Tag Archives: reporting

3 Pillars of Cannabis Banking Compliance

By Mark Lozzi
No Comments

Few people will disagree that financial compliance isn’t the most exciting topic within the cannabis industry. But compliance is, and always will be, the engine grease to the legal cannabis market. Cannabis operators have the arduous task of dealing with multiple layers of compliance, both operational (maintaining and adhering to regulations enforced by the state licensing board) and financial. These compliance measures include managing everything from seed-to-sale systems for all plant-related activity to on-site requirements like facility access points and alarms systems to name a few.

With complex compliance requirements for the business, the last thing cannabis operators want to think about is financial compliance. We created Confia on this notion. Just as cannabis regulators impose the tracking of plants through the supply chain via a seed-to-sale system, we have developed a storyboard similarly designed to follow the money, which is the equivalent of a transaction-to-deposit system.

Having experience in regulatory technology, artificial intelligence and machine learning, we’ve been fortunate enough to work with some of the world’s largest banks across multiple countries. This experience has afforded us the luxury of working alongside regulators, chief compliance officers and chief risk officers, understanding how risk is perceived by financial institutions and how it ought to be mitigated. It was this access and knowledge that allowed us to effectively reform, enhance and improve the antiquated BSA programs with a technology-enabled process. Leveraging technology is a necessity, almost a requirement, for the cannabis industry as legalization nears and banking access begins to broaden.

Jamming cannabis requirements into an existing BSA program doesn’t scale well. BSA programs are very manual, descriptive and process oriented. So, we’ve taken our prior experience and success in banking to form Confia, distilling the complexities and simplifying the deliverables surrounding cannabis banking compliance. To best articulate cannabis banking requirements, I break it down into three pillars.

Pillar One: KYC-Enhanced Due Diligence

The first pillar is the client-onboarding bucket or KYC – Know Your Customer. In the complex world of cannabis banking, banks must know and understand their clients to great depths. It’s not enough to simply know that the client exists; you also have to understand whether or not that client could be a potential risk to the bank, and one step further, the financial system. Cannabis is a high-risk industry, so the KYC requirement is escalated to a deeper diligence and review, called Enhanced Due Diligence (EDD).

Cannabis is a high-risk industry so extra due diligence is needed

Banks need to know and understand their customers’ story, and all the key parties (officers, directors, and those with key decision-making powers or access to the bank accounts) within that organization. This includes reviewing personal, business, and legal history – not to mention watchlists and negative news presence. An initial onboarding review must then be followed with daily screening and monitoring of all watchlists and adverse media. Typically, banks do KYC refreshes every three years. In cannabis, a full refresh should be done annually with the daily monitoring systems in place.

The high-risk nature of the industry also requires a level of diligence on all parties to a transaction, even if one of the parties, whether a payer or recipient, is not a client of your bank. Unlike traditional banking sectors, reliance on other banks’ KYC programs is far less defensible in the cannabis industry.

Pillar Two: Transactional Monitoring & Detection

Tracking and monitoring the actual financial transactions comprises the second pillar required for cannabis banking. At Confia, we have focused on streamlining processes, so the cannabis operator can seamlessly support the compliance obligation for every transaction. A bank must demonstrate supporting documentation for every cannabis transaction, and gathering such information is a large undertaking in and of itself and can pose future issues if not done properly, see the pitfalls for lack of compliance. Banks are obligated to understand the nature and reason for each transaction, the source of funds, ensure cannabis licenses are in good standing for all parties, and collect evidence such as accounting records and seed-to-sale data.

Core to transaction monitoring in the traditional sense, is the overarching support through anomaly detection. Relying on information is important, but testing those inputs keeps everyone honest. It is important to evaluate transactions from a holistic point of view relative to peers and relative to the general contents of a transaction. This anomaly detection layer is your last line of defense, and as new information is collected, it continues to refine itself.

Pillar Three: Filing and Reporting Requirements

The third component to compliant cannabis banking is regulatory filing and reporting. Once a client is onboarded, the account requires an initial suspicious activity report or SAR-Initial within 30 days of that client being approved by the bank. Then, a report must be filed every 90 days after that for all the transactions of that cannabis operator. Banks must file the SAR-Initial and the Continuing-SAR reports for each cannabis client they have.

The high-risk nature of the industry requires a level of diligence on all parties to a transaction

Solutions like Confia automate the filing process and support the filing with transactional data evidenced on our distributed ledger of record. This provides immutable audibility and simplifies the process for all parties involved.

Compliance Requirements After US Legalization

The anticipation of federal legalization and banking reform bills has many operators hoping for easier banking. Yet, in my opinion, regulatory oversight and audits will likely increase after such reform or legalization. As other financial institutions start to support cannabis, it will inadvertently create greater opportunity and expose the financial system to nefarious or illegitimate transaction activity. This is why cannabis banking will be carefully monitored by regulators, and more so, why banks will be slow and pragmatic in standing up their internal cannabis banking programs. Some banks may forever avoid the cannabis industry due to the known pitfalls of an industry specific program, while others may simply mitigate the possible exposure to reputational risk.

Choose Wisely: Pitfalls for Lack of Compliance

Financial compliance is the responsibility and duty of the banks, but the real losers and result of non-compliance always fall on the cannabis operators. Regulatory action against an institution may result in the bank shutting down its cannabis program or may require them to complete a remediation of all their cannabis transactions for a certain period from its clients. At the end of the day, regardless of action, the cannabis operator is the one being punished. Operators either lose their bank account and have business massively disrupted, or they are asked to provide all the compliance docs for a historic period, which is a huge undertaking and operational distraction, ultimately impacting business and productivity. So, choose your banking partner wisely.

Summarizing Key Banking Requirements

In summary, banking in the cannabis industry will undoubtedly remain a high-risk industry, with or without legalization. Although banking opportunities may expand as US policies change, there will be continued compliance and regulatory requirements for the foreseeable future.

  • Onboarding and ongoing screening are critical
  • Evidence for every transaction is a significant portion of compliance and must not be dismissed
  • Evaluating activity with broader strokes is essential in mitigating against money laundering
  • Managing the staggered filing timelines and due dates for each client

Compliance is the most crucial factor in cannabis banking at this point. It cannot be overlooked or taken for granted. Cannabis operators must take an active role in evaluating the compliance programs of their financial providers. To open a bank account is one thing, but the consideration and effort that goes into keeping a bank account is the difference that will protect your business in the long run.

Updates in Employment Law: CA, WA & CO

By Conor Dale
No Comments

A number of laws have gone into effect in 2021 which may have a major impact on cannabis industry employers; clearly understanding the changing legal landscape is essential to avoid and limit potential liability in the new year and beyond. Below is a brief summary of some relevant new employment laws in cannabis friendly states:

California:

  • Expansion of family and medical leave: California has long required employers to provide job protected medical and family leave if an employee worked at a jobsite with 50 or more employees within a 75-mile radius.
  • Senate Bill 1383 now requires all employers with five or more employees to provide up to twelve weeks of unpaid, job-protected leave for employees to bond with a new child or to care for themselves or a family member suffering from a serious health condition. To be eligible for the leave, an employee must have at least 12 months of service with the employer and have performed at least 1,250 hours of work in the previous 12-month period. While on leave, employees are entitled to continue to participate in an employer’s health insurance plan and to return to their job or a comparable position at the conclusion of their job-protected leave. Previously exempt small employers should be aware of these obligations moving forward.
  • Employer Pay Reporting Requirements: Under Senate Bill 973, employers with 100 or more employees that are required to file an annual Employer Information Report, colloquially known as the EEO-1 report, must submit annual information on its employees’ pay data to the state’s Department of Fair Employment and Housing (DFEH). The report must include the number of the employer’s employees by race, ethnicity and sex in specific job categories and pay ranges and their associated work hours and earnings.
  • The first report is due on March 31, 2021, and the DFEH has prepared an online portal to assist employers in submitting this information. These reports can be complex and address highly sensitive information, so employers are strongly advised to contact counsel for assistance in preparing and submitting their first report.

Washington

  • Increased pay requirements: Washington’s inflation-based minimum wage system has increased the minimum wage to $13.69 per hour in 2021. Employers with 50 or fewer employees must also pay salaried employees at least $827 per week (or $43,004 per year) and employers with more than 50 employees must pay at least $965 per week (or $50,180 per year) starting January 1st.

Colorado

  • Equal Pay for Equal Work Act: Beginning in 2021, all employers with at least one employee must: (1) provide formal notice to Colorado employees of promotional opportunities; and (2) disclose pay rates or ranges in job postings that could be performed in Colorado (this includes virtual or remote work positions).
  • The Equal Pay for Equal Work Act generally requires employers to take reasonable efforts to promptly announce, post, or otherwise communicate all opportunities to all current employees prior to making a promotion decision. An employer must communicate promotional opportunities when it has or anticipates a vacancy or a new position that could be considered a promotion for current employees in light of pay, benefits, status, duties or further potential promotions.
  • Under the law, job postings must also include: (1) the rate of pay or pay range for the position; (2) a general description of bonuses, commissions or other forms of compensation offered with the job; and (3) a description of the employment benefits associated with the position.

Cannabis industry employers face a range of new laws, even absent the continued legal burden of managing employees during the COVID 19 pandemic. Employers should consider carefully reviewing all applicable laws and seeking guidance from counsel when needed.

A Playbook for Growth: Start with a True Cloud ERP as Your Foundation

By David Stephans
1 Comment

Cannabis businesses have become a driving force for economic growth in the United States. We’ve all heard the statistics. In 2018, the industry accounted for approximately $10.4 billion in revenue and is slated to grow to $21 billion by 2021.

But with growth comes pressure to produce more, enhance quality and optimize operations. However, managing a cannabis business without modern, capable tools can hinder growth and leave opportunities on the table. That’s why fast-growing cannabis businesses are looking to the proven benefits of a true cloud Enterprise Resource Planning (ERP) platform to help manage production, provide insights and improve business operations. When we add in the complexity and ever-changing nature of regulation, the need for a robust operational system becomes even more critical.

David Stephans will be speaking during CIJ’s October 9th webinar, “Driving Strategic Advantage for your Cannabusiness through Process Efficiency, Quality & Compliance” Click here to learn more and register for free.Cannabis business leaders may want to develop their own “playbook” to differentiate themselves in the market. But before they start to engineer their forward-thinking approach, they should start with a cloud ERP as their foundation. This can help with everything from the most basic of needs to more sophisticated strategies. In this article, we’ll review some key cannabis business goals and tactics, and how ERP can help lay the groundwork for success.

Drive growth and expansion.

Business growth often translates into operational expansion, meaning more facilities, staff and compliance requirements to manage. A cloud ERP supports these functions, including the launch of new products, expanding pricing schedules and increasing production to meet demand. Having the ability to track and manage growth is crucial, and a cloud ERP can provide the real-time reporting and dashboards for visibility across the entire business. This includes not just operational visibility, but also a look into a company’s sales, finances and supply chain.

Foster exemplary customer experience.

Cannabis companies need to streamline processes from the moment an order is placed to when it arrives at the customer’s door. In the mind of consumers, cannabis businesses compete against the likes of Amazon. They must be able to provide a similar experience and level of service, with customers receiving orders in a couple of business days. Cloud ERP can help automate processes. And when things go wrong, it can also help with resolution, especially when it’s paired with a customer relationship management (CRM) system on the same cloud platform. For the B2B market, cloud ERP empowers account management to review past orders to better meet future customer needs.

Stay a step ahead of the game.

In the industry, change is a constant. The future will likely bring about shifts in products, regulations and suppliers. A cloud ERP can modify workflows, controls and process approvals on the fly, so companies can adapt to new requirements. It offers security against emerging risks and easy integration with other systems cannabusinesses may need. An advanced cloud ERP will also provide cutting-edge capabilities, such as AI insights and data-capture from Internet-of-Things (IoT) devices.

Ensure quality product for raving fans and avoid flags on the field through airtight compliance.

Many cannabis companies are passionate about delivering the highest-quality cannabis products. Auditability is key to both quality and compliance. Complete traceability, with lot and serial number tracking, will record comprehensive audit trails from seed to sale. A cloud ERP will incorporate RFID tags down to the plant, lot and product levels to assist in this process. As cannabis goods move through their lifecycle, the cloud ERP will append appropriate tracking to purchasing receipts, inventory as it moves between locations, products as they’re packaged and sales orders as they’re fulfilled.

As a heavily regulated industry, cannabis business is also subject to burdensome compliance standards. A cloud ERP can support the rigorous testing that’s required to assure potency and safety. It easily facilitates Good Manufacturing Practices (GMP) and Good Production Practices (GPP), which ensures products are consistently produced according to quality standards. Many regulatory agencies require digital reporting; cloud ERP can facilitate this requirement through integration with Metrc, Health Canada and the FDA. Compliance can be a costly endeavor, and this type integration saves time, money, and effort.

As you can see, a cloud ERP helps efficiently balance compliance and regulatory requirements, with operational efficiency and customer service – key strategies in any cannabusiness playbook.

5 Compliance Reporting and Notification Requirements That You May Not Know About

By Anne Conn
1 Comment

New cannabis businesses must demonstrate proof of compliance to myriad laws and regulations as part of the initial license application process. And once a license is issued, it is easy to prioritize day-to-day business operations over ongoing compliance reporting requirements especially when sales are booming and compliance requirements are multi-layered, vague or obscured in non-cannabis specific programs and regulations.

But seemingly benign neglect of some minor reporting requirements can have major consequences to new and established businesses alike.

This article explores five compliance reporting requirements that cannabis businesses may not know about, and suggests ways to maintain a strong compliance posture across all regulatory agencies.

Pesticide Reporting

All licensed growers are required to prove compliance to state pesticide usage regulations. However, expectations on how and when to provide that proof of compliance vary greatly from state to state.  Furthermore, the responsibility of education and enforcement for pesticide usage in the cannabis industry often falls to non-cannabis specific agencies such as state departments of agriculture or environmental compliance.

For example in California, cultivators must report detailed monthly pesticide use reports via the State’s Agriculture Weights/Measures Division reporting portal, while Washington State regulators simply expect cultivators to keep records locally on site and provide them when requested.

With so many places to look, the best place to start your pesticide reporting requirement search is with your local agriculture department. They should be able to answer your questions and provide you with a list of resources to help you better understand how to comply with state pesticide usage and reporting regulations.

Hazardous Materials Reporting

Like pesticide use and reporting, hazardous waste handling and reporting requirements are complex and vary state to state. In fact, there may even be nuanced variations in handling requirements at the county level. The best approach to ensure compliance with a complicated set of regulations is to start by consulting your local county fire department. They will have the most specific set of rules for hazardous materials handling and reporting and can help you develop a site-specific compliance plan.

Two OSHA reporting requirements

Depending on how your cannabis business is classified, you may be required to keep injury and illness incident records and provide reports to the Occupational Health and Safety Organization (OSHA) for specific time periods.

Contact your business insurance provider’s loss prevention representative for more information about how your business is classified, which specific OSHA reporting requirements apply to you, and how to stay in compliance with applicable OSHA requirements.

Click here to learn more about how OSHA organizes reporting requirements by business type.

A note of caution here: OSHA non-compliance penalties can be steep and “I didn’t know I was supposed to do that” is not an acceptable defense when it comes to explaining any OSHA violations.

Labor Law Notification Requirements

Federal labor law requires that you notify employees of their rights. At a minimum, you post information regarding wages and hours, child labor, unemployment benefits, safety and health/workers’ compensation and discrimination in a conspicuous place where they are easily visible to all employees. Some states requires additional information be posted in a similar manner, so it’s important to be sure that those notices are posted along with the federal requirements.

This is a simple, yet easily overlooked, requirement for all businesses, regardless of industry. Ask your insurance provider for a copy of the notice to print and post right away (if you have not already) for a quick compliance win!

These five reporting and notification requirements may seem tedious, overly complicated and burdensome in the face of day-to-day business operations, but compliance to these requirements not only protects your business and employees, it also enhances the overall reputation of the industry. The good news is that regulatory agencies welcome a proactive approach and are happy to work with cannabis businesses to provide guidance and information for developing compliance plans.

Why Does GDPR Matter for The Cannabis Industry?

By Marguerite Arnold
2 Comments

The global cannabis industry is hitting thorny regulatory challenges everywhere these days as the bar is raised for international commerce. First it was recognition that the entire production industry in Canada would basically have to retool to meet European (medical and food) standards. And that at least for now for the same reasons, American exports are basically a no go.

However, beyond this, the battle over financial reporting and other compliance of a fiscal kind has been a hot topic this year on European exchanges.

As of this summer, (and not unrelated to the other two seismic shifts) there is another giant in the room.

If you haven’t heard about it yet, welcome to the world of EU GDPR (European Union General Data Privacy Regulation).

The German version is actually Europe’s highest privacy standard, which means for the cannabis industry, this is the one that is required for operations here across the continent if you are in this business.

What is it, and what does it mean for the industry?

GDPR – The Elevator Pitch

Here is why you cannot ignore it. The regulation affects bankers as much as growers, distributors as much as producers and of course the entire ecosystem behind medical production and distribution across Europe and actually far beyond it. Starting of course, with patients but not limited to them. The law in essence, applies to “you” whoever you are in this space. That is why it becomes all that much more complicated in the current environment.

While this is complex and far reaching, however, there are a couple of ways to think about this regulation that can help you understand it and how to manage to it (if not innovate with it).

The first is, to American audiences at least, that GDPR is sort of like HIPAA, the federal American privacy civil rights statute that governs medical privacy law. Except, of course, this being Europe, it is far more robust and far reaching. It touches every aspect of electronic privacy including data storage, retention, processing and security that is applicable to modern life. And far, far, beyond just “patients.”

On the marketing side, GDPR is currently causing no end of headaches. Broadly, the legislation, which came into force this year, with real teeth (4% of global revenues if you get it wrong), applies to literally every aspect of the cannabis industry for two big reasons beyond that. Medical issues, which are the only game in town right now in Europe (and thus require all importers to also be in compliance) and financial regulatory requirements.

The requirements in Germany are more onerous than they are in the rest of Europe. Therefore, they also affect the cannabis industry in a big way, especially since there is at this point a great deal of European cultivation with the German (and now British) medical market in mind. Further Germany is becoming European HQ for quite a few of the Canadian LPs. That means German standards apply.

The UK, for those watching all Brexit events with interest, will also continue to be highly affected by this. Whether it stays in the EU or not, it must meet a certain “trusted nation” status to be able to transact with the continent in any kind of favoured nation status.

Bottom line? It is big and here and expensive if you screw it up. If considering doing any kind of business with European customers, start hitting the books now. Large mainstream media organizations in the United States and Canada right now are so afraid of the consequences of getting this wrong that they have blocked readership from Europe for the present. Large financial institutions also must not only be in compliance but compliance of companies also guides their investment mandates on the regulatory front.

For all of these reasons, the cannabis industry would do well to take note.

What Does This Mean for The Cannabis Industry?

The Canadian and rest of the global industry is still struggling with compliance and this will have some interesting repercussions going forward.patient data must be handled and stored differently

Immediately, this means that all websites that are targeted to German eyes (read Canadian LPs and international, even English-only press) should hire German side compliance experts for a quick GDPR audit. There are few European experts at this point, and even fewer foreign ones. It is worth a call around to find out who is doing this auf Deutschland and bite the bullet.

It also means that internally, patient data must be handled and stored differently. And furthermore, it is not just “patients” who have this right, but everyone who transacts with your electronic or other presence. That includes consumers, subscribers to email newsletters and other stakeholders in the industry.

As the cannabis industry also starts to embrace technology more fully, it will also have highly impactful influence on what actually passes for a compliant technology (particularly if it is customer facing) but not limited to the same.

On the marketing side, GDPR is currently causing no end of headaches. Starting with PR and customer outreach teams who are trying to figure out how much of their master mailing lists they can keep and which they cannot. On this front, Mail Chimp is undeniably the go-to right now and has also implanted easy to understand and use technology that is being adopted by European marketers and those targeting Europe.

Stay tuned for more coverage on GDPR as we cover how data protection and privacy regulations will impact cannabis businesses, their marketing and outreach, plus service design efforts (in particular to patients) and other areas of interest.

Logistics and Supply Chain Management in California

By Aaron G. Biros
No Comments

Just a couple weeks away, the California Cannabis Business Conference, taking place in Anaheim, CA October 22-23, will host a series of panel discussions where attendees can expect to learn from industry leaders on a variety of topics. As businesses in the state adjust to new regulations and the market matures, one particular topic seems to highlight a challenging new space: distribution.

Track 1 at the CA Cannabis Business Conference, Distribution, Retail and Delivery, will begin early afternoon on Monday at the show, where a panel discussion titled State of Cannabis Distribution: Scaling Cannabis Distribution and Expectations of a Distributor, will tackle a range of issues involving logistics and supply chain management in California’s cannabis industry.

Michael Wheeler, vice president of Policy Initiatives at Flow Kana, will host the panel, joined by Chris Coulombe, CEO of Pacific Expeditors, Jesse Parenti, programs director of Nine Point Strategies and Brian Roth, vice president of sales at KUDU Technologies. According to the agenda, the session will cover inventory management, shipping and transport, managing product data, order fulfillment, manifest creation and reporting on it all. Michael Wheeler says regulatory compliance is one issue they plan on discussing. “Currently the biggest pressure on compliance is the desire by some operators to live under the proposed regulations, instead of the current emergency regulations,” says Wheeler. “Add to this recently signed legislation and we have lots of opportunistic actions each with their own perception of compliance.”

Another important topic they plan on discussing is driver training and hiring practices. According to Chris Coulombe, drivers are one of the top two most important customer-facing teams in the organization. “Between the sales team and the fleet operation, drivers represent half of the face of your company,” says Coulombe. “Much like the sales team, they interface with your retail partners directly, and subsequently provide a sizable portion of the foundation that retailers will use to judge your company’s competency and efficiency.”

Chris Coulombe, CEO of Pacific Expeditors
Chris Coulombe, CEO of Pacific Expeditors

When hiring new drivers, Coulombe recommends the standard background and driver record checks, but urges looking for experience in sales and driving as well. “Find those that have leadership experience and are comfortable operating in quasi-structured environments,” says Coulombe. “To that end, we seek solution oriented candidates that are personable, experienced in troubleshooting on their feet, and understand how to operate inside the structure of an organization.”

Coulombe also emphasizes the importance of driver training in any distribution company. “We built our driver training from scratch based on collective experiences from the military,” says Coulombe. “However, creating this from scratch is not necessary at this point, some insurance companies, such as our broker, Vantreo, provide in house driver training and certification solutions as a risk mitigation measure for companies that they represent. We recommend speaking with your insurance company to find what packages they have available.” Proper training for your drivers can help increase efficiency in operations, decrease maintenance and insurance costs and provide for better employee engagement. Coulombe also says many insurance companies have standard operating procedures for drivers to help supplement your company’s protocols.

Chris Coulombe and the other panelists will dive much deeper into this issue and other supply chain topics at the upcoming California Cannabis Business Conference, taking place in Anaheim, CA October 22-23.

Top 10 Common Findings Detected During Cannabis Laboratory Assessments: A Guide to Assist with Accreditation

By Tracy Szerszen
No Comments

With the cannabis industry growing rapidly, laboratories are adapting to the new market demand for medical cannabis testing in accordance to ISO/IEC 17025. Third-party accreditation bodies, such as Perry Johnson Laboratory Accreditation, Inc. (PJLA), conduct these assessments to determine that laboratories are following relevant medical cannabis testing standard protocols in order to detect potency and contaminant levels in cannabis. Additionally, laboratories are required to implement and maintain a quality management system throughout their facility. Obtaining accreditation is a challenge for laboratories initially going through the process. There are many requirements outlined in the standard that laboratories must adhere to in order to obtain a final certificate of accreditation. Laboratories should evaluate the ISO 17025 standard thoroughly, receive adequate training, implement the standard within their facility and conduct an internal audit in order to prepare for a third-party assessment. Being prepared will ultimately reduce the number of findings detected during the on-site assessment. Listed below is research and evidence gathered by PJLA to determine the top ten findings by clause specifically in relation to cannabis testing laboratories.

PJLA chart
The top 10 findings by clause

4.2: Management System

  • Defined roles and responsibilities of management system and its quality policies, including a structured outline of supporting procedures, requirements of the policy statement and establishment of objectives.
  • Providing evidence of establishing the development, implementation and maintenance of the management system appropriate to the scope of activities and the continuous improvement of its effectiveness.
  • Ensuring the integrity of the management system during planned and implemented changes.
  • Communication from management of the importance of meeting customer, statutory and regulatory requirements

4.3: Document Control

  • Establishing and maintaining procedures to control all documents that form the management system.
  • The review of document approvals, issuance and changes.

4.6: Purchasing Services and Supplies

  • Policies and procedures for the selection and purchasing of services and supplies, inspection and verification of services and supplies
  • Review and approval of purchasing documents containing data describing the services and supplies ordered
  • Maintaining records for the evaluation of suppliers of critical consumables, supplies and services, which affect the quality of laboratory outputs.

4.13: Control of Records

  • Establishing and maintaining procedures for identification, collection, indexing, access, filing, storage and disposal of quality and technical records.
  • Providing procedures to protect and back-up records stored electronically and to prevent unauthorized access.

4.14: Internal Audits

  • Having a predetermined schedule and procedure for conducting internal audits of its activities and that addresses all elements that verify its compliance of its established management system and ISO/IEC 17025
  • Completing and recording corrective actions arising from internal audits in a timely manner, follow-up activities of implementation and verification of effectiveness of corrective actions taken.

5.2: Personnel

  • Laboratory management not ensuring the competence and qualifications of all personnel who operate specific equipment, perform tests, evaluate test results and sign test reports. Lack of personnel undergoing training and providing appropriate supervision
  • Providing a training program policies and procedures for an effective training program that is appropriate; identification and review of training needs and the program’s effectiveness to demonstrate competence.
  • Lack of maintaining records of training actions taken, current job descriptions for managerial, technical and key support personnel involved in testing

5.4: Test and Calibration Methods and Method Validation

  • Utilization of appropriate laboratory methods and procedures for all testing within the labs scope; including sampling, handling, transport, storage and preparation of items being tested, and where appropriate, a procedure for an estimation of the measurement of uncertainty and statistical techniques for analysis
  • Up-to-date instructions on the use and operation of all relevant equipment, and on the handling and preparation of items for testing
  • Introduction laboratory-developed and non-standard methods and developing procedures prior to implementation.
  • Validating non-standard methods in accordance with the standard
  • Not completing appropriate checks in a systematic manner for calculations and data transfers

5.6: Measurement Traceability

  • Ensuring that equipment used has the associated measurement uncertainty needed for traceability of measurements to SI units or certified reference materials and completing intermediate checks needed according to a defined procedure and schedules.
  • Not having procedures for safe handling, transport, storage and use of reference standards and materials that prevent contamination or deterioration of its integrity.

5.10: Reporting the Results

  • Test reports not meeting the standard requirements, statements of compliance with accounting for uncertainty, not providing evidence for measurement traceability, inaccurately amending reports.

SOP-3: Use of the Logo

  • Inappropriate use of PJLA’s logo on the laboratories test reports and/or website.
  • Using the incorrect logo for the testing laboratory or using the logo without prior approval from PJLA.