Editor's Choice


How exactly does IT support ­manufacturing compliance?

March 2016 Editor's Choice IT in Manufacturing

Manufacturing companies are increasingly subject to new compliance frameworks which need to be understood, incorporated and adhered to in order to stay in business. Manufacturing compliance is increasingly a concern as a result of new regulations, and globally connected supply chains where products are made and consumed across multiple jurisdictions.

In an age of total transparency, the entire reputation of a business can rest on a single system error or the misguided action of single employee. Compliance violations can lead to intervention by the authorities with loss of reputation, financial damage and criminal liability.

IT is an enabler

Manufacturing IT, owing to its role in the underlying business processes, is a key enabler of compliance. Yet poorly managed IT systems can also pose a significant compliance risk to the businesses. Badly designed software or legacy systems that have not been maintained can continually be in violation of several regulations and standards, without the business owners even being aware of this.

Compliance is not something that can be bolted-on; it needs to be intrinsic to the design and selection of each process supported by the IT system. Proper control systems should be in place to ensure that these systems are then maintained in accordance with the necessary standards.

Manufacturing compliance is subject to several regulations and standards, as well as industry and technical requirements throughout the value chain. Areas such as product safety, data control and privacy, export controls, traceability, manufacturing records, environment, health and safety, product safety, employment and financial reporting, are all compliance areas subject to various regulations and standards.

Examples of applicable standards in regulated industries include the FDA standards on Good Manufacturing Practice (GMP) and the Code of Federal Regulations (CFR). Other industries that do not fall within the scope of the FDA might be regulated by several standards such as ISO, and IEC etc. Corporate reporting and access to funding might be regulated by Sarbanes-Oxley, Basel, the Equator principles, and so on.

Bridging the disconnect

There is typically a large disconnect in com­pliance awareness at the different levels of the business (A.T. Kearney study, 2013). In general compliance tends to be much more of a concern of top management, while lower levels in an organisation often view it as an unnecessary administrative burden or obstacle to doing ‘real work’.

The role of properly designed and implemented IT systems in ensuring compliance is significant. There are several ways in which IT can support compliance such as:

• Business processes that are designed to enforce the necessary disciplines and controls.

• Proper handling and storage of electronic records.

• Compliance related information dissemination and transparency.

• Information security.

Well-designed business processes can enforce adherence to compliance processes and standards. But, the average user might complain about the “unfriendly” ERP system without realising that these systems are embedding multiple compliance objectives. It is therefore important constantly to sell the importance of these compliance objectives to these users.

Compliance in IT needs to be viewed holistically because it applies to all levels of the manufacturing system, from plant level sensor, process control, manufacturing execution, business process management, systems of record, analytics and reporting. When companies are organised in silos, this holistic view of overall system compliance is broken down. In response, some companies will set up a separ­ate compliance function reporting directly to the board that operates across all functions.

As with all IT systems, the technology itself is less important than the way the system is implemented and managed. Various internal frameworks exist to manage compliance include CoBIT, ITSM, COSO etc. Implementation of these frameworks can often be fragmented and sporadic owing to their complexity and sheer weight. To add to this, fast-moving technological trends, such as mobile computing and cloud-based services, can run ahead of existing IT governance processes. In practice, employees and middle management then simply bypass IT controls to do their work. A balance therefore needs to be found between heavy governance frameworks and the need to support new agile processes needed by the business.

Manufacturing IT professionals at all levels must be familiar with the applicable compliance standards in their industry and ensure that all areas of IT, systems development and implementation take these into account.

Regulated environments pose additional problems

In regulated environments, IT systems will need to be validated. Validation ensures that the system meets the required standard and that it will remain compliant. Key elements of validation include audit trails, secure access, secure electronic transactions etc. Validation also requires examination of the system functionality against requirements, examination of the way systems are specified, designed, developed, tested and maintained and the associated change control processes. Organisational elements in terms of resources, skills and awareness also need to be tested on an ongoing basis.

It is important to design validation into the ongoing manufacturing business processes and not just regard it as a single event. A management control system should be implemented around those processes with the highest risk of non-compliance. The system should record deviations from the standard, assesses the associated risk and compliance aspects, and follow through with corrective actions and feedback.

In conclusion, manufacturing system compliance is a critical competency of any manufacturing company. IT can play a vital role in ensuring that compliance is designed into the processes and managed on an ongoing basis, but this does require a level of maturity and awareness in the business as to the importance of being compliant in order to stay in business.

Gavin Halse is a chemical process engineer who has been involved in the manufacturing sector since mid-1980. He founded a software business in 1999 which grew to develop specialised applications for mining, energy and process manufacturing in several countries. Gavin is most interested in the effective use of IT in industrial environments and now ­consults part time to manufacturing and software companies around the effective use of IT to achieve business results.

For more information contact Gavin Halse, Absolute Perspectives, +27 (0)83 274 7180, gavin@gavinhalse.com, www.absoluteperspectives.com



Credit(s)



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Loop Signatures 1: Introduction to the Loop Problem Signatures series
May 2020, Michael Brown Control Engineering , Editor's Choice
Over the years I have had many requests to write a book giving more detailed explanations of some of the problems I have encountered in my work on practical loop optimisation. I am by nature and inclination ...

Read more...
Case History 174: The importance of setting up your controller properly
October 2020, Michael Brown Control Engineering , Editor's Choice
It always amazes me that so few people really understand the workings of their feedback controllers. I have met only a few who really understand the practicalities of control blocks.

Read more...
Loop Signatures 3: Process Dynamics – process gain
September 2020, Leaderware , Editor's Choice
If one wishes to control a process, then it is important to have a reasonable understanding of the process itself and certainly one should also be aware of the external influences that can act on it.

Read more...
Loop signatures: Case History 173
August 2020, Michael Brown Control Engineering , Editor's Choice
More control problems in a copper extraction plant.

Read more...
Virtual commissioning evolves into a model-driven digital twin
August 2020 , Editor's Choice
The primary goal of the commissioning process, whether physical or virtual, is to bring a completely integrated, assembled, and validated mechanical, electrical, and controls software production system into operation.

Read more...
An example of control and automation using IIoT, edge computing and the cloud
July 2020, Absolute Perspectives , IT in Manufacturing
   The challenges of working in remote locations I am involved in a number of projects investigating the feasibility of coal-bed-methane (CBM) in southern Africa. During one of these projects, I came ...

Read more...
Loop Signatures 2: The two classes of processes.
July 2020, Michael Brown Control Engineering , Editor's Choice
This article will discuss the two classes of processes called self-regulating and integrating (or ramping) processes. This subject is absolutely vital to regulatory control, but strangely is seldom taught ...

Read more...
From the editor's desk: The virtual business assistant
May 2020, Technews Publishing (SA Instrumentation & Control) , Editor's Choice
Have you ever wished someone would automate the daily grind of routine tasks and set you free to focus on the more engaging aspects of your job?

Read more...
From the editor's desk: The virtual business assistant
June 2020, Technews Publishing (SA Instrumentation & Control) , Editor's Choice
Enter robotic process automation (RPA), a disruptive workplace technology that uses software “robots” to mimic many of the repetitive interactions human beings have with their computers. It performs such ...

Read more...
Case History 172: Interesting controls in a copper extraction plant.
June 2020, Michael Brown Control Engineering , Editor's Choice
In my 30 years devoted to optimising controls in industrial process plants in many countries, I thought that I had seen all the possible process dynamics that one would encounter. Imagine my surprise ...

Read more...