8 Functions of Compliance: Building a Strong, Reliable Foundation
Virtually every regulatory program—environmental, health & safety, security, food safety—has compliance requirements that call for companies to fulfill a number of common compliance activities. Addressing all (or those specified in the applicable regulation) of the eight compliance functions outlined below can be instrumental in establishing or improving a company’s capability to comply.
- Inventory means taking stock of what you have. For compliance purposes, the inventory is quite extensive, including (but not limited to) the following:
- Activities and operations (i.e., what you do – raw material handling, storage, production processes, fueling, maintenance, etc.)
- Human resources (i.e., who does what)
- Hazardous materials
- Discharges (operational and stormwater-related)
The outcome of a compliance inventory is an operational and EHS profile of the company’s operations and sites. In essence, the inventory is the top filter that determines the applicability of regulatory requirements and guides compliance plans, programs, and activities.
- Authorizations, permits & certifications provide a “license to construct, install, or operate.” Most companies are subject to authorizations/permits at the federal, state, and local levels. Common examples include air permits, operating permits, Title V permits, safe work permits, tank certifications, construction authorization. In addition, there may be required fire and building codes and operator certifications. Once the required authorizations, permits, and/or certifications are in place, some regulatory requirements lead companies to the preparation and updating of plans as associated steps.
- Plans are required by a number of regulations. These plans typically outline compliance tasks, responsibilities, reporting requirements, schedule, and best management practices to comply with the related permits. Common compliance-related plans may include SPCC, SWPPP, SWMP, contingency, food safety management, and security plans.
- Training follows once you have your permits and plans in place. It is crucial to train employees to follow the plans so they can effectively execute their responsibilities and protect themselves and the community. Training should cover operations, safety, security, and environment.
- Practices in place involve doing what is required to follow the terms of the permits and related plans. These are the day-to-day actions (regulatory, best management practices, planned procedures, SOPs, and work instructions) that are essential for following the required process.
- Monitoring & inspections provide compliance checks to ensure that the site is operating within the required limits/parameters and that the company is achieving operational effectiveness and performance expectations. This step may include some physical monitoring, sampling, and testing (e.g., emissions, wastewater). There are also certain regulatory compliance requirements for the frequency and types of inspections that must be conducted (e.g., forklift, tanks, secondary containment, outfalls). Beyond regulatory requirements, many companies have internal monitoring/inspection requirements for things like housekeeping and process efficiency.
- Records provide documentation of what has been done related to compliance—current inventories, plans, training, inspections, and monitoring required for a given compliance program. Each program typically has recordkeeping, records maintenance, and retention requirements specified by type. Having a good records management system is essential for maintaining the vast number of documents required by regulations, particularly since some, like OSHA, have retention cycles for as long as 30 years.
- Reports are a product of the above compliance functions. Reports from ongoing implementation of compliance activities often are required to be filed with the regulatory agency on a regular basis (e.g., monthly, quarterly, semi-annually, annually), depending on the regulation. Reports also may be required when there is an incident, emergency, or spill.
Reliable Compliance Performance
Documenting procedures on how to execute these eight functions, along with management oversight and continual review and improvement, are what eventually get integrated into an overarching management system (e.g., environmental, health & safety, food safety, security, quality). This documentation helps create process standardization and, subsequently, consistent and reliable compliance performance.
In addition, completing and organizing/documenting these eight functions of compliance provides the following benefits:
- Helps improve the company’s capability to comply on an ongoing basis
- Enhances confidence in compliance practices by others, providing an indication of commitment, capability, and reliability
- Creates a strong foundation to answer auditors’ questions (agencies, customers, certifying bodies, internal)
- Establishes compliance practices for when an incident occurs
- Helps companies know where to look for continuous improvement
- Reduces surprises and unnecessary spending on reactive compliance-related activities
- Informs management’s need to know