Compliance isn’t about documents in inboxes—it’s about clarity, proof, and making regulations work in real life.

“Can you confirm you have read the new guidelines on expenses?”

“As a supplier, you need to disclose your internal AI guidelines, including read&sign reports of your team.”

“Before the start of each shift, I need to be sure that all team members on the shift have read and signed all new ops infos relevant for their job.”

“The auditor wants to know that we covered all the ISO norms’ paragraphs in our quality management documentation.”

Sounds familiar? I’m sure it does. Compliance is omnipresent nowadays, regardless of the size of your organization. If you’re operating in a regulated industry or even in a public sector organization, compliance sometimes goes over the top. But irrespective of your personal taste, compliance is a fact nowadays.

What can you do? Let’s examine two different aspects of compliance and how to address them effectively.

Keeping Your Team Up to Date

The Paper Days

In the good old paper days, “read&sign” was the way to make sure everybody read the relevant documents. During my university days some 25 years ago, I worked as a ground handler at the local airport. Whenever I reported for a shift, I had to read through the new sheets in the ops info folder and sign the confirmation sheet. In this way, I confirmed to my employer that I had read all the ops info.

That was “read&sign” in its true sense. Read a piece of paper, then sign a confirmation sheet.

The PDF Days

With the shift to electronic documentation that followed from 2010 onwards, read&sign shifted from the briefing room folder to personal inboxes:

Dear Tom, please find attached the new version of our handling regulations for all our airline customers in the attached 946-page PDF file. It’s of utmost importance that you follow these new instructions with immediate effect in your daily work. Please acknowledge that you have read the document by replying to this email no later than tonight, 23:59. Best regards, The Management.

PDF documents made it possible to distribute vast amounts of information almost free of charge, but the sheer volume of information overloaded end-users. Read&sign, now called end-user compliance, became a farce for management to cover their backs.

Sending PDF instructions to your workforce has another problem. People will mark important passages in the document and save a copy to their desktop. When you send them a new version of the same document later, you can’t be sure if they replaced that old version on their desktop. Even if they claim that they have read and signed the new document version.

What can you do?

I suggest using a truly electronic read&sign solution where your team can read documents directly in the read&sign application rather than in emails. Let’s call this end-user compliance.

By doing so, you can achieve multiple benefits at the same time:

  • You can be sure that your team always has the latest version of a document available. Operating on an outdated version that was saved to a team member’s desktop is then a thing of the past.
  • Your team cannot just access your documents on their desktops or in their email inbox, but through a mobile application when they’re on the go. This will increase the readership of your documents for all your non-office team members. Think assembly lines, maintenance personnel, and the like.
  • You can track read&sign through a compliance report directly in the application, neatly ordered by teams. That’s much easier than receiving dozens of emails from your team members, saying that they have read the documents.

PDF documents are a good tool to communicate simple and short internal guidelines, work instructions, and processes. However, if you have long and complex technical documents such as a 4000-page Airbus manual, a more structured format such as XML might be more suitable. But that’s a story for another day.

Satisfying the Auditors

Keeping the team up to date is just one part of the equation. If you do it, you can show your auditor that you kept your team well-informed, and who has read the updates when. But how would you prove to your auditor that your internal guidelines, work instructions, and processes comply with all the relevant norms, laws, and standards?

That’s where regulation compliance enters the scene. And that’s when the PDF is the wrong tool. Let’s dig a little deeper here.

Normative References

Do you know what the term “normative reference” means? Most people don’t, and they can’t be blamed for it.

normative reference is a reference to a paragraph in a norm or a standard, which you can use in your documentation to show that you implemented all the requirements in the corresponding norm or standard paragraph. So in essence, a normative reference is a link between your internal documentation and a paragraph in a norm, law, or standard.

Typically, normative references are placed directly in the text of the internal documentation, for all the readers to be visible.

In the ISO 9001/27001 world, normative references have simple formats such as “4.2”, “A.12” or the like.

In aviation, normative references can be much more complicated, looking anything like “ORO.GEN.200” or “ORO.FTL.120”.

And now, because people don’t have the right tools, they stick those normative references all over your documentation, just to be sure to be prepared for an audit.

But 99% of your team looks at those normative references with puzzled faces. That’s because normative references only matter to your compliance and quality teams.

Make It Actionable

Don’t think of your internal documents as single documents, but as a collection of individual modules or blocks. Now, you can start linking each block to any other block — irrespective of whether this is a link within your documentation, or if this is a link to a paragraph in a norm, law, or standard.

The nice thing about software is that you don’t have to show the link to everyone if it doesn’t apply to everyone. You just show it to the people in charge of regulatory compliance.

And when you have a link between the relevant normative reference and your internal documentation, you can make that link actionable: Whenever the normative reference is updated, you get an automated change request to update your internal documentation. No more findings in audits that you didn’t implement the latest changes in regulations.

Reporting

How can you know if you’ve covered all the relevant normative references? A link report can answer the following questions:

  • “For a certain norm or standard, show me in which document I can find all the normative references.”
    In this way, you can easily find out if you missed one single normative reference in your documentation, or if a new version of a norm or standard has received additional normative references.
  • “For a certain document of my documentation, show me all the normative references I am referring to.”
    In this way, you find out immediately which norms or standards govern your internal documentation.

Your auditor will be impressed.

Conclusion

In today’s world, compliance is a given. At times, it can feel overwhelming, especially if you operate in a highly regulated industry or in the public sector.

However, there is a pragmatic way: Address compliance step-by-step. Identify your biggest pain point and solve this first. Is it end-user compliance or regulatory compliance? Then, only address the second-biggest pain point once you have solved the biggest pain point.

This step-by-step approach has only one caveat: When you choose a software tool for your compliance needs, make sure it’s capable of handling both end-user compliance and regulatory compliance. Otherwise, you’ll be stuck after the first step.