Matt Hodges-Long 28/08/2018
Deep in the heart of your company’s network folders are likely to be a range of critical documents. These documents could save your business in the event of prosecution, regulatory enforcement, employment tribunal or a complex insurance claim. They are your risk & compliance documents.
Risk & compliance documents are the evidence that your company has followed the law or complied with a condition. They are the response to being asked: “please provide evidence that the xxx procedure was followed in accordance with law xxx.” Failure to provide this documented evidence can put your business at serious risk of fines or even prosecution (even if you are compliant).
The impact of regulatory enforcement is growing every year. Recently, GDPR has moved maximum fines from £500,000 to £18m+ whilst Health & Safety sentencing guidelines have also increased.
Risk & compliance documents
So this leads to a number of questions about your risk & compliance documents:
- Have you identified them?
- Do you know where they are?
- Are they all up to date?
- Can the correct people see them?
- Is everyone looking at the same version?
- Can you measure who has viewed them?
- Are they easy to maintain?
- Is it too easy for them to be deleted or moved?
Risk & compliance document control
Typically, attempts to implement risk & compliance document control start by creating a ‘summary layer’ on top of existing network folders. The summary layer normally consists of a spreadsheet to manually track all risk & compliance documents. This spreadsheet usually has an expiry date column that is used to drive update and renewal activity.
Manual risk & compliance document control is better than nothing but is still prone to error and expensive to manage. This is where a new breed of risk & compliance document control platforms come into the picture.
What do risk & compliance document control platforms do?
In short, these platforms use cost effective cloud technology to automate the risk & compliance document control process. They recognise the potential ‘value’ of documented evidence and build layers of control around it. Access control, activity logging and workflows give these critical documents the attention they deserve.