Compliance

Home » Compliance

Credence Research follows the regulations and rules of the countries in which it operates. As businesses grow in size and scope, they are subject to an increasing number of rules governing how they operate. Regulatory compliance is the organizational practice of ensuring that the business complies with relevant rules and regulations. The company maintains regulatory compliance by engaging in a variety of actions, including:

  • Working to understand the regulatory environment of its industry and the jurisdictions in which it operates.
  • As new regulatory compliance requirements emerge, we are working to understand them.
  • Develop and implement policies, processes, procedures and working techniques to ensure compliance with applicable requirements.
  • Put mechanisms in place to identify and prevent non-compliance within the company.
  • Using digital technology to automate compliance operations and centralize the management of compliance activities.

Fast-changing global regulations and several countries adopting stringent regulatory policies are creating challenges for pharmaceutical companies. This dynamic nature is one of the main reasons why multinational companies experience difficulties in distribution and marketing which often result in monetary losses.

However, the International Council for Harmonization (ICH) guidelines and countries moving towards the CTD/eCTD plan help to harmonize the implementation of the regulatory strategy in the pharmaceutical market. The complexities associated with regional regulatory policies greatly increase the challenges, and aside from specific cohesions, each country is handled individually, significantly impacting compliance timelines and costs. On the other hand, some challenges are region-specific, associated with local GMP requirements, partially regulated and non-standardized documentation, multi-agency interactions and involvements, linguistic complexities, import and export licensing, and regularized biological samples others. Our highly experienced team members with specific regulatory policy expertise in most of the largest pharmaceutical markets assist our clients in designing strategies to manage regulatory policies efficiently.

The firm helps organizations adapt and anticipate changes in the regulatory environment and improve programs to address the wide variety of regulations and regulatory risks. We work with customers and regulators on current remediation in response to compliance events. There are a few areas we usually assist our clients with, such as:

  • Adopt a centralized and universal regulatory strategy.
  • A significant transformation should be made in the regulatory data management process.
  • Integrated data management thanks to the presence of cross-functional teams in all countries.
  • Growth functions should be identified and focused on.

GDPR Compliance

Countries around the world are enacting laws to protect personal data. Statistics from UNCTAD show that 66% of countries worldwide have data protection legislation in place. The General Data Protection Regulation (GDPR) is one law enacted in 2018 to protect the personal data of all European Union member states. India is yet to enact the data protection bill known as the Personal Data Protection (PDP) Bill, 2018. Personal data is protected by the Sensitive Personal Data or Information Rules (SPDI) 2011 under the Information Technology Act, 2000.

The GDPR is comprehensive legislation that aims to protect the processing and movement of individuals’ data within and outside the EU. Although it was enacted to protect the personal data of all European Union member states, the impact of the GDPR is worldwide. Many countries are taking privacy and data protection more seriously after the entry into force of the GDPR. Companies are trying to ensure compliance with the GDPR and drafting regional legislation in line with it. In order to understand this regulation and its applicability, it is important to know who is the data processor, the data subject, and the data controller.

Article 4(7) defines “controller” as a legal person, public authority, agency or other body determining the purpose of personal processing data. “Processor” means a public authority, legal person, or agency that processes personal data on behalf of the controller according to Article 4(8). Data subject refers to an identified natural person or identifiable, according to the GDPR.

The applicability of the GDPR is discussed in Article 3 of the GDPR. It is applicable on:

  • All data controllers and data processors within the territory of the EU
  • All data controllers and data processors outside the EU offering goods or services in the EU are profiling people in the EU
  • Processing personal data in the outline of the activities from one of its branches established in the EU.

To protect the personal data of residents of EU Member States, the GDPR also has extraterritorial applicability, which means that the scope of the GDPR extends to countries outside the jurisdiction of the EU. However, not all Indian companies need to comply with the GDPR. Indian companies offering goods or services in the EU, personal processing data transferred from the EU or profiling the personal data of EU residents must comply with the GDPR.

Companies worldwide are assessing the impact to EU General Data Protection Regulations (“GDPR”) will have on their activities. High administrative fines for non-compliance with the provisions of the GDPR are a driving force behind such concerns as they can lead to loss of business for various countries like India.

India has had a peculiar economic structural transition. Economic Survey reveals a top-down economic structure with 66.1% of the contribution of the services sector to the GDP. According to NASSCOM, the information technology sector – business process management (IT-BPM) “should touch an estimated share of 9.5% of GDP and more than 45% of total services exports in 2015-2016.

The contribution to revenues from IT-BPM exports is expected to hit US$108 billion, with a relatively smaller domestic contribution of US$22 billion. “The main markets for IT software and services exports are the United States, the United Kingdom and Europe, representing around 90% of Total IT/ITeS exports.” According to NASSCOM estimates for 2014, the UK and mainland Europe accounted for 17.4% and 11.6% of the IT/ITES services exports to India.

HR Compliance

HR compliance is creating policies and procedures that ensure your organization follows up-to-date labor and employment laws and regulations. Not only does HR work to align workplace policies with local and federal laws, but they also enforce procedures to ensure all employees follow them. HR compliance is vital to your business because all employers must meet their legal responsibilities. Non-compliance will result in fines, penalties or even legal action, which can be detrimental to your business. In other words, HR compliance is important to avoid fines and legal problems, maintain a company reputation, and build a great workplace. HR managers must prioritize HR compliance to protect their organization. There are many different types of compliance within HR, such as:

  • Statutory compliance is about implementing and complying with government employment and workplace legislation. For example, your business is legally required to follow minimum wage laws, age requirements, and anti-discrimination laws, to name a few.
  • Regulatory compliance overlaps with legal compliance periodically, but the distinction is that your business must follow the rules of a specific regulatory body. These regulatory agencies fall into three classifications: independent regulatory commissions such as the Federal Trade Commission (FTC), executive agencies such as the United States Environmental Protection Agency (EPA), and government corporations, the Centers for Disease Control and Prevention (CDC) be one of them.
  • Contractual compliance is what it should be: compliance with the regulations and terms your organization is bound by. This can be a contract between your company, partner organizations, or employees.
  • Complying with union law, some companies may deal with union workers, such as The Screen Actors Guild, which represents over 100,000 artists and technicians. In this case, your company must be aware of the rules set by these unions and respect them.

Every company in India spends a lot of money, effort and time to ensure their payroll is compliant through the proper audit. Companies are often concerned with compliance-related legal issues such as aggressive employees, demands for unreasonable wages, and demands from unions. Even if a business has no intention of breaking the law, it may face legal problems if it lacks adequate protection. This protection comes from legal compliance, which helps companies avoid the risk of non-compliance. With the increase in non-compliance risks, it becomes necessary for companies in India to comply with the law in human resources in India.

Data Compliance

Data compliance is the formal governance structure in place to ensure that an organization complies with the laws, regulations and standards relating to its data. The process regulates the possession, organization, storage and management of digital assets or data to prevent their loss, theft, misuse or compromise. The stipulated regulations and standards determine what data must be protected and the most suitable processes.

In other words, data compliance refers to all the regulations a business must follow to ensure that the sensitive digital assets it owns (usually personally identifiable information and financial details) are protected from loss, theft and misuse. These rules come in several forms. They can be industry standards, state or federal laws, or even supranational regulations like GDPR. Still, they typically specify what data types must be protected, what penalties will be for businesses that fail to comply with rules and what processes will be acceptable under the legislation.

Below are the data compliance standards and how to meet them

GDPR: One of the newest and broadest standards, the General Data Protection Regulation (GDPR) of the European Union, has been hard to ignore over the past year. Going into effect on May 25, 2018, this sets out a set of rules relating to people’s right to know what data companies have about them, how companies should treat this data, and tougher rules around reporting breaches.

Health Insurance Portability and Accountability Act (HIPAA): HIPAA dictates how US organizations that deal with people’s health and medical records must ensure the security and confidentiality of these records. Because these details are some of the most sensitive records, an organization will keep, the penalties for failing to protect this information can be severe. In 2018, for example, insurance company Anthem agreed to pay a $16 million fine after a hacking attack exposed the health information of nearly 79 million people.

Payment Card Industry Data Security Standard (PCI DSS): For businesses that deal with customers’ financial information, the PCI DSS is a vital part of any compliance process, setting the rules for how businesses handle and protect the data of cardholders, such as credit card numbers. Unlike the others on this list, PCI DSS is not a government-mandated set of rules but an industry. However, that doesn’t make it any less important, as any business found non-compliant with its rules can face hefty fines or even break relationships with banks or payment processors, making it very difficult for businesses to accept card payments.

Sarbanes-Oxley Act of 2002 (SOX): SOX is meant to protect against any repeat corporate accounting scandals that engulfed companies like Enron a few years ago. As such, it’s more about financial reporting than data protection, so IT professionals may consider it less important than some of the other regulations they face.

California Consumer Privacy Act (CCPA): CCPA was passed in 2018 and came into effect on January 1, 2020. This is one of the toughest consumer protections many US-based businesses will face. It has been described as the Californian equivalent of the GDPR. While it is not as demanding as the GDPR in reporting requirements, it is in some respects even stricter than its European counterpart.

Health and Safety Compliance

Health and safety compliance is adhering to security rules set by regulatory bodies and legislators. Organizations must comply with the safety standards that apply to their industry and jurisdiction. Employers are responsible for enforcing compliance in the workplace, within and among employees. The regulatory bodies have processes to monitor and enforce safety compliance in the workplace.

Health and safety compliance aims to keep workers, the general public, property and the natural environment safe from various work-related hazards. The crucial factor in security compliance is adherence to security standards, even when there is no direct oversight, including workers performing their jobs as instructed, maintaining a proper maintenance program for heavy machinery, and employers providing their employees with adequate personal protective equipment. For instance, IOSH sets requirements by offering ISO 45001 for occupational health and management systems.

Below are ways to ensure employees follow health and safety programs as intended.

Training programs help familiarize employees with safety rules, risks, and consequences of non-compliance. Training using simulation tools helps employees experiment safely and appreciate the need for compliance. Additionally, many OSHA standards require training as part of compliance requirements.

Security policies should be communicated clearly, and a note on disciplinary action for non-compliance. Effective discipline programs begin with a minor consequence, such as a verbal warning. The organization can take actions such as suspension or termination for repeated violations and disregarding security.

Employees should feel free enough to communicate security concerns without fear of repercussions. Regular safety committee meetings and feedback from employees, supervisors and other staff members should be encouraged.

Health and safety compliance audits and the legal safety compliance checklist are very important as they help maintain regulatory compliance. Checklists ensure that nothing is overlooked and documentation supports the organization in the event of an unexpected incident.

Basic compliance measures employers need to take to ensure compliance:

  • Provide a safe workplace free from serious risks.
  • Provide workers with adequate PPE for the risks they face.
  • Provide relevant safety training.
  • Ensure proper maintenance of equipment and tools.
  • Use visual identifiers, color codes and sign to alert workers to potential hazards in their environment.
  • Resolve any issues discovered during security inspections and audits.