Hidden in the heart of your company’s system files are most likely to be a variety of critical documents. These documents might save your business in the event of prosecution, regulatory enforcement, employment tribunal or a complex insurance claim. They are your risk & compliance records.
Risk & compliance documents are the attestation that your company has been consistent with the law or complied with a regulatory rule or condition. They are the response to being asked: “… please provide evidence that the xxx procedure was followed according to xxx reference in the handbook. ” Failure to offer this documented evidence can put your business at grievous risk of fines as well as prosecution (even if you are compliant).
The weight of regulatory enforcement is growing yearly. Fairly recently, the DPA 2018 (GDPR) has moved maximum fines from ₤500,000 to ₤ 18m+ whilst Health & Safety sentencing standards have also increased.
What happens if you get a cyber attack on your office systems? What happens if you lose access to these key documents?
Risk & compliance documents
So this triggers a quantity of queries about your risk & compliance documents:
- Have you identified them?
- Do you know where they are?
- Are they all up to date?
- Can the right people see them?
- Is everyone viewing the same version?
- Can you assess who has viewed them?
- Are they easy to manage?
- Is it too easy for them to be deleted or relocated (with unapproved amendments, changes, updates etc)?
Risk & compliance document control
Frequently, attempts to implement risk & compliance document control start by making a ‘summary layer’ in addition to existing network folders. The summary layer normally contains a spreadsheet to manually track all risk & compliance documents. This spreadsheet usually has an expiry date column that is used to drive update and renewal activity.
Manual risk & compliance document control is more effective than nothing but is still susceptible to error and expensive to supervise. This is where a new breed of risk & compliance document control platforms come into the picture.
- Can I Manage the Annual Compliance Monitoring Plan
For a small cost we can adapt any ACMP into use with our platform. Full activity and locked document version control creates an indisputable audit trail.
- Can we store Board & Committee Minutes?
Absolutely, like the CMP, it creates an audit trail that is locked in all but the latest iteration, so for SMCR Reasonable Steps, it is an ideal system.
- What about auditing?
You can grant auditors a login to the account with full “view” access, including the activity logs and version control, document replacements or up/downloads.
- Can we Manage FCA/PRA “Operational Resilience” documentation with your platform?
Yes! The documents, whether planning or final can be saved and stored, creating a clear path to compliance for Operational resilience and any other regulatory project.
- What do risk & compliance document control platforms do?
In short, these platforms use attractive cloud technology to automate the risk & compliance document control process. They recognise the potential ‘value’ of documented evidence and build layers of control around it. Access control, activity logging and workflows give these critical documents the attention they deserve.
Source: Compliance Consultant
We welcome individual bloggers / Professional Writers / Freelancers to submit high quality contents. Find out more…
Our range of innovative solutions can be tailored to suit your unique requirements, no matter whether you’re currently working from home, or are continuing to go into the office. Our services can be deployed individually or combined to form a broader solution to release your energies and focus on your clients.
Call Us Today on 020 8087 2377 or send us an email.
FREE downloadable content for Marketing, Compliance, Sales teams, small and medium-sized enterprises. Click here.