All,
I am new to this group but would like to inform if someone is aware of companies using ARIS or ARIS GRC in areas where FDA compliance applies. I work for Philips Electronics where we have established ARIS as our BPM and EA repository and may want to extend into GRC area but with a focus on FDA in our Healthcare sector.
Most of the GRC I see sofar is positioned in financial areas like SOx, Basel etc, but I wonder if ARIS would stand the test of FDA.
Thx.
Hi Michiel,
Like Paul I am interested to know if there are companies that are using ARIS within a GxP environment for an SAP based solution. Do you have any updates since your previous posting? If yes what are the prerequisites? For example:
1. What is the earliest version of ARIS that can be used?
2. Is ARIS GRC and/or Compliance Performance Ready Solution for Pharmaceutical environments required?
The reason for my questions is to understand the base starting position and thereupon to evaluate the roadmap to an ideal solution, which will take time and investment.
Kind regards, Robin
Michiel Jorna on
Hi Paul,
Welcome to the group!
ARIS GRC offers a generic and sector independent approach for enterprise-wide risk management. I agree with your observation that GRC platforms (ARIS GRC included) traditionally have a strong basis in the area of financial reporting but the concepts behind and the methodologies used can be applied to any organization and any applicable regulation. In the end it’s all about being able to identify the applicable regulations and corresponding (compliance) risks, design appropriate control measures to mitigate the identified risks, implement and integrate these control measures into the business processes and continuously monitor the design and effectiveness of these processes / controls.
For FDA compliance specifically I think it’s worthwhile to mention the Compliance Performance Ready Solution for Pharmaceutical environments.
Besides (Pharma) reference processes this includes GxP regulation requirements, reference risks, controls, SOP’s and test instructions.
The reference information can be used to set up a framework in ARIS Business Designer that integrates GxP requirements with the risk and control frameworks and business processes:
Based on this structure ARIS Risk & Compliance Manager can be used to enable continuous monitoring of these controls, evidence of control execution, support the management of deficiencies and remediation actions etc.
If you are interested to have more details on this topic please feel free to contact me.
BR,
Michiel