X

Sanford Health, the largest rural nonprofit health care system, was facing a significant challenge in setting and managing policies across its 43 hospitals and nearly 250 clinics. Each of Sanford’s major hospitals was using a separate system for writing, updating and distributing policies. Over time, this became an increasingly disorganized approach. The smaller clinics in the Sanford system had to rely on paper copies or locally stored electronic versions of policies that were scattered, hard to track down and sometimes outdated. It was impossible to audit the policies and ensure employees were aware of the latest guidelines. When it came time for Sanford leadership to revise policies or draft new ones, documents would be mailed from one person’s desk to another, with multiple versions getting mixed up—a frustrating arrangement that was almost impossible to track.

Valero Energy Corporation, North America’s largest independent refiner and marketer, operates 16 refineries and more than 5,000 retail venues. The Port Arthur refinery, located in southeastern Texas, employs over 800 employees and achieves a total production of 95,000 barrels per day. To create a safe workplace that meets OSHA’s Voluntary Protection Program (VPP) standards, as well as positively execute Valero’s best practice standards, Port Arthur needed a way to keep their policies and procedures accessible, orderly and accurate. Given the tough economic times, the refinery was also looking to implement a solution in the most cost-effective way possible. The Port Arthur refinery is only one of Valero’s 16 refineries. The campus consists of four complexes and more than 800 employees. In 2007, Valero corporate headquarters sent policy writers to Port Arthur to spend months rewriting and updating the refinery’s operating manuals. These procedures were maintained in a series of spreadsheets and paper copies stored at each complex and varied based on managerial preference. When the writers finished, Reggie Ramirez, Port Arthur’s Process Safety Management Coordinator, wanted to see that the procedure documents never again fell into disarray. Unfortunately, Port Arthur had no system to consistently manage the newest manuals.

Cummins, a global power leader with approximately 46,000 employees worldwide, was facing the challenge of maintaining a consistent communication structure across its global operations. The company was outgrowing its old vendor and needed a system that could support its Code of Conduct policies on a global scale. The company launched a Six Sigma project to determine the necessary requirements for an ideal system. As an international company, Cummins needed a comprehensive reporting system to maintain a consistent workplace culture around the world.

Highland Rivers Health, a large behavioral healthcare provider in Georgia, was struggling with an outdated, paper-based policy management system. The organization, which operates 36 facilities and employs nearly 700 people, had to rely on individual employees at various locations to maintain policies and procedures. The process of converting paper policies to PDFs and uploading them to the intranet was time-consuming and inefficient, often resulting in policies being outdated by the time they were made available online. The organization also had to maintain a team to monitor version tracking, which required about 15 people to travel once a month to review and revise all policies. This was not only a drain on resources but also a major challenge when it came to searching for and providing evidence for accreditation.

PNC Bank, a leading provider of financial services in the United States, was facing challenges with managing their policies and procedures. They had made significant investments in Lotus Notes® and an intranet website to manage their documents, but neither system met their high standards. The overlap between the applications created confusion and version control issues. From a compliance perspective, the lack of clarity, consistency, and readership metrics was an unacceptable risk for the institution. They needed a document management system with intuitive versioning controls, powerful search and tagging features, and compliance-savvy reporting tools. In addition to these internal challenges, PNC Bank also needed to comply with a wide variety of regulations such as The Bank Secrecy Act of 1970, Sarbanes–Oxley Act of 2002, Anti-money Laundering (1986, 1992, 1994, 1998), and Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010.

Primetals, a company with more than 40 company offices, engineering, workshop and service centers in close to 20 countries, faces a variety of potential business risks. In emerging markets, some employees encounter different cultural practices that can open up supply chain risks such as bribery, corruption and kickbacks. Because of these risks, Primetals saw the need to gather input from employees to adhere to their values of transparency and compliance. While the company encourages employees to report potential issues through their open door policy, Primetals also understood that employees needed to have more options — including an anonymous hotline and case management system.

Soneva, a luxury resort group with properties in the Maldives and Thailand, was facing a challenge in ensuring that its employees, referred to as hosts, felt safe and secure. The company had open lines of communication between hosts and management, but there were instances when female hosts were hesitant to use these direct lines to report sensitive issues or discuss concerns. The company wanted to ensure that hosts would always feel comfortable to approach the company to discuss any issue, so they decided to look for a way to enhance the existing lines of communication by providing a safe way for hosts to make a report directly to the senior leadership team.

When Hahnemann Hospital and Saint Christopher’s Hospital for Children were divested from Tenet Healthcare and purchased by American Academic Health System in early 2018, the two hospitals found themselves without a hotline reporting system. The hospitals needed a system that could serve as a confidential place for employees to clarify policy and discuss or report concerns, a communications channel beyond the rumor mill, a way to direct employee questions to the appropriate resource, an opportunity to provide guidance before a poor decision is made, an early warning of issues or problem areas brewing in the organization, and a last internal stop for whistleblowers before they take an issue outside the organization to a regulator or attorney.

Alliance Data, a leading provider of marketing, loyalty, and credit solutions, was facing challenges with its employee reporting system. The company, which manages over 100 million consumer relationships for some of the world's leading brands, was using a pen and paper system to manage employee reports. With 20,000 associates across the company, this system proved to be inefficient and made it hard to manage employee reports effectively. In addition, keeping track of the historical context behind the data was a challenge. The company needed a more efficient and effective way to manage employee reports and track data over time.

Hy Cite Enterprises, a wholesale distribution company, began expanding its operations globally about fifteen years ago. As their global profile grew, so did the complexity of managing the many subsidiaries, suppliers and different types of compliance risks to which the company was now exposed. Performing due diligence on new third parties and continuously monitoring those entities was challenging. Hy Cite was using internally developed applications to track and monitor third parties, collecting information from a variety of sources that were not meant to manage the due diligence process. The company realized that it was not sustainable to continue using the same systems and needed a system that had what they needed in a single place.

The town government of North Kingstown recognized the need for a system that allowed citizens to report problems or concerns anonymously. This was in response to the popular opinion in the community for more information about the government as well as accountability for the government. The town started the search for a third-party system at the recommendation of a state auditor and outside consultants.

OpenMarket, a global leader in mobile messaging, was facing a challenge in meeting the growing security requirements imposed by contracts, laws, and standards. The company had 254 compliance mandates related to various laws, regulations, rules, and standards, along with 173 customer contracts with over 9700 contractual obligations. The company's existing model of compliance performed by service teams relying on user-based tools like spreadsheets was not sufficient to meet these requirements. Global brands had begun asking for security requirements that OpenMarket couldn’t meet with current processes. As such, the company needed a more streamlined, yet comprehensive approach to compliance in order to do business with global enterprises.

Navicent Health was cited for document control issues with their internally-built SharePoint repository. This led to the task of building ISO 9001 2015 certified policy and procedure management systems for all Navicent hospitals. The challenge was to create and maintain a standardized work environment with consistent document management, information control, and knowledge sharing across the enterprise, which included 12 entities and about 12,000 documents.

The luxury fashion accessories manufacturer and retailer faced a two-fold challenge. Firstly, they had to comply with Dodd-Frank Section 1502 and similar international regulations that require public companies to disclose annually whether conflict minerals exist in their supply chains. If so, companies must report on due diligence efforts and conduct a private sector audit. This was a daunting task for the company as it worked with over 1,000 suppliers around the world, making it difficult to know which, if any, were sourcing conflict minerals. The second challenge was the public pressure on organizations for transparency. Meeting compliance and audit requirements mandated by Section 1502 would cost around $3.5 million annually and take six to 12 months to complete.

A mobile messaging company was in hyper-growth mode but needed to mature its compliance program to keep pace with a growing list of regulations and B2B customer demands. The company had to comply with 173 contracts, 254 regulatory mandates, and 9,700 contract demands. The company’s startup culture made things harder, because it thrived on tribal knowledge, undocumented processes, and a shoot-from-the-hip management style. While that culture could thrive in a small startup environment with few compliance mandates, the company had become a subsidiary of a publicly traded company and counted four of the top 10 global brands as customers. Meeting even basic business requirements was becoming impossible to manage using manual processes like spreadsheets.

The biosciences division of a major university, comprising 5,000 faculty and staff across 32 departments, faced a significant challenge in managing its information security. Each department had its own IT support and unique cybersecurity requirements, creating a siloed environment that hindered the security team's ability to assess the entire IT landscape. This resulted in gaps in security controls, inconsistencies in applying these controls, and duplication of efforts. The university's commitment to open inquiry and interdisciplinary research, which involved freely sharing information, introduced additional risk. The security team also struggled to comply with the Federal Information Security Management Act (FISMA) procedures and controls for protecting government information, operations, and assets.

The company faced challenges related to compliance requirements and incident management. The existing solution was reliable for gathering information on incidents, but it lacked steps for managing information toward a resolution in a secure manner. The company also faced hurdles in controlling and restricting access to information around incidents that involved HR and the Healthcare Information Portability and Accountability Act (HIPAA). Additionally, the company’s use of vendors pointed to the need for regular assessments and a defined process for managing vendor incidents. The company sought a more secure and efficient way to manage incidents associated with HR, vendors and IT, as well as a smarter approach to IT risks and vulnerabilities.

The nation’s largest health information network faced significant challenges in managing information security, particularly due to the sensitive nature of the data it processed. The company had to comply with a range of regulations and industry standards, including HIPAA, EHNAC, SOX, PCI DSS, and ISO. The complexity of these compliance requirements was compounded by the company’s lack of visibility into current and pressing risks, making it difficult to provide data or metrics to inform management decisions. Additionally, the company’s Information Security department struggled to secure funding, as it was viewed as a cost center and had difficulty justifying budget requests without clear insight into IT and information security risks.

The social game developer was facing challenges in managing cyber risk, compliance, and audits due to inadequate processes. They were using spreadsheets, word-processing, email, and an Intranet site for governance, risk management, and compliance. As a result, the company couldn’t see vulnerabilities and the risks posed by them. Asset inventory audits took months to reconcile. Onboarding new vendors took four weeks. Even convincing employees to acknowledge company policies, like acceptable use, was a Herculean effort. The company needed a senior analyst to lead its nascent program, as well as invest in a technology platform that could streamline cyber risk, compliance, and audit management activities while supporting game development.

The Toledo Clinic, a large private multi-specialty physician group, was facing challenges in managing policies and employee reports. The organization was using SharePoint to manage policies and procedures, but the system was not effective. The Clinic's Corporate Compliance Officer, Drew Williamsen, had previous experience with SharePoint and knew that it was not capable of being a policy management system. In addition to this, the organization did not have a proper hotline. All reports were done via spreadsheets and disparate documents, making it difficult to track reports and visualize trends.

The telecom company was given a mandate by its board to create a broad-reaching governance, risk and compliance (GRC) program managing everything from audit and compliance to third-party risk and business continuity. The company faced a number of challenges, including a staffing shortage, customer demands, a dynamic regulatory environment and the off-the-grid nature of Alaska. They relied on spreadsheets, email and tribal knowledge for a patchwork compliance program, and lacked a comprehensive view of real risk areas. The Board requested the new GRC program to be up and running in 18 months.

The major health insurer was struggling to comply with HIPAA data security requirements and other regulations due to inefficient manual processes for vendor risk management. The company had previously adopted a GRC platform, but it proved to be overly rigid and required technical expertise to configure, leading the risk management team to revert to manual processes. The company needed a more advanced GRC platform that could streamline vendor risk assessments, comply with healthcare regulations, require little or no IT assistance, and achieve high user adoption.

The company, a world-leading provider of tools and storage, commercial electronic security and engineered fastening systems, needed a comprehensive, digitized system for Environmental, Health and Safety Management. They specifically required a digital system for tracking safety observations to log corporate audits. The company wanted to develop a consistent behavior-based safety program across global sites with diverse operations. They aimed to simplify behavior-based safety program requirements and processes and provide a digital and mobile solution for convenient logging of behavior-based observations. The company also had specific EHS/IT needs such as site-specific custom forms for logging risks and behaviors based on site operations, equipment, etc., multilingual options for global sites, and mobile capabilities for on-the-go access.

The company, a Fortune 500 manufacturer of industrial and consumer tools and equipment, was facing challenges in managing its global manufacturing operations. The cross-functional teams were overwhelmed with regulatory obligations and customer requests for product compliance information. The company needed a workflow-driven, automated platform for supplier outreach, data collection, and follow-up. They also required a cross-functional tool to improve collaboration across EHS, Sourcing, Engineering, Quality, and Sales. The company was looking for a cloud-based system not subject to versioning and user licensing restrictions. They also needed a flexible system for addressing immediate compliance priorities and customer requests for information. The company wanted a comprehensive digital platform to streamline supplier engagement and product compliance program processes. They also required real-time monitoring of regulatory changes with stakeholder alerting and automated product compliance checks. The company also wanted the ability to integrate with company ERP and PLM systems to sync supplier, parts, BoM information and to make material compliance information available to product design teams.

The company, a large water technology provider with 16,000 employees offering services across 150 countries, was facing challenges in conducting audits across its 15 locations in Australia and New Zealand. The process was complex, involving coordination of audits, assigning teams, and collecting data to share among team members. The company was seeking a solution that could streamline the entire process, save time, and enable audit teams to seamlessly share findings, notes, and identify opportunities to take action using a single platform.

The enterprise was in need of a centralized system to enable behavior-based safety observations across various levels. They wanted to record employee observations at respective site, department, or equipment-specific levels and maintain real-time visibility to safety observations across multiple locations. They also wanted to leverage mobile technology to record observations. The enterprise was looking to enhance its overall safety culture and drive safety improvements across site programs. They wanted to analyze Key Performance Indicators (KPIs) for trend analyses and multi-dimensional charting.

The company, a multinational conglomerate with diversified businesses in resources, agribusiness, logistics and energy sectors, was struggling with managing the health & safety of employees and contractors at dangerous worksites. With dozens of sites to manage in hazardous operating environments, the company needed a better system to manage incidents across locations. The company was looking for a solution that could establish a proactive incident management process, provide offline mobile capabilities for easy and unhindered access to concern reporting, and offer a digitized platform to provide visibility to incident management across 115 sites. The company also wanted the solution to have an anonymous concern reporting capability and the ability for contractors to use the system.

The company, with a strong global presence and warehouses processing a variety of consumer goods, needed a versatile environmental, health and safety (EHS) auditing tool. The tool needed to be expandable and customizable in accordance with their area readiness program. The company's core mission was to improve area readiness, enhance line operations, and reduce costs. They wanted to streamline inspection/auditing processes for improved employee engagement and better overall site safety. They needed an IT solution with broad program area coverage including Area Readiness, DOT, EHS, Equipment, Food Safety, Hazmat, and Social Responsibility. The application needed to have offline access and Mobile capability to conduct, identify, and correct EHS hazards more efficiently.

The global food and beverage supplier was in need of a digital solution to replace their traditional pen and paper spreadsheets used at each site. They required a system that was easy to understand and implement, with various reporting and charting methods for effective visualization and presentation of findings. The company also needed an intuitive interface for enterprise-wide deployment, mobile capabilities for deployment within multiple facilities, and integrated data analytics & reporting for continuous improvement.

The company, a U.S.-based multinational conglomerate, was undertaking a high-profile construction project for a Research & Development (R&D) center in China. They needed a dynamic solution to manage safety and compliance throughout the project. The challenge was to establish a culture of safety excellence, gain visibility into site operations, and manage approximately 500,000 working hours of construction from start to finish. The company also needed a system that could adapt to the dynamic nature of construction sites, provide real-time visibility for management to monitor and manage construction safety and compliance across country borders, and be easily implemented by onsite users with minimal experience with company programs and procedures.