Are Your Compliance Practices Mobile Friendly?
The proliferation of mobile devices and cloud-based computing represents both opportunities and challenges for today’s manufacturing businesses. Smartphones and tablets can lend unprecedented speed and mobility to manufacturing operations – from the factory floor and supply chain management to field sales and service operations. But with the deployment of these mobile technologies come legitimate security and compliance risks. How can manufacturers capitalize on the benefits afforded by mobile solutions without compromising regulatory compliance practices? And what protections should manufacturers put in place when priming for the mobile enterprise?
Going Mobile: Maximize Benefits, Eliminate Risk
While many manufacturers have been slow to embrace mobile innovation, a recent Gartner study indicates that manufacturing CIOs now rank investment in mobile technologies as a top priority. In a separate study, Gartner predicts that by 2015, 60 percent of employees will interact with corporate content using mobile devices. Together, these trends point to the perfect storm for manufacturers ready to leverage the promise of mobile computing to realize improved workflow efficiencies, quality control and employee productivity. But in the heavily regulated manufacturing environment, companies must also be keenly aware of the potential vulnerabilities that the mobile enterprise presents, and work diligently to ensure the security and integrity of sensitive data and processes.
In an era of mobile ubiquity, companies are increasingly embracing a Bring Your Own Device (BYOD) approach, allowing employees to use their personal tablets and smartphones for work activities. Since many compliance requirements relate to the management of critical and confidential information and associated workflows, a mobile workforce changes compliance-related content management. Manufacturers that deploy BYOD strategies must put in place adequate safeguards to protect sensitive information, reconstituting information governance policies and practices that address mobile device management (MDM) and mobile information management (MIM). Through these efforts, manufacturers set forth early guidelines and security measures to ensure that smartphones and tablets are being used appropriately when employees access company content and participate in compliance-related workflows.
In manufacturing, the opportunities for mobile compliance-related applications are plenty. For example, the ability to immediately create change requests and track deviations on the factory floor using a mobile device results in a faster and more efficient process for remedying non-conformance issues and events. This capability has a direct and measureable impact on overall product quality and employee efficiency. In this example, the ability to document the event with a photo and location-based tracking mechanisms via a mobile device not only improves the accuracy of the tracked incident, but also does so in a near real-time manner. In instances where others in the organization must review and sign off on a change request or deviation, mobile devices can also be utilized to make this process more efficient. Staff members can review and approve a new standard operating procedure (SOP) directly from their smartphone or tablet while they're out of the office.
With the potential to improve productivity, efficiencies and quality control, going mobile makes good business sense. As manufacturers prepare to deploy mobile solutions, addressing the following considerations can help ensure the adoption of policies with data-, workflow- and process-compliant protections in mind.
Invest In Content and Cloud Security
When enabling employees to access business documents and participate in related workflows via mobile devices, companies must be willing to either publish content to the cloud or allow access to their on-premises systems from the public Internet. Ensuring that only authorized personnel can access certain content is a must, regardless of whether information is accessed via an on-premise document repository or via the cloud from a mobile device. Companies should establish and enforce strict authentication processes to ensure maximum overall data security. This includes password policies, as well as multi-factor authentication mechanisms, such as SMS tokens or some other additional layer of security, such as pre-shared keys. Encrypting data, both in transit and at rest, should also be considered a basic requirement when allowing mobile access to corporate data. However, “old school” securing mechanisms, such as VPNs, are far less applicable as they are difficult to use with mobile devices.
As corporate data becomes more accessible through mobile devices, ensuring that users can only access authorized content after successful authentication is key to information security. Some enterprise content management (ECM) solutions offer rich capabilities to use automatic permission settings that leverage metadata. Another approach is to replicate only select documents to the mobile repository and allow mobile clients to connect only to that repository, but never directly to the main repository. This capability allows employees, for example, to access product data sheets with their iPads, but limits access to classified R&D documents to users connected to the local area network in the office. Manufacturers can also disable employees’ ability to copy and/or save sensitive data outside of the corporate repository, and control the location of confidential documents to ensure they are not shared with outside third-party vendors via unsecured email or from employees' personal file-sharing accounts.
Considering that employees will need to access content on the go from a variety of devices, ECM solutions should support the most commonly used device types and operating systems. In addition, solutions should be interoperable between the cloud and on-premise, with the ability to find any information asset based on the file type and attributes, regardless of whether it is stored.
Utilize eSignatures For Compliant Workflows
In highly-regulated industries, such as chemical, pharmaceutical and medical device manufacturing, stringent compliance is mandatory. Electronic signatures (or eSignatures) enable users to grant authorizations and workflow approvals for SOPs, engineering drawings, change orders and specifications -- even when employees are away from the office. An electronic signature can be facilitated from a company- or employee-owned mobile device. Beyond convenience, this capability actually improves workflow efficiency while fulfilling the most rigorous regulatory compliance requirements such as those associated with FDA 21 CFR Part 11 and EU GMP Annex 11.
Maintain Trusted Audit Trails
While Dropbox and other online file-sharing tools are increasingly popular among mobile users, they are not a viable document management solution for the regulated enterprise. First, there are the obvious security concerns associated with sharing confidential corporate data over third-party networks, but of equal importance is the break in audit trail once a document leaves the corporate data repository. Through the use of an ECM solution, chain of command is never lost whether a document resides on-premise or in the cloud. And because data never leaves the corporate repository, rigid and comprehensive audit trails are always maintained.
Leading ECM solution providers have invested significantly in mobile applications that provide an easy-to-use experience for users to access corporate data with tablets and smartphones. These solutions also record an audit trail and log of all document activities, and provide an efficiently indexed and searchable repository of all documents including emails and scanned paper documents. Together, these features expedite any internal or external auditing process. As a result, ECM solutions offer the best support for lean manufacturing practices and quality management programs that ensure efficient and ISO-compliant processes.
It’s clear that regulated companies have much to gain by going mobile. Mobile applications and devices can provide manufacturers with new and innovative ways to further enhance information management processes – from plant floor inspections and quality control checks to field sales. There’s no question that the advantages are overwhelming, but with a good ECM solution also in play, organizations gain much more – including added oversight, compliance and efficiency.