Evidence-Based Compliance

Across industry, commerce and public sector, compliance has come to exist in many shapes and forms. Based either on best-practice, industry standards or, the unequivocal demands of ‘regulatory’ compliance, its application is often a retrospective task. When a non-compliance does rear its ugly head, it becomes the reference point for attempts at mitigation and the creation of ‘get-out-of-jail’ cards. Regulatory compliance however, the sole purview of government, leaves little or no room for creative interpretation and no margin for rework; the increasing number and severity of prosecutions by the UK authorities for breeches of compliance should leave no one in doubt.

For some organizations, compliance exists as a set of procedures and standards employees are expected to know and adhere to. Set alongside risk and governance documentation, they may be taken off the shelf from to time for training and auditing purposes. However, for increasing numbers of firms, addressing compliance is routine task and a component of transactions, such as in the production of a complex, tangible goods. Without automation, recording an instance of a compliance activity is often seen as time consuming.

In today’s service sector, where the product on which to stamp compliance is often intangible, it may be the conduct and outcome of a phone based interaction which must be meet a given standard. The impending pan-European GDPR legislation, set to come into force in May 2018, is creating waves in organisations at the coalface of compliance aiming to ensure compliant activities contribute to reducing risk and not vice versa.

For any medium to large organisation setting out its stall for GDPR and other compliance directives, simply listing known risks then setting out to ameliorate them is counterproductive. Risks arise within an organisation, for the most part, due to the design and/or execution of processes be they in people, systems, or machine-based tasks. With an organisation’s processes modelled using a BPM platform such as iGrafx, data from transactions and activities, be they human or machine based, can be captured providing a rich source of insight into the compliance or otherwise at a task, activity or process level. The ability to monitor workflows in real-time now means remedial actions can be initiated to negate the instance of a risk while recording, the appropriate data and evidence of compliant transaction or otherwise.

When a highly regulated organisation in the consumer sector approached IGX Solutions with the need to address impending compliance issues, it soon became apparent that some out-of-the-box thinking was required. The scale, complexity and security of their line-of-business systems calls for a non-invasive approach to the compliance issues associated with GDPR. The solution would need to manage the high volumes and variety of customer transactions across a complex IT estate while evidencing GDPR-compliant outcomes in the process.

IGX Solutions, a long established iGrafx BPM partner, proposed a solution able to utilize the client’s investment in BPM as the driver of the architecture for a new customer services system. The system is planned to address both customer service transactions by phone and on-line, delivering compliance reporting in real time. With each transaction, the system will record the real-time, “Evidence-based Compliance” for both routine internal audit and for the benefit of the UK’s ICO.

To discuss your requirements or find out more about the potential Evidence-based Compliance, contact IGX Solutions now at +44 (0)899 9999 9999 or email service@igxsolutions.co.uk