Since 2012, the Consumer Product Safety Commission (CPSC) has required companies that have entered into settlement agreements for failure to report under Section 15 of the Consumer Product Safety Act (CPSA) to develop internal compliance programs. Through these settlement agreements, it is obvious that the CPSC considers the implementation and maintenance of a compliance program to be the cornerstone of how a company ensures compliance with product safety rules and regulations enforced by the CPSC.
The difficulty is not in the development and implementation of an effective Product Safety Compliance Program, but in developing a mechanism to review, evaluate and update the compliance program.
So how do you know if your program is up-to-date and if you are using the best process and technology available today? In the early days of CPSIA, many companies built internal systems and controls to track testing and to generate certificates. Many of these systems are 4-6 years old now and were not built to send paperless certificates, as put forth in the rule on “Certificates of Compliance”, 16 CFR Part 1110 (the 1110 rule). At many companies, a review of their compliance program has not been done since 2013 when the CFR 1107 rules when into effect. Failure to regularly review and update all relevant information, which might impact the compliance of your childrens’ product, negates the effectiveness of a Consumer Product Safety Compliance Program.
Perform an Audit
To begin the review of your current product safety program, an audit must be conducted to assess your product safety readiness, including your current systems, operations and technology platforms. During the review, charting the incoming data to technology, processes and the people involved, should be conducted. Knowing where all of the compliance related data for the company is stored, and how it can be accessed, is important when information is needed quickly. In the event of an incident, the decision to report under Section 15(b) to the CPSC needs to be made quickly, so knowing where to find your data is essential.
Map Your Incoming Data to People, Process and Tools
The next step is to chart your processes so that incoming product data will be available to effectively support your Product Safety Compliance Program. This data should be collected from the design stage through final product delivery to consumers. Is there a proactive approach to compliance so that you can quickly react to incidents reported by consumers who are using your products, once you are made aware of them? You may have data residing on in-house developed systems, 3rd party applications, vendor sites or web applications like Dropbox or SharePoint. Your goal should be to maintain and enforce a system of internal controls and procedures to ensure that your company can promptly, completely, and accurately report the required product information to the CPSC if necessary.
Sources to Discover Safety Related Incidents
There are many sources to discover safety related incidents. Do you have process and technology tools in place to capture these? How are these issues escalated and what platforms do you use to review, research and document issues brought to your attention? Many companies today use online help desk platforms to log customer service inquiries and most of the top programs today have an API connection so that you can bring in items from Facebook and Twitter. Application program interface (API) is a set of routines, protocols, and tools for building software applications. An API specifies how software components should interact and APIs are used when programming graphical user interface (GUI) components. So when looking for new technology platforms, look for ones that have the ability to use an API to connect to other applications or to bring or send data to your systems or compliance program.
Your internal company communications policy should be set up to enable management to quickly be informed of any safety related incidents or quality issues.This policy should start with the appointment of a company compliance manager and notification/training to your staff on your escalation policy. Do you have your systems set up to capture safety related incidents and route them to the compliance manager/director? A lot of programs today utilize a smart rules feature so you can escalate a category type such as safety and quality so that these items can be routed directly to your compliance manager the minute they are created. It is important to note that with or without a technology solution, you must train your customer service staff to recognize safety related issues and direct them on proper incident handling protocols and company polices so they are prepared to escalate to management when discovered.
Identify Your Training Platform
During the review of your compliance program you should identify and document the communication platform that you will use to train your staff, contractors, stakeholders and board members on your company’s compliance policies. Will it be all-hands meetings, video conferencing or 3rd party apps, and how will you capture proof of attendance? You should embed this training for new hires if they work in an area related to purchasing, testing or customer service, and a confidential reporting process should be part of this training so you foster a proactive approach to safety.
Many companies which have been in business for some time find that their data is spread out over legacy systems, shared drives, company servers or staff computers. In your audit you should identify where all of this data is stored and how it is backed up. Cloud based applications and storage solutions are much more cost effective today and offer increased security over dedicated IP-based servers. You should have a data migration plan for migrating or storing data when systems are upgraded and know where to find archived data. If you have an IT department, make sure your document retention policy is inline with CPSC requirements, which is 5 years, and integrate your company email retention policy with your compliance program. Educate your employees on proper storage of files and documents.
Think outside the box
When developing your compliance program there is no one-size-fits-all approach. After completing an audit of your current program you can then identify possible technology solutions to adopt or to fill the gaps in your current systems. Keep in mind that your compliance program should encompass your company’s product testing and certification program so that compliance with all applicable federal and state children’s product safety rules and regulations is ensured. The days of using Excel spreadsheets solely for the documentation and implementation of your compliance program are quickly ending, but there are many great solutions available out there today, you just need to find the one that best works for you.
For more information on a conducting compliance program audit or help with creating your CPSC Compliance program please contact us by visiting the Jacoby Solutions website.