Editor's Choice

How exactly does IT support ­manufacturing compliance?

March 2016 Editor's Choice IT in Manufacturing

Manufacturing companies are increasingly subject to new compliance frameworks which need to be understood, incorporated and adhered to in order to stay in business. Manufacturing compliance is increasingly a concern as a result of new regulations, and globally connected supply chains where products are made and consumed across multiple jurisdictions.

In an age of total transparency, the entire reputation of a business can rest on a single system error or the misguided action of single employee. Compliance violations can lead to intervention by the authorities with loss of reputation, financial damage and criminal liability.

IT is an enabler

Manufacturing IT, owing to its role in the underlying business processes, is a key enabler of compliance. Yet poorly managed IT systems can also pose a significant compliance risk to the businesses. Badly designed software or legacy systems that have not been maintained can continually be in violation of several regulations and standards, without the business owners even being aware of this.

Compliance is not something that can be bolted-on; it needs to be intrinsic to the design and selection of each process supported by the IT system. Proper control systems should be in place to ensure that these systems are then maintained in accordance with the necessary standards.

Manufacturing compliance is subject to several regulations and standards, as well as industry and technical requirements throughout the value chain. Areas such as product safety, data control and privacy, export controls, traceability, manufacturing records, environment, health and safety, product safety, employment and financial reporting, are all compliance areas subject to various regulations and standards.

Examples of applicable standards in regulated industries include the FDA standards on Good Manufacturing Practice (GMP) and the Code of Federal Regulations (CFR). Other industries that do not fall within the scope of the FDA might be regulated by several standards such as ISO, and IEC etc. Corporate reporting and access to funding might be regulated by Sarbanes-Oxley, Basel, the Equator principles, and so on.

Bridging the disconnect

There is typically a large disconnect in com­pliance awareness at the different levels of the business (A.T. Kearney study, 2013). In general compliance tends to be much more of a concern of top management, while lower levels in an organisation often view it as an unnecessary administrative burden or obstacle to doing ‘real work’.

The role of properly designed and implemented IT systems in ensuring compliance is significant. There are several ways in which IT can support compliance such as:

• Business processes that are designed to enforce the necessary disciplines and controls.

• Proper handling and storage of electronic records.

• Compliance related information dissemination and transparency.

• Information security.

Well-designed business processes can enforce adherence to compliance processes and standards. But, the average user might complain about the “unfriendly” ERP system without realising that these systems are embedding multiple compliance objectives. It is therefore important constantly to sell the importance of these compliance objectives to these users.

Compliance in IT needs to be viewed holistically because it applies to all levels of the manufacturing system, from plant level sensor, process control, manufacturing execution, business process management, systems of record, analytics and reporting. When companies are organised in silos, this holistic view of overall system compliance is broken down. In response, some companies will set up a separ­ate compliance function reporting directly to the board that operates across all functions.

As with all IT systems, the technology itself is less important than the way the system is implemented and managed. Various internal frameworks exist to manage compliance include CoBIT, ITSM, COSO etc. Implementation of these frameworks can often be fragmented and sporadic owing to their complexity and sheer weight. To add to this, fast-moving technological trends, such as mobile computing and cloud-based services, can run ahead of existing IT governance processes. In practice, employees and middle management then simply bypass IT controls to do their work. A balance therefore needs to be found between heavy governance frameworks and the need to support new agile processes needed by the business.

Manufacturing IT professionals at all levels must be familiar with the applicable compliance standards in their industry and ensure that all areas of IT, systems development and implementation take these into account.

Regulated environments pose additional problems

In regulated environments, IT systems will need to be validated. Validation ensures that the system meets the required standard and that it will remain compliant. Key elements of validation include audit trails, secure access, secure electronic transactions etc. Validation also requires examination of the system functionality against requirements, examination of the way systems are specified, designed, developed, tested and maintained and the associated change control processes. Organisational elements in terms of resources, skills and awareness also need to be tested on an ongoing basis.

It is important to design validation into the ongoing manufacturing business processes and not just regard it as a single event. A management control system should be implemented around those processes with the highest risk of non-compliance. The system should record deviations from the standard, assesses the associated risk and compliance aspects, and follow through with corrective actions and feedback.

In conclusion, manufacturing system compliance is a critical competency of any manufacturing company. IT can play a vital role in ensuring that compliance is designed into the processes and managed on an ongoing basis, but this does require a level of maturity and awareness in the business as to the importance of being compliant in order to stay in business.

Gavin Halse is a chemical process engineer who has been involved in the manufacturing sector since mid-1980. He founded a software business in 1999 which grew to develop specialised applications for mining, energy and process manufacturing in several countries. Gavin is most interested in the effective use of IT in industrial environments and now ­consults part time to manufacturing and software companies around the effective use of IT to achieve business results.

For more information contact Gavin Halse, Absolute Perspectives, +27 (0)83 274 7180, gavin@gavinhalse.com, www.absoluteperspectives.com


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Case History 167: Test your analytical capabilities
July 2019, Michael Brown Control Engineering , Editor's Choice, Motion Control & Drives
Answer to the question at the end of Case History 166 (www.instrumentation.co.za/8690r) In the last Case History article, I suggested you try and see what was not so good about a level control, which ...

Preparing fertile ground for a successful IIoT project
Technews Industry Guide: Industrial Internet of Things & Industry 4.0, Absolute Perspectives , Editor's Choice
The Industrial Internet of Things (IIoT) is a collection of emerging technologies that together have the potential to create significant business value and even create new business models.

IIoT platforms, not all created equal
Technews Industry Guide: Industrial Internet of Things & Industry 4.0, Altron Arrow , IT in Manufacturing
Having a state-of-the-art architecture based on the most modern technology will not benefit any company unless it is tied to a specific purpose and business outcome.

Bringing trust to the Internet of Things
Technews Industry Guide: Industrial Internet of Things & Industry 4.0 , IT in Manufacturing
Huge amounts of data are generated by and collected from a wide variety of IoT devices. It is then analysed and actions taken, depending on the results of the analysis. However, if you cannot trust the ...

So, what’s left for us humans after the machines take over?
Technews Industry Guide: Industrial Internet of Things & Industry 4.0 , IT in Manufacturing
That said, there are some guidelines that can be put in place. An obvious career path exists in being ‘on the other side of the code’, as it were – being the one who writes the code, who trains the machine, ...

Staying ahead of industrial cyber-security threats
July 2019, Parker Hannifin Sales Company South , IT in Manufacturing
The consequences of cyber attacks on businesses can be huge, operation downtime, loss of productivity, proprietary information loss, diminished reputation among customers, business partners and investors and disruption of services.

Control loop question answered
June 2019, Michael Brown Control Engineering , Editor's Choice
Control loop expert Michael Brown recently received a question from reader, Hansell Williams. The question relates to applying neural network and machine learning concepts to plant automation and control. ...

Endress+Hauser’s IIoT technology masters the mining challenge
June 2019, Endress+Hauser , IT in Manufacturing
Endress+Hauser aims to improve the processes of its customers with regards to efficiency, quality, safety and sustainability.

Digital transformation status and progress in process industries
June 2019 , IT in Manufacturing
Industry research indicates that there has been more than 75% of the process industry participating in Industry 4.0 technology evaluation or pilot projects, there is still less than 25% of the industry moving beyond the pilot phase.

Does edge computing have the edge?
June 2019, Omron Electronics , IT in Manufacturing
Implementing artificial intelligence in industrial manufacturing