People Plus Requirements Equal More Robust Product Compliance
As we all know, the staff and the roles they play in maintaining and ensuring continued product compliance is critical to any successful business. Unless that business is subject to serious issues, such as product recalls, deteriorating brand recognition and or unhappy customers it is in the best interest of the business to have a product compliance structure in place that is reasonable as well as practical.
Unfortunately, some businesses may only understand what product compliance means at a technical level, such as meeting specifications and regulatory laws. Yet, I continually see businesses that have not placed the same level of due diligence when it comes to staffing, the functions that need to be engaged and how they communicate as a team towards the aggregate product compliance goal. This translates into a non-robust product compliance structure with process and compliance gaps that could be detrimental to the business. As seen in the graphic below, equal weighting must be placed on both the requirements as well as the staffing needed to ensure that those requirements are continually being met.
Involvement of the wrong staff, duplicate efforts, staff who should have been involved in the product compliance process but were not, and missing signatures or lack thereof are just a few of the examples where those of us in the product compliance arena may have been exposed to added product risks from a safety or regulatory perspective. The risk varies in severity, from virtually none to an actual product recall.
Will the Real Functional Teams Please Stand Up?
Not all businesses have the same exact working model and, as a result, there may or may not be the same business team functions in a given company. In some cases, multiple roles or functions may be combined and taken on by a single person. For example, a quality manager may have the combined oversight for manufacturing, quality and testing. At the other end of the spectrum, a business may be fortunate enough to have a dedicated person for each specific role. From the perspective of the product compliance process (PCP), it is important to identify and include all the functions necessary to ensure that robust products are shipped that continually meet or exceed safety or regulatory requirements. Regardless of whether multiple functions are handled by a single person or there is dedicated staff for each function, the message is the same: identify the function and evaluate its need for inclusion in the PCP.
Table 1 shows some of the key roles or functions that need to be evaluated for possible inclusion in the PCP. The table is grouped into eight general categories. Shown below each category are the functions or roles that reside in that category. At first glance, this table appears a bit overwhelming. How can each of these groups be part of the product compliance process, and how and when do they fit into the overall picture? However, failing to consider each of these groups may create an unwanted product performance issue or a gap in the process that is used to control and manage product compliance.
Group Interactions – Excuses Pose a Potential Disaster
Each of categories shown in Table 1 have an overall functional responsibility in the PCP. As a compliance officer or leader responsible for the PCP, each of these functions requires careful consideration as to whether or not it should be part of the PCP. It is a common mistake to underestimate the importance of some of the functions noted. Some of the reasons for underestimating their importance include:
- Lack of the compliance officer’s fully understanding the role of a specific unction and or its segments;
- Assuming that a function can be better handled by a different team, since they know more about the actual function itself;
- Ignoring or dismissing a function in its entirety on the assumption that the function is simply not important;
- Including only parts of a given function in the PCP, instead of considering all of the parts on an equal basis;
- Basing PCP planning on previous experiences which may themselves have been flawed.
The Plan of Action – Start From the Basics
Determining who needs to be involved in the PCP must begin with understanding the critical parts and critical processes of the PCP. Every business and every product is likely to have a different set of critical parts and critical processes. These critical parts and processes tie directly to the potential for a noncompliance. At the same time, critical parts and critical processes are closely interrelated, so it is prudent to consider the interactions between them as well.
Each requirement that the product must meet should be directly mapped to the set of critical parts inside that product which are integral to the product’s compliance. In addition, that same requirement may also have a special or critical process or procedure that must be consistently followed. For example, if there are 10 separate requirements the product needs to meet the following scenarios are possible:
- Each requirement could have both a critical parts list and a critical processes list.
- Some requirements may only have a critical parts list while others may have critical processes only.
- Mixed – some requirements have both critical parts and processes while others only have critical parts or processes.
In my experience, it is not at all uncommon for companies to have a set of critical parts but to completely ignore the process side of the equation. A simple representation of the core activity is shown in Figure 2.
The People Process – Get it Right the First Time
Once the critical parts and processes are documented, each of the functions listed in Table 1 must be evaluated against each critical part and process. This can appear to be a daunting task, but is actually rather easy to do as long as the compliance officer responsible for the PCP has conducted a thorough due diligence. Each of the functions noted in Table 1 should be evaluated to determine whether that function is integral in maintaining a robust critical parts list and/or whether the critical process identified is part of their responsibility. Granted, this can take repeated reviews to get this right. Some challenge questions to consider asking are:
- Does this function impact the critical part or process in any manner?
- Does this function need to provide input to another function in order for that function to perform correctly?
- Are there any procedures in a function’s operation that conflict with that function’s ability to do its job correctly with respect to the critical parts and critical processes?
In my experience, many companies gloss over this critical aspect only to experience significant problems later on. Often, people make assumptions that are simply wrong or inaccurate. These mistaken assumptions are often due to the “excuse factors” I mentioned earlier. Again, the bottom line is conducting the necessary due diligence on the PCP to ensure all the right functions and roles are included. Test the results of the analysis of the functions. Perform trials and exercises until you feel confident about the results.
Manager |
Go To Market |
Factory Support |
Supply Chain |
Customer Shipment |
Product Support |
Product Design |
Systems |
Senior |
Marketing |
Quality Assurance Factory |
Purchasing |
Shipping |
Technical Docs |
Hardware |
Information Technology |
Finance |
Sales |
Quality Assurance Shipping |
Component Quality |
Returns |
Repair Services |
Software |
Web Site |
Legal |
Technical Operations |
Vendor Selection |
Customer Service |
Mechanical |
Bills of Material |
||
Govern-ment Relations Office |
Factory Engineering |
Vendor Control & Quality |
Packaging |
||||
Program Manager |
Test Engineering |
Industrial Design or Product Styling |
|||||
Other – |
Other – |
Other – |
Other – |
Other – |
Other – |
Other – |
Other – |
Table 1: Functions or roles for possible inclusion in the product compliance process (items in red type represent partner functions)
The PCP Core – Signoff Procedure Document
With the functions now identified, document a sign-off procedure that involves all of the identified functions from Table 1. Ensure that all functions involved agree and understand the document. Each time there is a ship authorization or product change, use the signoff procedure document (SPD) to ensure that no critical parts or processes are being impacted. If there is an impact, the appropriate actions can then be taken by the function owners and the compliance officer. The SPD should contain a list of critical parts and processes and/or provide information as to where the reference information can be found. The compliance officer is generally the person accountable for this information or any change made to it. The SPD should also follow good version control practices, so that changes to products or business strategies can be accurately reflected in the SPD.
The RED ZONE – Don’t Leave Out Your Business Partners
Unfortunately, many companies disregard PCP control principles when it comes to ODM and OEM manufacturers that are an integral part of their business. Assumptions, inadequate documentation and lack of personnel to pay attention to the PCP of the ODM or OEM are typical causes for failure in their PCP program. Once this occurs those issues that reside on the ODM or OEM side of their business will percolate into the main line PCP, creating process gaps and product risks.
Each category in Table 1 needs to include a respective counterpart at the ODM or OEM partner in order to be effective and minimize risk. Step one in this process is to ensure that a compliance leader or manager at the ODM or OEM that is responsible for their PCP is identified which will allow the ODM and OEM partner to have equal opportunities for engagement into the core PCP. The same steps as noted earlier should be done at the ODM or OEM partner to ensure their PCP is fully embedded in the core business PCP, including the SPD.
Looking Forward
The PCP is a living program, and each stakeholder involved with the PCP needs to be engaged proactively and positively, including ODM and OEM partner PCP’s. It is important for the compliance officer to have a good working relationship with all the stakeholders and to conduct periodic evaluations to ensure their continued activity and support for the PCP. No business should be exposed to increased risks simply because one of the stakeholders in the PCP has a particular issue or challenge that has gone unaddressed. The compliance officer needs to have their finger on the pulse of each stakeholder on a frequent basis to identify any issue that may pose a risk to the product or the operation of the PCP. Quarterly review sessions, regular training on the PCP, and crisp, clear communications are some effective methods to better engage the PCP stakeholders.
Over the long term, maintaining a robust PCP can be a challenge to many businesses. Lack of discipline, assumptions, skipping key points of the PCP and overall inadequate due diligence are just a few of the excuses that can trip up any organization. However, the business must set an example and demonstrate commitment to the PCP in its daily operations. It is important for the leadership of the business to recognize not only the roles various teams play in the PCP but also the overall importance of the PCP to the business’s brand and image.