Regulatory: Challenges and Difficulties

Regulatory: Challenges and Difficulties

Working with regulators is not such a simple mission. Companies that have a structured sector to deal with regulatory issues need to be constantly reviewing and updating their processes. In a popular language “dancing to the music”, which means that they must adapt and act according to the requirements of regulatory organizations and the endless norms, collegiate resolutions, instructions, laws, provisional measures, etc.

When we fail to comply with the requirement, we are not saying that the companies are not following current legislation, otherwise, apart from the legal bases, there is a series of specific regulations that need to be followed, such as: telecommunications companies, regulated by Anatel (National Telecommunications Agency in Brazil); pharmaceutical industries, laboratories, manufacturers of cosmetics, medical products, and sanitizers, governed by Anvisa (National Health Surveillance Agency in Brazil); complementary prevention companies, regulated by Previc (National Superintendency of Complementary Prevention); or companies that work with the manufacture of food and beverages, that need to follow a series of regulations audited by Mapa (Ministry of Agriculture and Livestock and Supply).

Now, to the joy of all the companies that are still on guard of regulatory bodies, the most important thing that everyone must attend to: ANPD (National Data Protection Authority). In the end, any company will escape.

The problem is not follow the rules. The problem is to guarantee the control of these rules demand, such as, for example, document management, present in any of the sectors mentioned above and that concerns the professionals in regulatory affairs and quality assurance.

Document management involves a set of procedures and technical operations related to the elaboration, production, processing, use, evaluation and archiving of documents, that is, from the beginning of the construction of a document, going through all stages, of review and approval. Most of the time, it involves more than one organizational area and more than one person until its publication.

Until one day, its life cycle ends and it has a whole process of elimination or obsolescence from the process, which also needs to be managed. And with the profusion of changes in the entire regulatory framework generated, some documents become obsolete quickly.

Document management is a slice of this cake, governed by rules and that needs to be carefully followed, because any carelessness can have a very big impact on the result and, depending on its breadth, it may be irreversible to succumb to the company. This is because after each process designed, written procedure approved and published, we have the training stage. And depending on the size of this company, a lot of people need to be trained. It is not a joint reading of the procedure. It is training, with the right to test at the end of the course and a certificate of approval.

And then, everything was released to implement the procedure, all trained and the “D” day happens. It is necessary to have a support structure, for doubts and errors that will arise at the time of execution and everything needs to be registered for future improvements and corrections. And if something needs to be changed, it is necessary to open a change control by clearly specifying the reason for this request.

These changes can be a simple textual change, when they can become complex projects that involve all areas of the company. So, having the phases, actions, managers, investments, resources and people involved well documented, allows a better control over the scope, time and quality of delivery. After all, you won’t want to change the procedure again. Or go?

If there were errors or incidents that impacted the processes, they must also be documented, investigated using tools for root cause analysis, so that actions are taken to prevent recurrences and new errors. Depending on the impact, this incident can significantly affect the risk mapped by the company.

When we talk about a sector governed by its own rules, we can have a look like the “Boehm Spiral” ¹, where each turn of the spiral goes through all the phases of the process, and must be repeated as many times as necessary until the final product / service is delivered, observing the need for changes, assuming that these changes may have a risky result in the project and any activity may have an impact on the final product, requiring control and traceability of all actions.

The regulatory department, in addition to suffering due to the large volume of external information collection and analysis, still needs to control the dates of renewals of concessions, annual reports for agencies and other regulatory bodies, fees and other obligations, under the risk losing records, concessions, authorizations and everything.

Ensuring traceability is another point that must be considered in order to meet Data Integrity, that is, the maintenance and guarantee of accuracy and consistency of data throughout the information lifecycle: concept, requirements gathering, development, approval, implementation and maintenance. This is a critical aspect of the project.

Much information is still printed and the data contained often does not receive the same treatment as electronic information, being improperly accommodated. A kind of triangle of shorts, where the document disappears and reappears without explanation. Storing these documents electronically is much faster than the “digging” process.

This means that the more control these companies have in their processes and documents, the lower the likelihood of a recurrence of risk.

To guarantee this control, in addition to trained people, dedicated and specialized consultancy, a system that supports this traceability and integration is essential. It is necessary to maintain this set of actions in an integrated environment, which allows each area of ​​the company to have its individuality and, at the same time, allows to unify this work to achieve the common objective, which is to comply with its regulations.


¹According to SOMMERVILLE (2011), the Spiral Model “combines prevention and tolerance to change, assumes that changes are a result of project risks and includes explicit risk management activities for their reduction”.


Adm. Renata Lopes has a degree in Data Processing Technology, with a postgraduate degree in Business Management and People Management with Coaching; director and IT Governance consultant for Human Technology, professor of the post-graduate course in Electronic Document Management and Knowledge Management. Working for more than 25 years in the Information Technology area with project management and multidisciplinary teams, in large national and multinational companies.


Adm. Bárbara Rodrigues (CRA-RS 034036 / P) is an ANPPD member, works as a compliance, risk and audit professional, with experience in the hospital area, where she participated in several implementation projects. She has been working for 10 years with Management Systems in several organizational segments. Graduated in Business Administration with a degree in Foreign Trade from the University of Vale do Taquari, she has a specialization in Entrepreneurial Business Management and an extension in Business Consulting from Fundação Getúlio Vargas – FGV / RS.



Marcelo Carvalho has more than 30 years of experience in the pharmaceutical segment. He is a specialist in Information Systems Quality, adept at Computational Sciences and Risk Management. Graduated in Systems at UVA; post-graduate from NCE-UFRJ and FGV-RJ in Business Administration; with PMO Management by Ibmec-RJ. Founder of SoluQTion Consulting in Quality and IT Solutions, which has been operating since 2017 in industries regulated by Anvisa providing professional services in systems consulting for pharmaceuticals, chemicals, medical and dental products.

Anvisa Best Practices Webinar

The Anvisa Best Practices Webinar takes place on May 24th, 25th and 26th, an immersion in the guidelines for the manufacture of medicines, in the systemic validation process and in the required document management of laboratories, pharmaceuticals and other companies in the segment. The event will be 100% online and already has its registrations open. Sign up clicking here!

the content

Subscribe to our newsletter