White PapersRegulatory compliance has become a business requirement that manufacturers cannot afford to treat lightly.Their ability to effectively meet compliance requirements can have a significant impact on world-wide product revenues and overall profitability.
With enterprise PLM, companies can establish a framework that supports consistent, reliable processes and information management from product design to manufacturing and retirement. Such a framework enables companies to establish and enforce more efficient compliance processes.This, in turn, increases the company’s confidence that as it explores new ideas and brings new products to market faster, product compliance will be built into its processes.
Ensuring regulatory compliancein the global innovation processFacilitate growth and minimize the risk of non-compliance by establishing anenterprise compliance framework.wh i t e p a p e rSiemens PLM Softwarewww.siemens.com/plmSiemens PLM SoftwareUntitled DocumentTable of contentsExecutive summary1Management of informationaccess, retrieval and retention3Process visibility and integrity5Knowledge capture and re-useof industry best practices7Enterprise awareness andownership8Summary9Ensuring regulatory compliance in the global innovation processUntitled Document1Build regulatory compliance into the innovation processRegulatory compliance has become a business requirement that manufacturers cannotafford to treat lightly.Their ability to effectively meet compliance requirements can have asignificant impact on world-wide product revenues and overall profitability.Research estimates that companies that take an ad hoc approach to compliance will spend10 times more than those who take a proactive approach to managing all their regulatoryrequirements.According to Gartner Research, the growing complexity and interdependenceof the global economy means that businesses will face more demands for compliancein the future.Most manufacturers are touched by compliance requirements in the areas of finance(Sarbanes-Oxley), security (InternationalTraffic of Arms Regulations ITAR) and theenvironment. In addition, they might have to comply with extended producer responsibility(EPR) legislation and its environmental protection subsets: Restriction on the use of certainHazardous Substances (RoHS) in the European Union (EU) and China;Waste of Electric,Electronic Equipment (WEEE); the End of LifeVehicle Directive (ELV) and Federal MotorVehicle Safety Standards (FMVSS); or ProcessVisibility and Integrity Medical Compliancerequirements. Many of these requirements vary by industry and by geography. As a result, itcan be a daunting responsibility to manage the compliance process for a broad portfolio ofproducts targeted to global markets.Based on its research,AberdeenGroup [Product compliance: Protecting the value of innovation, 2005]has made the following top three recommendations to manufacturers:" Include regulatory requirements early in the product design process to identify design constraints" Proactively monitor ongoing regulatory changes for existing products" Change the focus of compliance from a reactive process to a strategic program to help drivesustainable product profitabilityLeading manufacturers are identifying their top compliance priorities relative to risk, automatingcompliance processes and building them into the beginning stages of product design. By transformingcompliance from an ad hoc, manual activity to a consistent, automated process built on a foundationof product lifecycle management, or PLM, manufacturers can refocus scarce resources to the processof innovation while mitigating risk.With enterprise PLM, companies can establish a framework that supports consistent, reliable processesand information management from product design to manufacturing and retirement. Such a frameworkenables companies to establish and enforce more efficient compliance processes.This, in turn, increasesthe company s confidence that as it explores new ideas and brings new products to market faster,product compliance will be built into its processes.Executive summaryA focus on compliance yields big returnsCompanies that elevate a focus on compliance areachieving significant operational improvements thatremove barriers to profitable growth.AberdeenGroup Product compliance: Protecting thevalue of innovation, December, 2005Percent ofproducts incompliancePart re-useas apercent oftotalproductcontentPercentreduction infailure ofdesignsPercentreductionproductrecallsPercentreduction innew/redundatepartsAvergeBest in class64%76%70%93%15%27%37%Untitled Document2This paper discusses the fundamental areas that need to be addressed if manufacturers want toautomate and manage regulatory compliance early in the innovation process and then trace itthroughout the product lifecycle to increase business success.Management of information access, retrieval and retentionGive all contributors secure access to the information they need to ensure regulatory compliance fromthe very beginning and through every stage of the product lifecycle. Establish the processes andmechanisms to capture, retain and retire documents and reports according to applicable regulations.Process visibility and integrityGive users across the value chain the visibility and execution capabilities necessary to track businessprocesses and ensure that compliance is achieved.Knowledge capture and re-use of industry best practicesMake sure that the most efficient product development processes and proven regulatory validationmethods are captured and institutionalized within enterprise software tools. Develop clearlydocumented and repeatable design and manufacturing validation processes that ensure compliancewith current and future global requirements.Enterprise awareness and ownershipAlign the enterprise for effective compliance by ensuring understanding and accountability. Define rolesand responsibilities across the extended organization. Establish review and audit procedures todetermine which business processes need to be tracked and who should have responsibility andaccountability for key activities.Untitled Document3As new compliance requirements arise, companies need to answer a host of questions togain a clear picture of what is necessary to close any gaps in processes as well as products.Executives now realize they require more data from within the enterprise and from outsidesuppliers, leading them to expand the scope and capabilities of information managementsystems. Strategies and tactics need to be formulated to address the impact that regulatorycompliance can have on products and processes.Common to all regulatory compliance is the need to manage information access, retrievaland retention. A vast number of documents, both in print and digital form, have to bemanaged throughout the product lifecycle from concept to manufacturing planning, tosourcing, to physical manufacturing, maintenance and end-of-life disposition.Global information access and retrievalMany people need access to the documents and records that provideevidence of compliance, including design engineers, manufacturing engineers,sourcing and procurement personnel, as well as top executives. Only inthat way can the corporation be sure of individual employee accountabilityfor compliance throughout the product lifecycle. Companies must give theright people in the organization access to the right documents and recordsso that they can make sure products are built for compliance and remaincompliant throughout their lifecycle. Drawings, contracts, specifications, notes,test plans, e-mail, manufacturing instructions and technical publications areall examples of information that must be managed properly to achieveregulatory compliance.PLM solutions provide the infrastructure necessary to catalogue and manageproduct-related information across internal disciplines and departments andto manage compliance with regulations that govern different stages of theproduct lifecycle.When all product-related information is consolidated in a single secureenvironment, it can be categorized for easy access by the users who needto see it or take action. Rules can be defined in PLM, and process managementenables the appropriate information to be disseminated in a timely, coordinatedmanner. Audit trails are noted and can be extracted and put in report formfor audit reviews. Such process visibility and integrity offer a secure environmentto share intellectual capital and to collaborate globally with employees, suppliersand customers.Management of information access, retrieval and retentionCompliance is an ongoing process thatrequires an action planAccording to AMR Research, Managing informationto support compliance is an enormous challengefor business and IT professionals. Organizationsof all sizes need an action plan for achievingcompliance and mitigating risk in today snew world. The product lifecycle management applicationsreport, 2003-2008ControlnvironmentApplicationcontrolsIT generalcontrolsDocument and record management,configuration mangaement,changemanagement, workflow,subscription andnotification services, security and accesscontrol,system audit management, reportingExecutivemanagementBusinessprocessfinanceBusinessprocessmanufacturingBusinessprocesslogisticsBusinessprocessetc.Create a compliance frameworkAn enterprise framework facilitates regulatorycompliance at all levels of the organization.Based on CobIT governance frameworkUntitled Document4Document and records managementEvery regulation has different requirements for the retention and disposition of documentsand records. Companies must be able to produce evidence that documents reflect businessneeds and support accountability.They must ensure that accurate records are readily availablefor audit and reporting procedures.According to research on the link between content control and process by InfoTrends, Certaintechnologies can enable the automation of policies and procedures and also capture supportingdocumentation into electronic format. [On the road to compliance: Linking process anddocuments, November 21, 2005.]Regulations also require that records be archived according to prescribed retentionmanagement conditions.Therefore, it is important for companies to track the documentlifecycle to determine when a document officially becomes a record. Documents becomerecords when they correctly reflect what was communicated or decided or what actionwas taken.A record also supports the needs of the business to which it relates and can beused for accountability purposes.A PLM solution that captures and maintains a growing number of documents and recordsfacilitates Records Management Application (RMA) requirements since documents and records,including e-mail, are logically organized and classified according to valid values. Using pre-definedfile plans, records are retained and disposed of according to regulations to keep the databasewell maintained and ready for access with the most up-to-date versions of all files.Records of a sensitive or other special nature must be clearly identified, protected andreliably stored. After records originators have moved on, appropriate access control must bemaintained according to the needs of the organization. Information about the record s history,including who has accessed it and/or changed descriptive meta data, and where the documenthas been stored, must be tracked and reported as part of authenticating the integrity ofthe record. An RMA is able to take control of this process and enforce its parameters,minimizing the chance of human intervention which could place the company at risk ofbreaching regulations.Better information management not only reduces a company s exposure to non-compliancepenalties, it also mitigates decreased productivity and increased costs associated with errors.As information management for compliance is automated, the company is freed to focus onthe innovation that will drive its competitiveness and profitability.Section nameFormalizing the compliance process &a formal change management process is crucial.Strict governance laws are putting pressure onIT to automate internal processes because asoftware-driven approach can drastically reducemishaps caused by human error or intentionalfraud. Although no legislation mandates that acompany s systems of checks and balances mustbe automated, to satisfy auditors, the trick isto formalize processes. InfoWorld, The awful truth about compliance, December 8, 2005Untitled Document5According to a study by AberdeenGroup, two-thirds of product companies lack insight intothe regulatory, environmental and operational rules that affect their products.Almostone-half of departments responsible for compliance have little or no visibility into productdevelopment. [Product compliance: Protecting the value of innovation, December 2005]In the same study, 40 percent of manufacturers indicate that they are pursuing the abilityto design with visibility to regulatory compliance requirements.This action is being taken inan effort to reduce product costs, recognizing that issues found in early design phases canbe addressed much more effectively and with significantly less cost.Every company has its own unique set of business processes that relate to regulatorycompliance. Process visibility and integrity in the areas of product development, finance,manufacturing and logistics, as well as other areas, help companies track those businessprocesses to ensure that compliance is achieved.Manufacturers need to establish the business processes that underlie product developmentand compliance in ways that are repeatable across the product portfolio.The internal controlsystems established in the compliance framework are very important. A well organized andproactive approach needs to be based on a closed-loop architecture that supports risktransparency, information technology (IT) and business governance, corporate reporting,statutory audit guidelines and the custodianship of business rules and processes.The vast majority of these processes are connected to the product lifecycle and can besupported by PLM. Enterprise PLM provides a secure foundation that enables companies todirectly enforce and validate regulatory compliance. It facilitates processes that help managerequirements, such as document and record management, configuration management, changemanagement, workflow, subscription and notification services, security and access control,system audit management and reporting.Tools such as automated workflow and process management can make it much easier toprovide systematized access for everyone in his or her role within the system.The sametools ensure process visibility and integrity by providing secure access for authorized,authenticated users.A comprehensive environmental compliance management solution that is integrated withPLM can automate validation against customer specifications and aggregate product bills ofmaterial (BOM) across multi-sourced components.This helps manufacturers reduce the costof compliance, customer service, labor and data transmission, while improving their ability tomanage products and to collaborate with suppliers with better data.Process visibility and integrityThe compliance opportunity The greatest opportunity to influence and ensureproduct compliance occurs during the initialproduct design and development process butcompliance requires consistent management acrossthe product lifecycle. Transforming information to intelligence,Hummingbird 2004Untitled Document6Increasing regulation requires electronics companies to assume more responsibility for productretirement and disposal. For example, with regulations and legislation on the ownership (andliability) for reducing electronic waste in landfills, the ability to recycle is becoming a strategicconcern for electronics companies. As recycling costs mount, designers will need to increasetheir focus on disassembly requirements during product design.This discipline complementsinitiatives such as design for manufacture and design for serviceability by considering designimpacts on downstream processes.In the consumer products industry, Good Manufacturing Practice (GMP) regulationspromulgated by the US Food and Drug Administration under the authority of the FederalFood, Drug and Cosmetic Act require that manufacturers, processors and packagers of drugs,medical devices and some food and blood products take proactive steps to ensure that theirproducts are safe, pure and effective. GMP regulations such as CFR Part 820 for the medicaldevice industry or Parts 210 and 211 for pharmaceuticals require a quality approach tomanufacturing, enabling companies to minimize or eliminate instances of contamination,mix-ups and errors.Automotive companies need to comply with the ELV directive, adopted by the EuropeanCommission to make vehicle dismantling and recycling more environmentally friendly.The directive sets clear, quantified targets for re-use, recycling and recovery of vehiclesand their components and also pushes producers to manufacture new vehicles with a view torecyclability. In 2007, manufacturers will pay all or a significant part of the costs of treatingnegative or nil-value vehicles at treatment facilities. By 2015, the goal is to have 95 percent ofevery vehicle recyclable. These requirements not only mean that auto manufacturers must buildcompliance into the design process, they also must thoroughly record and report informationabout their vehicles to regulatory bodies.In the medical device industry, compliance solutions built into PLM can help companiescollaborate better, digitally validate and verify compliance and control the design andmaintenance of the Device Master Record (DMR) and Design History File (DHF).The DHFcontains all the versions and revisions of requirements, designs, simulations, tests and morethat lead to the eventual definition of a medical device.The DMR contains the official recordof the device, including the manufacturing process. Compliance can be significantly automatedand improved for medical device companies, not only making the process easier but organizingdata for much more efficient access and usage.PLM helps companies avoid failure to comply with regulations, which can result in very seriousconsequences, including recalls, seizures, fines and jail time. Security compliance can be acomponent of PLM that ensures all users have appropriate security registration, consolidatesand controls product data and manages the electronic processes that distribute productinformation. After information and data are consolidated in one secure environment, they areopened for access in a compliance-appropriate fashion and available for dissemination to theright people at the right time.Untitled Document7In the areas of R&D and new product development, understanding the impact of early productdesign decisions is critical to limiting downstream costs and liability risks due to regulatorynon-compliance, product recalls and failures. Companies need a traceable yet flexibleengineering IT infrastructure that allows their design engineering (CAD), virtual simulation(CAE), physical prototyping (CAT) and manufacturing (CAM) groups to capture and share thecorporate intellectual product knowledge that must flow smoothly across organizationalboundaries.Traceability must be maintained over time as products progress from requirementsto retirement.Across virtually all industry groups, product designs can now be electronically documentedand virtually validated against global regulatory and competitive functional requirementsby embedding both enterprise-specific and industry-specific knowledge into software-based best practices templates that ensure compliance throughout new product development andmanufacturing processes. Product development expertise in terms of what works and whatdoesn t is a cumulative process.Those organizations that capture and re-use that knowledgegain a proven competitive edge even as they minimize the risk of regulatory non-complianceand/or catastrophic product failures or recalls.The issue of knowledge capture is becoming especially critical in today s industrialized nationsas large numbers of senior engineering staff who possess the majority of industry s bestpractices product development knowledge are currently retiring or are expected to retirefrom the active work force within the next 5-10 years.Knowledge capture and re-use of industry best practicesUntitled DocumentCreating a compliance cultureCreating a culture of compliance means thatemployees must be trained on a company s latestgovernance and compliance policies and bestpractices and be continually assessed on theirunderstanding of those policies and practices.Failure to do so can have dramatic consequences:lax internal controls and a culture of fraud wereat the heart of a massive scandal involving asupermarket giant that resulted in criminalinvestigations by governmental authorities and amarket cap loss of 80 percent. In the United States,personnel problems were responsible for 30percent of the internal controls weaknessesdisclosed by public companies in 2004, ranging fromsegregation of duties to inadequate staffing, trainingand supervision. January internal control report:Adverse opinionsemerge, ComplianceWeek, February 3, 2005.8Companies need to establish a corporate compliance strategy that defines how the companywill store, manage and revise information as regulatory agencies continue to update theirrequirements.They need to establish processes that ensure these changes are incorporatedinto their products.An effective strategy establishes the mechanisms to:" Enforce the strategy across the enterprise" Manage an ever expanding scope of data sources" Manage roles and responsibilities related to regulatory requirements" Establish processes for continual review and audit" Provide tools for record keeping and preservationEffective regulatory compliance requires vigilance and pro-active management at the highestlevels. It is a continuous process that requires a solid understanding of requirements, visibilityinto potential gaps before they occur and integration of compliance processes into thebusiness. Management has to respond quickly when exposures arise.This can be facilitated byincorporating product requirements into the PLM infrastructure supporting the productlifecycle.According to AberdeenGroup, Organizations should be viewing this (regulatory compliance)not as a requirement, but as an opportunity to improve business processes by implementingcore content management capabilities that will provide efficiencies in the business processeswhile enabling their organization to meet the new regulations. [The design for compliancebenchmark report, 2004] Indeed, many companies are now moving in this direction,encouraging the entire enterprise to view compliance as process that, in some ways, canbenefit the organization.Another way to look at compliance is as a framework for accountability throughout the entireproduct lifecycle from early product development, to maintenance, to obsolescence and evento end-of-life processes that have to be documented.When employees are fully aware of theregulatory compliance effort and take ownership, they also take responsibility for their role inthe process. PLM can make the transition to enterprise ownership smoother and more efficientby tying compliance into business processes that the organization is already focused on in itseffort to manage the product lifecycle.For example, a leading consumer electronics company was forced to recall 130 million unitsof its electronic game systems because a supplier s cables contained high levels of cadmium,an element that had been banned in the European Union.The company lost 162 million inrevenues due to the oversight. A leading smartphone manufacturer could not ship its newestproduct to Europe because of non-compliance with EU regulations limiting hazardoussubstances in electronics, costing the company untold millions in potential sales revenues.Enterprise awareness and ownershipUntitled Document9Companies must reject a piece-meal, reactive approach to compliance and treat it as anongoing process that involves understanding compliance requirements, integrating complianceinto business processes early on and quickly and consistently responding to risk exposure.Doing so can mean the difference between an organization beleaguered by inefficienciesand high costs and one that is empowered to take ownership and be more competitivein global markets.Including regulatory compliance throughout the product lifecycle enables traceability thatcan be checked from product planning. It can also help identify product capabilities that arepredetermined by regulatory governance. Such capabilities can then be traced and managedthroughout the innovation process, ensuring that a product meets all of the requirements inmarkets where it is introduced.PLM can complement a company s financial systems. It also can provide the ability to incorporateconstantly changing governmental and environmental requirements throughout the productlifecycle in a cost-effective manner. The PLM framework facilitates the dissemination ofregulatory requirements to all concerned, ensuring the consistent application of requirementsand the ability to create and report on an appropriate audit trail.According to AMR Research, companies that see the big compliance picture will put thesemandates to work for them compliance as the catalyst to improve, even rethink parts of theirbusiness. [Spending in an age of compliance, 2005] With regulatory and customer mandatesin mind, forward-thinking companies are making compliance a business driver.According to AberdeenGroup, [Product compliance: Protecting the value of innovation.December 2005] companies that elevate the focus on compliance are achieving results:" 27 percent product recall reduction" 15 percent reduction in design failure rates" 31 percent improvement in the number of products in complianceThese issues relate specifically to the capabilities outlined in this paper:" Management of information access, retrieval and retention" Process visibility and integrity" Knowledge capture and re-use of industry best practices" Enterprise awareness and ownershipMore and more companies are gaining a competitive advantage by giving compliance thepriority it deserves.The tools required for both kinds of management processes exist in anintegrated, digital PLM framework that can manage information across the value chain andfrom the time that innovation begins.The more companies integrate lifecycle steps into the compliance process, the easier and lesscostly it is to manage.The PLM system chosen needs to have the flexibility to handle thespecifics for each industry, each set of products and each set of regulations. It also needs tohave the tools necessary to adapt to changing business environments.With these facts in mind,it pays for organizations to perform the process correctly, using a stable, scalable PLMarchitecture that leverages and protects previous IT and regulatory compliance investments.SummaryUntitled DocumentAbout Siemens PLM SoftwareSiemens PLM Software, a division of SiemensAutomation and Drives (A&D), is a leading globalprovider of product lifecycle management (PLM)software and services with 4.3 million licensedseats and 47,000 customers worldwide.Headquartered in Plano,Texas, Siemens PLMSoftware s open enterprise solutions enable aworld where organizations and their partnerscollaborate through Global Innovation Networksto deliver world-class products and services.For more information on Siemens PLM Softwareproducts and services, visit www.siemens.com/plm.AmericasGranite Park One5800 Granite ParkwaySuite 600Plano,TX 75024800 498 5351Fax 972 987 3398EuropeNorwich House Knoll RoadCamberley, SurreyGU15 3SYUnited Kingdom+44 (0) 1276 702000Fax +44 (0) 1276 705150Asia-PacificSuites 6804-8, 68/F Central Plaza18 Harbour Road,Wan ChaiHong Kong852 2230 3333Fax 852 2230 3210RegionsDivision headquartersUnited StatesGranite Park One5800 Granite ParkwaySuite 600Plano,TX 75024972 987 3000Fax 972 987 3398 2007 Siemens Product Lifecycle Management Software Inc. All rights reserved. Siemens and the Siemens logo are registered trademarks of Siemens AG.Teamcenter, NX, Solid Edge,Tecnomatix, Parasolid, Femap, I-deas, JT, UGSVelocity Series, Geolus and the Signs of Innovation trade dress are trademarks orregistered trademarks of Siemens Product Lifecycle Management Software Inc. or its subsidiaries in the United States and in other countries. All other logos,trademarks, registered trademarks or service marks used herein are the property of their respective holders.10/07
