Employees need rules, not regulations

How to transform standards and norms requirements into precise tasks

At present, ISO Compliance—or being compliant with the International Organization for Standardization’s rules—is achieved by most companies through countless paper documents or digital document management systems. But there is another option available. Martin Mantz Compliance Solutions explains how digital software can now translate standard requirements into precise tasks for employees and replace time-consuming research into internal or external directives and regulations.

Compliance simply means abiding by rules and regulations. Legal compliance refers to compliance in accordance with legal regulations, whereas ISO compliance refers to compliance in accordance with standards and norms such as ISO 9001, ISO 14001, or ISO 45001.

Every organisation requires rules to be able to work together in complex relationships and networks. Certification according to numerous ISO standards is intended to increase confidence in the performance of business partners. However, ISO standards often seem confusing and complicated to non-specialists. In addition, the scope of external and internal regulations has increased tremendously in all areas in recent decades. Some companies and their employees have reported feeling overwhelmed by the flood of regulations and the ever-increasing bureaucracy.

However, supported by new ISO standards, a fresh way of thinking has emerged: employees need rules, but they do not want regulations.

According to the new ISO standards, the appropriate documentation required is based upon the competence of employees. The ISO’s former requirement for the production of manuals, and process and work instructions has been dropped. The overall understanding is that any redundant information increases the workload, and therefore lowers the acceptance of the system and reduces organisational efficiency. Only occasionally are documented processes still required. Employees demand clear information about what they have to do, and about when, where and how to do it. In most cases, the documented information is enough to help employees help themselves.

Thus, the task is to reduce the regulations to a level appropriate for employees while still being applicable in practice. A task-orientated digital compliance management system allows for a clear allocation of precise tasks, the reduction of reading time for countless documents and, consequently, an expected increase in the level of acceptance among employees. Furthermore, such a web-based compliance manager can be made available at all national and international locations.

Task-orientated and focused on employees

A task-orientated compliance manager system aims at ensuring that every employee receives the knowledge required for fulfilling their tasks. Special attention is thus paid to the phrasing of precise and simple tasks. Every employee is given an overview of tasks assigned to her or him with information on:

  • tasks (what?):
  • responsibilities for implementation (who?);
  • date or time of completion of the task (when?); and
  • a description of the way the task is to be performed (how?)

If necessary, additional documents can be added or linked to the system.

Experience has shown that it is not sufficient to provide employees with the statutory regulations or the individual sections of the ISO standards in elaborate documentation systems. Employees require knowledge on how to transfer such information into operational practice.

For this reason, compliance experts preparing laws, standards and guidelines in accordance with the applicable regulations are required to formulate the most straightforward tasks possible. Operational experts can supplement these tasks with the necessary internal instructions for dispersal through the digital compliance management system. The objective is to make life easier for employees, as they no longer need to read and interpret extensive laws, process descriptions, guidelines, and so on.

Moving from standard commands to precise tasks

A particular challenge is the elaboration of such tasks, as these result from standard commands, i.e. the core statements of standards, norms or laws. It is important not to interpret too much or too little into standard requirements and legal paragraphs. Thus, it is not a question of what an individual expert, lawyer or auditor personally considers to be right, but of what the respective ISO standard or law text actually requires.

In accordance with the ISO standards, it is essential to separate the obligation from voluntary exercise. In a similar fashion to legal requirements, compliance experts analyse the ISO standards and work out requirements from the individual sections of a standard or norm. The wording of the standard, the objectives of the individual section and the systematic relationship—such as a customer-supplier relationship—serve as rules of interpretation.

This becomes clear if we take section 6.1 of ISO 9001, ISO 14001, and ISO 50001 as our example. According to this section, risks and opportunities have to be determined with regard to the respective management system. The risk assessment should ensure that the quality/environmental management system or the safety/health and work management system is capable of achieving the intended results.

For instance, risks include a lack of acceptance, incorrect or contradictory statements or documents, and possibly also bureaucracy. Opportunities may relate to economic actions through standardised processes, uniform procedures for recurring tasks, documentation of organisational knowledge or transparency of responsibilities.

According to definition, management systems represent interconnected tasks and duties as a method for achieving the objectives of an organisation. Hence, in addition to documented processes, procedures and work instructions, a management system also includes undocumented tasks and duties.

The task for risk assessment is thus as follows: determine the risks and opportunities for achieving the objectives of the management system and document the results (e.g. in an Excel spreadsheet). If necessary, a task may be complemented by a process description for risk assessment. Overall, it matters most to keep tasks and descriptions as short and precise as possible. All tasks are then subsequently assigned by quality managers, environmental managers or safety specialists within their organisation.

ISO 9001, ISO 14001 and ISO 50001 each contain about 50 tasks plus additional internal tasks. Where these tasks are clearly and unambiguously described, they can be assigned directly to the individual people responsible. Such clear assignment allows for a high degree of transparency. The identification of a responsible person by name increases the awareness of responsibility for the implementation of a task. An integrated email notification can report the status of a pending task.

More individual through documented information

This new concept of ‘documented information’ aims at making companies more individual. As a result, the foundation was laid for a digitally managed compliance system of tasks. As a web-based system, it enables the recording, storage and reproduction of (organisational) knowledge.

By means of a feedback function, it ensures that all employees involved have immediate access to information on requested corrections. This feedback may relate to questions of content, doubts about the correct responsibilities for a task, and deadlines, among other aspects. The compliance system thereby avoids making extensive changes to process descriptions.

Such task-orientated compliance systems can also link and store internal and external know-how. Each employee will receive individual and task-related support. Apart from training on necessary process awareness, there is no need for other courses. Such a digital compliance management system can provide responsible employees with the necessary information in a compact and practical format.

Martin Mantz

Compliance made easy! – Compliance Management and digital organisation are at the core of Martin Mantz Compliance Solutions. We specialise in the digitisation of requirements, legal registers, standards and norms as well as internal regulations and guidelines worldwide. We developed the compliance management software GEORG, which is used across the globe by international and local companies.

Martin Mantz Compliance Solutions offers legal compliance focusing on the individual circumstances of companies and their sites. We transform complex ISO standards and other norms, technical permits and all of your internal rules of corporate compliance into effective tasks.

Martin Mantz Compliance Solutions originates from Germany but has reached into international markets including China.