8/8/2019 Managing Projects for Regulatory Compliance

http://slidepdf.com/reader/full/managing-projects-for-regulatory-compliance 1/3

No aspect o a business remains untouched. Sweeping rulings such

as Sarbanes-Oxley can send managers searching or better ways

to manage business processes. Widely accepted quality standards

such as ISO 9000:2000 lead to similar challenges as old systems

all by the wayside. Furthermore, businesses that participate in

the intensely regulated health care industry ace even greater

challenges as they must also abide by stringent rulings o the Food

and Drug Administration (FDA) and Health Insurance Portability

and Accountability Act (HIPAA).

Process Management

Project managers have long relied on tools to help them do their

jobs, but have lacked eective solutions or process management.

A typical project management cycle involves a “one time pass”

through a task list to prepare eort estimates and resource

assignments. Project management tools are designed to handle the

scheduling and interdependencies o these tasks.

 While project management tools help managers plan business

activities, they do not ensure business processes are ollowed.

Organizations have generally relied on documenting processes,

establishing principles and rules, and then requiring their people to

ollow these guidelines. I the business environment never changed,

this approach would be sucient because a process could be set

up to meet compliance requirements and then be let to run.

In today’s ast moving business environment it is likely that

processes will be constantly changing due to actors both within

and outside o an organization’s control. This can challenge the

organization as manually implemented processes are dicult to

update. Eectively managing and tracking ever changing processes

is a large part o what standards and regulations bodies require.

Effective Tools

Attempts to streamline the management o business processes

have resulted in a prolieration o custom applications, each

designed to guide people through processes they may not ully

understand. Although these applications may solve the problem at

hand, they lack the fexibility to be applied quickly and easily to new

situations. Instead o expensive one-o solutions, organizations

should seek more adaptable tools that can aid in the automation o

business processes and provide the rigorous change management

that standards and regulations oten require.

 When searching or tools to better manage business processes one

should look or the ollowing qualities:

• Canmanageandtrackanybusinessprocess.

• Providesinsightintotheactivitiesanddocuments that support a process.

• Maintainsaccuratehistoricalrecordsofwho changed what and when.

• Fulllseventhemostrigorousaudittrailrequirements.

• Limitsrecordaccesstoonlythoseusersthatshouldhaveit.

• Canbedeployedonmultipleplatformstoexpediteadoption.

• Integrateswithothersystemstomaximizethe

value o the inormation collected.

Fullling these requirements is simple using Seapine Sotware’s

SeapineCM.ThesuiteconsistsofTestTrackPro,atoolthatcan

manage and track the activities o any business process, and

SurroundSCM,aproductthatintegrateswithTestTrackProto

manage and track changes to the documents that support a process.

TheusesforTestTrackProandSurroundSCMarevirtually

unlimited.Managerscantrackchangestopoliciesandprocedures.

 Managing Projects for Regulatory Compliance

Standards and regulations exist for a reason. They set

a minimum level of quality and ensure accountability

is present in crucial business processes. Even if regulatory 

compliance is not required by government agencies,

competitive pressures may warrant the adoption of

industry standard quality programs. Meeting thesechallenges is not optional — it is often required for

business survival.

byAllanMcNaughton

8/8/2019 Managing Projects for Regulatory Compliance

http://slidepdf.com/reader/full/managing-projects-for-regulatory-compliance 2/3

Business analysts can track the authoring, review and approval

phases o requirements documents. IT can manage change

requests and project plans. And, o course, developers and testers

can manage specications, product issues and sotware releases.

SeapineCMnotonlyhelpsorganizationsbettermanagebusiness

processes, it also aids regulatory and standards compliance.

Built for the Task

Tools or managing and tracking business processes do little good

iftheyarenotused.SeapineCMoffersjusttherightmixoffeatures

with the simplicity to entice even the most recalcitrant user to

participate in process improvement eorts.

Process Neutral

OrganizationscaneasilycustomizeSeapineCMtosupporttheir

unique business processes. TestTrack Pro’s powerul workfow

engine easily tracks the states, events, and transitions o any

business process. The complexity o a workfow is dependent onthe complexity o the business process itsel. Simple processes

may only require a ew steps while more complex processes may

include assignments o a single task to multiple team members and

require additional sign o steps.

TheexibilityofferedbySeapineCMgivesorganizationstheability

to implement most any workfow, including those that require

additional levels o management authorization or changes and

approvals (e.g., Sarbanes-Oxley).

TestTrack Pro can be urther customized to support a business

process by renaming eld labels to match process terminology

or collecting additional data elds that are unique to the process.

For example, a medical devices company seeking FDA 510K

certicationcouldrenametheCustomFieldstabtoCompliance

Details and use it to track compliance-related issues. Additional

process-specic elds can be added as needs change.

 WhenproperlyemployedSeapineCMstrengthensbusinessprocesses

by ensuring no activity is let untracked. Implementation activities can

be driven using issues in TestTrack Pro. Supporting documents can be

versionmanagedinSurroundSCM.Withthesetools,issuesthatused

to all through the cracks are now assigned to team members who are

responsible or moving them through the workfow. 

Information Access

ManagerswillndSeapineCMquicklybecomesaveritable

storehouseofvaluableinformation.AsSeapineCMmanages

business process issues and their supporting documents, a detailed

historical record o how a process unolded is automatically created.

SeapineCMmakessearchingthroughtheserecordsforcrucial

inormation virtually eortless.

TestTrack Pro’s customizable lters allow users to sit through

thousands o issues to nd only those that meet their criteria. These

results can be ed into TestTrack Pro’s reporting engine, which sorts

the data as required and generates either summary or detailed

reports. Users can also examine the historical details o an issue

to see what state the issue is in and how it got there. To urther

simpliy inormation retrieval, issues in TestTrack Pro can be directly

linked with their supporting documents in Surround.

InadditiontopullinginformationfromSeapineCM,userscanalso

have it pushed directly to their email inbox. TestTrack Pro contains

a robust email notication system that lets users receive updates

when certain conditions occur. For example, the project manager

may want notications when new issues arrive. Users may also

nd it helpul to receive email updates when issues are assigned

to them or when is sues they led progress through the workfow.

Likewise,userscanreceiveemailnoticationswhenchangesare

made to documents that are under the control o Surround.

Compliance Ready

SeapineCMstreamlinescomplianceeffortsbyprovidingthe

detailed historical records that regulations and standards require.

This inormation gives auditors the ability to walk back in time and

enables them to understand the subtle implementation details o a

business process. For especially demanding regulations, such as FDA

ruling21CFRPart11,SeapineCM’saudittrailsconvenientlycapture

the who, what, and how o issues and documents that have changed.

AccountsPayable  Validate Vendor Allowed Error

InvalidBill

OK toIssue Check

 Issue Check

 ValidBill

 Add VendorInvalidate Vendor

Escalate Submit to Legal Dept

Escalate

Invalid Vendor

 Valid Vendor

InvalidProduct or

Service

Returnto

 VendorCloseClose

Close

Close

EscalatedIssue

 ValidProduct or

Service

Checksto beIssued

CheckSent

LegalReview

 Sample Workow Diagram

8/8/2019 Managing Projects for Regulatory Compliance

http://slidepdf.com/reader/full/managing-projects-for-regulatory-compliance 3/3

 WithSeapineCM’saccuratehistoricalrecordsthereisnodoubt

about which user was responsible or making a change. Each time

an issue or document is updated identiying user inormation and

the time o modication are attached. TestTrack Pro also supports

electronic signatures, which can be used to ensure users sign o

on each change to an issue. When an issue is created, modied or

deleted the user is prompted to enter their credentials along with

a reason or making the change. I the user’s credentials are not

validated by TestTrack Pro within a certain number o tries, the

user is automatically logged out.

NumeroussecuritylayerscontrolwhousesSeapineCMandhow

they use it. No change can take place without users successully

loggingintoTestTrackProorSurroundSCMusingauniqueuser

name and password. Once logged in, record security limits the

issues and documents that are visible based on the security group

users belong to. Within the records that are visible to a group,

command security restricts users to specic commands, and or

TestTrack Pro, eld security controls who can enter or edit issue

eld data.

IT Friendly

SeapineCMiseasytoinstallandrequiresminimaladministration.

TestTrackProandSurroundSCMeachuseasingleserverthat

can concurrently manage multiple issue databases and document

repositories, respectively. Issues databases can be as simple or

complex as requirements dictate. One database might be used

to track compliance issues against a single product while another

mightbeusedtotracktheentiredevelopmentprocess.Likewise,

SurroundSCM’srepositoriescancontainanynumberorsize

o supporting documents arranged in whatever hierarchy an

organization desires.

Users can access TestTrack Pro through its Web interace or with

aclientapplicationthatrunsonWindows,MacOSX,Linux,and

Solaris.SurroundSCMuserscanaccesstheirdocumentrepositories

through a similar multi-platorm client, or by taking advantage

o Surround’s integration with leading integrated development

environments.

SeapineCMworkswellwithothersystems.TestTrackProoffers  

a SOAP API that supports user-level TestTrack Pro operations such

as running queries and adding, deleting or modiying issues. Say

 you want to implement a business process that escalates an issue’s

priority ater 30 days o inactivity. Using the SOAP API, you can

write a script to execute a TestTrack Pro query, iterate through

the results and update each record accordingly. Another way to

leverageTestTrackProistoexportitsissuedatabaseasanXML

document, which can be imported into another application.

Seamlesstwo-wayintegrationbetweenSurroundSCMand

TestTrack Pro lets users manage an issue’s supporting documents

rom TestTrack Pro. It also integrates with other tools via a

command line interace, so scripts and other applications have easy

access to its change management capabilities.

Take Control

The challenge o achieving regulatory and standards compliance

requires organizations to aithully ollow well thought-out business

processes.SeapineCMprovidesaexibleandeasy-to-usesetof

tools to ensure even the most complex processes are appropriately

managed and tracked. Using this inormation organizations gain 

exceptional visibility into their business so they can ensure

compliance requirements are properly addressed throughout

a project’s liecycle.

5412CourseviewDr.,Suite200Mason,OH45040

TEL 513-754-1655

FAX 513-754-1660

 www.seapine.com

©2006SeapineSoftware,Inc.TestTrackPro,TestTrack,SurroundSCM,QAWizard,SoloBug,SoloSubmit,SeapineCM,SeapineSQA,andtheSeapinelogoaretrademarksofSeapineSoftware,Inc.Allothercompanyproductsandcompanynamesareeithertrademarks or registered trademarks o their respective companies. All rights reserved worldwide. Inormation presented here is

accurateasofthetimeofprinting,butissubjecttochangeorrevisionwithoutnotice.6147.1RegulatoryCompliance.indd07/06

 About the Author Allan McNaughton (allan@technical-insight.com) is a patent-holding

technologist and veteran writer. He is the principal at Technical Insight LLC,

a frm specializing in the composition o high-technology white papers.

 Robust Reporting System