Deep in the heart of your company’s network directories are in all likelihood to be a variety of vital documents. These documents could well save your business in the event of prosecution, regulatory enforcement, employment tribunal or a complex insurance claim. They are your risk & compliance documents.
Risk and compliance documents are the evidence that your company has followed the law or satisfied a regulatory rule or condition. They are the response to being examined: “please provide evidence that the xxx procedure was followed in accordance with law xxx.” Failure to deliver this documented evidence can put your business at considerable risk of fines and even prosecution (even though you are compliant).
The weight of regulatory enforcement is growing annually. Just recently, GDPR has moved maximum fines from ₤500,000 to ₤ 18m+ whilst Health & Safety sentencing guidelines have also increased.
Risk & compliance documents
So this creates a number of questions about your risk & compliance documents:
- Have you identified them?
- Do you know where they are?
- Are they all up to date?
- Can the appropriate people see them?
- Is everyone checking out the same version?
- Can you measure who has viewed them?
- Are they easy to manage?
- Is it too easy for them to be erased or moved?
Risk & compliance document control
Normally, attempts to carry out risk & compliance document control start by generating a ‘summary layer’ at the top of existing network folders. The summary layer normally comprises of a spreadsheet to manually track all risk & compliance documents. This spreadsheet usually has an expiry date column that is used to drive update and renewal activity.
Manual risk & compliance document control is much better than nothing but is still prone to error and very expensive to regulate. This is where a new breed of risk & compliance document control platforms come into the picture.
What do risk & compliance document control platforms do?
Basically, these platforms use affordable cloud technology to automate the risk & compliance document control process. They recognise the prospective ‘value’ of documented evidence and build layers of control around it. Access control, activity logging and workflows give these critical documents the attention they deserve.