an organization with fewer than 100 employees and with less than $50 million in annual revenue.5
With a small footprint in the form of a few products that are sold in a small number of markets, startup companies perhaps can comfortably manage the compliance activities using the Excel spreadsheets. However, most of these startups do not hire a dedicated Compliance professional; typically, an Operations professional plays multiple roles including that of a Compliance professional. By starting with a small plan offered by the SaaS provider, the owner of the Compliance function - typically an operations person - will be able to do things faster than before, while reaping benefits of organization and automation early in the game.
In 80’s and 90’s, the large enterprises invested in automating their important business processes. Initially the IT department developed the tools in-house. Today, these in-house applications and tools have gradually been replaced by the best-of-breed SaaS offerings in the market.
Similarly, many large companies have spent millions of dollars in developing their internal tools to manage the product regulatory compliance. In spite of the internal compliance-specific knowledge base these companies have, the sheer work load does not allow them to keep pace with the changing compliance requirements and bring the required enhancements and updates in the home-grown tools. Even if a Compliance team succeeds in building and managing in-house tools, it will struggle to build deeper capabilities, let alone address the functional adjacencies. Besides, in today’s world, using the hours of software engineers to develop or update the in-house tools costs a lot, bringing in question the prudence to develop in-house tools as it does not pass the ‘core vs. context’ criteria.
Today’s CIOs are well aware of this phenomenon and themselves scrutinize building any in-house tools – they are fully committed to support the SaaS products.
Sometimes, the large enterprises are constrained to use the legacy, in-house tools that they have been using for a long time, because these tools are deeply integrated with different business applications. Therefore, the Compliance departments hesitate to replace the legacy system. In such instances, the large corporations can partner with the SaaS companies to leverage and fill the gap of the important capabilities that their internal tools lack.
Following are a few examples of areas where large companies can parter with a SaaS company and reap the related benefits:
The above could be a minimal but powerful engagement bringing instant benefits. Although the SaaS companies generally offer fixed plans opposed to a-la-carte capabilities, considering the size and scale of the operations of large enterprises, a separate arrangement could be discussed.
When a large company acquires a mid-size or small company for the strategic reasons, and if the businesses or technologies of the two companies are different, the compliance processes and requirements of an acquired company may not fit with the company that made the acquisition. In this case, the acquired company may not receive the required attention from the parent company for its compliance-specific needs. Such acquired businesses may also benefit from the use of a SaaS solution.
At an appropriate time, the leaders must think about replacing the legacy systems with the SaaS solutions - either in a forklift (in one go) approach or in a phased approach.
1 Table 1. Worldwide IT Spending Forecast (Millions of U.S. Dollars): Gartner Press Release, July 14, 2021:
https://www.gartner.com/en/newsroom/press-releases/2021-07-14-gartner-forecasts-worldwide-it-spending-to-grow-9-percent-2021
2,4 The Organisation for Economic Co-operation and Development: https://data.oecd.org/entrepreneur/enterprises-by-business-size.htm
3,5 Gartner Glossary: https://www.gartner.com/en/information-technology/glossary/smbs-small-and-midsize-businesses