Is Software the Answer to Efficient Regulatory Data Management?
- By Scott Williams
- Oct 01, 2007
In recent years, the health and safety industry has recognized and embraced technology in an effort to find a better way to manage chemical information. MSDS management, in particular, has found a ready audience for technology. After experiencing the benefits of an MSDS management system, it is logical to want to take the information already collected one step further to streamline other areas that greatly need assistance.
One area that is increasingly difficult to manage is the data associated with regulatory compliance. There are myriad regulations and reports that must be tracked, from governmental agencies to corporate mandates and ISO certifications designed to make the workplace safer and greener. How does an under-resourced EH&S individual or team efficiently manage the monster that regulatory compliance can become?
Markets and corporate structures seem to keep expanding and changing, introducing new regulatory challenges. Requirements continue to grow as state and federal lists get added and existing lists expand. For example, the U.S. Department of Homeland Security has become an important agency that is about to introduce new reporting and tracking requirements for specific chemicals of interest. If products are sold to countries with RoHS lists (this includes the European Union and China), prohibited chemicals must be tracked and fully documented. The United Nations' recent approval of GHS and the subsequent or pending adoption by a large number of agencies and countries (including the United States, Canada, Japan, and the EU) introduces new concerns, such as the reclassification of product MSDSs and the generation of associated workplace and product labels.
In today's market, the intricacies are mind-boggling--and the spreadsheets of old are struggling to keep up with the complex lists and calculations. Ensuring all proper chemical and regulatory information is updated, integrated, and shared is a huge task. The mere thought of finding a way to manage this efficiently to avoid workplace incidents or fines is enough to make anyone's eyes glaze over.
An electronic solution in the form of software is an obvious answer to these challenges. Comprehensive software from a knowledgeable, service-oriented vendor is a necessity, but, here again, one is faced with many options that may be difficult to accurately navigate without sufficient technical experience. Typical concerns related to purchasing technology exist here, just as they do when buying a home computer.
Important parts of the equation include: truly understanding what is necessary without overbuying, weeding through technical or marketing jargon to get to the real functionality of the software, understanding security risks, and picking the best from all available options (such as going Web-based or sticking with client-based applications). When one does manage to sort through the options and pick a solution, justifying the cost to the CFO is another hurdle that must be overcome. This article seeks to get to the bottom of some of these questions and provide you with useful advice for finding and justifying the cost of the software vendor that is right for your specific regulatory needs.
Software can centralize information that was once difficult to compile. In addition, when the database structure is set up properly, information can be fully utilized if applied to multiple functions. For instance, data tracked for MSDS management can also be used to create workplace labels and, with the correct software, can be combined in new ways for simpler and easier reporting. Complex reporting such as Tier II and Form R can be streamlined by software that is integrated with the regulatory lists and able to perform intricate calculations and cross-references. Cost justification also improves when data can be optimized where one point of entry results in multiple functions and features.
One of the most difficult facets of managing regulatory compliance is keeping existing regulatory data current and being aware when new regulations are added. If software is created in house and managed by your team, updating the mechanisms that track that data can be cumbersome and easily susceptible to human error. The right regulation data management software vendor can help. Software scripting can automate processes, making uploads, cross-references against chemicals, and distribution of new regulatory information a one-step procedure. Software vendors also should apply resources to ensure they are aware of updates and changes to content, which saves you from the tedious work of searching for and reading long regulatory documents. Finally, outsourced software puts the onus on the vendor to supply time and resources to interpret, calculate, and program software to properly apply all new information. This can save you considerable time and headache when changes to regulations require complex calculations or reports. The time and cost benefit of not having to allocate resources to researching, programming, and applying updates is an important element in cost justification.
Being aware of which questions to ask and which issues to investigate thoroughly before making a decision can greatly streamline your purchasing process. Consider the following before moving forward:
• Be sure the vendor has the knowledge base necessary to truly understand your needs and the regulatory compliance requirements you face. This should include the entire organization, from sales to IT to support. All members should be informed and understand the complexities of your needs. In addition, find out what kind of support is included, whether it is for software, regulation data management, or both. Either way, determine whether the support staff is able to understand your regulatory compliance requirements well enough to truly support you.
• Be sure the vendor stays current with regulations and has an established method for keeping you informed of the related changes. Require a potential vendor to supply you with referrals and be sure to ask whether the vendor approaches regulatory information and updates proactively, rather than reactively.
• Security often is the largest concern, and yet, just as often, it is the least understood. In all infrastructural information technology, everyday risk is present. The greatest and oftentimes most costly disruptions occur when something that has always functioned without effort or thought stops working. "Every vendor should have methods in place to ensure availability, reliability, and extensibility," said Dani Amendola, director of Technology with SiteHawk. "Ask your vendors about security (physical, network, and application); environmental risk avoidance such as climate control, fire suppression, redundancies in systems, power and connectivity failure; and in the case of statistically unavoidable realization of risk, ask about risk mitigation (minimizing the effects of realized risks through disaster recovery, backup procedures, regionally decentralized redundant systems, business continuity when your software vendor ceases to be able to provide their products and services)." With proper application, software security can become an asset rather than a liability.
• Investigate the software to ensure it is configurable and able to track and report according to your specific needs. Avoid the "silver-bullet mentality" from vendors who offer one technological implementation that will solve any issue you might be confronted with. In reality, there is no single solution that will suffice for every scenario. Understand your own needs, have them prioritized and ask your vendor whether they have a solution to each one, what their solution is, and who has used it in the past. If it is a new feature being created for you, ask for references of other customers for whom such custom development work has been completed. When talking with the references, be sure the vendor did not over-promise.
• Whether you elect to manage the data in house or decide to reduce internal resource burdens by contracting with a vendor who supplies data indexing services, remember that the end result is only as good as the information supplied. Simplified: Garbage in equals garbage out. Be sure your chosen vendor is accurate as well as willing and able to supply quality assurance policy and statistics. When dealing with regulatory concerns, inaccurate data could result in severe consequences--from large fines to harmful effects for the corporate image, ultimately resulting in a damaged bottom line.
• Beware of hidden fees and resource drains. To avoid incurring surprise costs, be sure you understand how the chemical data, regulatory lists, and software will be updated and the associated costs. Require documentation that specifically lists what updates are included in the standard fee. Find out whether you will need to allocate resources on your end and what level of expertise those resources will need. Be sure to inquire how much time your IT department will need to invest.
Things to consider include hardware and software upgrades; data backups; physical, network, and application security; general system maintenance; disaster recovery and business continuity; development of new features and uses; etc. If a vendor is an ASP, most of these concerns should be handled by the vendor with little, if any, need for assistance from your IT group. If the system you are considering is client-based, be sure your IT department is staffed to handle these concerns and is on board with your vision so your needs are met on time.
Contracting with a reliable vendor can ensure you don't spend your time updating spreadsheets and data, performing calculations, or searching the Internet to track down regulatory requirements. In the end, you should be looking for more than a vendor whom you see only once, at the time of the sales transaction. Rather, you should consider this a process of finding a long-term partner who can be counted on to assist with the ongoing process of regulatory compliance management in today's evolving marketplace.
This article originally appeared in the October 2007 issue of Occupational Health & Safety.