Risk Management Methodology
Risk Assessment
A general structure for risk assessment is an important aspect in all businesses, but ensuring that a risk assessment for non-compliance is undertaken is something that many forget. A risk assessment would identify your areas of weakness and ensure you underpin the revenue stream from these lines and build a metaphorical wall around them to ensure their ongoing success.
Single P.O.C
Having someone solely in charge of product stewardship and compliance is advisable. Having a single point of contact for all things related to regulatory compliance adds a layer of security within your company. It means that all key tasks are handled within one department and are more likely to be diarised and reduces the risk of tasks slipping between the departmental gaps within your company.
Professional Advice
The vapour industry enjoys a fabulous camaraderie, but this can have a negative effect in compliance, with the “sheep/shepherd” mentality causing the masses to have a weak or incorrect compliance platform. It pays to seek professional advice so that you understand your obligations, even if you choose to ultimately take a risk.
Local Representation
Whilst the majority of manufacturers will have distribution contracts, almost all are unaware of the legal obligation under regulation 768/2008/EU. Contracts must also state expectations and restrictions. Your local representative will become the legal entity for your brand and will assume the penalties as well (except GDPR).
Regulatory Awareness
Make sure you are aware of exactly which regulations impact your product and in which market. In Europe for example there are more than 10 separate regulations that will affect the way you do business. Your regulatory awareness will be improved with a good compliance partner who specialises in all compliance, not just TPD.
Documentary Evidence
Having a notification for your product(s) is not enough. You must have local copies of your XMLs, Production files, Emissions and Nicotine Dosing reports, Methodologies, Toxicology studies, SDS, etc. and in the case of devices, your schematics, risk assessments, instructions and contracts. Some of these may also need to be passed through the value chain.
Internal Audit
An internal audit procedure doesn’t need to be overly complicated, simply enough to review all the benchmarks that you have put in place on a regular basis. This isn’t a regulatory obligation, but adds depth to your company risk register and will give you a method to identify new risks as the emerge.