Product Compliance Software Vendor Sourcing Guide

VENDOR SOURCING
COMPLETE GUIDE
TO COMPLIANCE
SELECTING A COMPLIANCE VENDOR
CUSTOM
COMPLIANCE
SOLUTIONS
REACH
RoHS
PROP65
CPSIA
CONFLICT MINERALS
2014

ASSENT COMPLIANCE THE COMPLETE GUIDE TO VENDOR SOURCING 2
Introduction . 3
Assent Compliance Corporate Overview . 6
Chapter 1: Planning For Expansion – Getting a solution that scales . 10
Chapter 2: Vendor Sourcing Best Practises – Lessons From Conflict Minerals . 16
Chapter 3: The Pitfalls of Supplier Paid Models . 21
Chapter 4: Compliance and Big Data. 27
Chapter 5: Compliance and Professional Services. 29
Chapter 5: A Business Case For Compliance . 32
Chapter 7: A Competitive Vendor Review. 35
TABLE OF CONTENTS

The thesis of the book is the incumbents in
markets—especially large and well entrenched
markets—(so think the compliance software space)
seldom survive fundamental technology changes
in their industries.
Let’s look at Salesforce.com. In 1999-2000 Sales
Force wasn’t doing enterprise-wide installations at
Merrill Lynch, Dell and Cisco. That would have been
laughable. They were serving a latent market need
for mid-sized businesses to use CRM. They offered a
product that didn’t even try to compare with Siebel,
the dominant enterprise CRM at the time. In fact,
they tried to totally redefine the market. ”Siebel cost
you $2 million and 18 months to implement? How
about $50,000 and 3 weeks?” They weren’t aiming
for the top end of the market.
So what did happen? And what happens in many
other industries? First, over time Salesforce.com’s
technology got better and better, yet the price
didn’t shoot up dramatically relative to Siebel. After
a few years, enterprise customers started looking
at the cost disparity and saying, “maybe Salesforce.
com is good enough to meet our requirements for
10x less the cost?”
When incumbents feel threatened, often their
response isn’t to radically cut cost and try to hold
THE INNOVATORS DILEMMA &
SELECTING A COMPLIANCE VENDOR
In 1997 Clayton Christensen published The
Innovators Dilemma: When New Technologies
Cause Great Firms to Fail. Taken from the Wikipedia
page: Christensen suggests that successful com-panies
can put too much emphasis on customers’
current needs, and fail to adopt new technology or
business models that will meet customers’ unstated
or future needs; he argues that such companies will
eventually fall behind.
Christensen calls this “disruptive innovation” and
gives examples as diverse as the personal computer
industry, milkshakes, and steel minimills.
How does the Innovators Dilemma apply to select-ing
a compliance vendor? It applies across the board
-from budgeting, to scope and ultimately to vendor
selection. But first, lets first examine the concepts
in further detail:
Christensen states: “An innovation that is disrup-tive
allows a whole new population of consumers
access to a product or service that was historically
only accessible to consumers with a lot of money or
a lot of skill.”
INTRODUCTION

The big issue for incumbents is that often customer
requirements don’t grow exponentially relative
to their existing baseline. Overtime, as the new
entrant adds API’s, features and security, it starts
looking a lot like the incumbent, but it has secured
the lower and mid-market and has the high-end of
the market knocking on its door. Today Sales Force
is the world’s most dominant CRM, and Siebel was
forced to sell to Oracle.
So, what is the trend in compliance if that’s what
happened in CRM? Much of the same is happening,
just a bit slower.
The large incumbents in the compliance software
space were PTC, SAP and Oracle. They offered com-pliance
“add ons” to their enterprise PLM and ERP
systems. What’s 3 million dollars for a compliance
module when you’re spending 100million on the
ERP right? This left SMB’s out in the cold when it
came to having a compliance solution. So remember
our initial quote:
“An innovation that is disruptive allows a whole
new population of consumers access to a product
or service that was historically only accessible to
consumers with a lot of money or a lot of skill.”
Assent was able to offer a compliance solution to
those who couldn’t afford one before with its first
shipment of its SMB compliance solution start-ing
at ~$40 000. Unlike the sales division, where
every size business can potentially use CRM, when
it comes to compliance companies usually have a
need for regulatory software when their market
on to customers. They can’t. They have big installed
bases. They have existing customers who already
paid big prices who would be seriously upset if the
next guy bought the same thing for 10x less. The
incumbents have expensive product features to
maintain, and often expensive sales channels and
infrastructure. For example SAP needs to sponsor
their hockey rink…who do you think is paying for
that? http://www.sapcenteratsanjose.com/. You’re
paying for that, if you go with them. Further to the
point on why the incumbent can’t easily compete -
imagine going to your sales people and saying your
%-X commission on your 2MM deals is now going
to be a %-X commission on 50k deals, (sell at a rate
of 40-1) they are always going to try and sell the
higher-ticket good. If the incumbent did dramati-cally
cut costs all they would seemingly do is start
following the lead of the new entrant? There you
have the innovator’s dilemma, and the incumbents
curse. You can’t take a $5 billion revenue stream
and say, “screw it They’re going to eat our lunch
anyways – let’s just cut our revenue to $1.5 billion
and wipe ‘em out.”
So, the incumbent typically does the opposite. They
increase spending on features/performance/func-tionality,
all with longer times to ship because they
are big and clunky. They gather with their cadre of
high-requirement customers and have planning
sessions about how they can make even more high-performing
products. All the while the new entrant
is usually innovating faster because of their leaner
infrastructure and more focused product.

Who is the SalesForce of Compliance Software? At
Assent we’d like to argue that it’s us. Don’t listen to
us though, see for yourself. We’re now offering the
“Assent Challenge”.
Remember the Pepsi challenge in the 90’s? We’re
doing that in the compliance space. If you think
that another vendor is better than us in terms of
features, price and expertise we’ll donate $1000 to
a nationally recognized charity.
(See Chapter 6 For a Competitive Comparison of All
Relevant Compliance Vendors)
cap hits north of ~50MM. Usually the uptake of a
new technology, in this case Assent’s cloud-based
compliance suite, usually takes place in phases.
Typically, the new software will be used by a few
early adopters. As early adopters use and love the
new technology, it becomes easier for the new com-pany
to gain traction and get referral business. As
the company moves from their early adopters to the
early majority, they are able to build new features,
solve more problems and become a more holistic
solution. This is exactly what happened with Assent.
With early adopters in telecom and aerospace,
Assent was able to capture market share in every
vertical, constantly updating the platform with new
features, new API’s and new modules.
This brings us to today…
The incumbents in the compliance space are still
SAP, PTC and Oracle, but when you start your pro-cess
of selecting a new compliance vendor you’re
steering committee needs to ask:
• Can you get better features and functionality
for less using a newer entrant to the market?
• Has new technology (Cloud Vs Installed)
shifted the cost of the system down?
• Are your hard earned company dollars going
to fund private jets and hockey rinks or are
you selecting a vendor who is 100% dedi-cated
to compliance?
• Can you get the equivalent to a 3MM dollar
system for 300k with almost all the same
integrations, features and support?

ASSENT COMPLIANCE 2013 E-BOOK 6
We’re here to help our clients comply with environmental regulations in the
most efficient + cost effective manner possible. This is achieved through
SaaS automation of processes + working with clients to build efficient
internal compliance programs that meet global compliance requirements.
Assent delivers SaaS Environmental Compliance Services to
companies that must comply with local, national, + global
environmental regulations. Our software division is fully
supported by a team of highly experienced industry consultants
providing our clients with turnkey compliance solutions.
OUR
MISSION
WHO IS
ASSENT
?
Assent Compliance is rated among the top environmental compliance solutions in the world. Not to mention
it’s one of the only global solution providers to offer a full service solution from end to end.

Integrates with Major
ERP/PLM Systems
Built-in CRM for compliance
tasks, due diligence
reporting and audit trails
Modules to Comply with All Major
Environmental Regulations
Pulls Bill of Material (BOM) into a
centralized compliance data base or
operates as a stand-alone system.
Build IPC 1752-A FORMS.
Import/Export via XML
Allows internal Staff to Make
Engineering Override assessments
Communicates with Supply Chain in
bidirectional fashion to procure envi-ronmental
information from suppliers
Homogenize proprietary
supplier DOC formats in xml
Acts as a repository for any
compliance related material
HOW THE ASSENT COMPLIANCE
MANAGEMENT SYSTEM WORKS

OUR CLIENTS
SERVICES WE OFFER
Environmental Compliance Software for
Conflict Minerals, REACH, RoHS etc.
Internal Standard Operating
Procedure Development
Compliance Assessment Services Compliance Outsourcing Services
IT System Integration Compliance Plan Development
Assent serves clients ranging from Small Business to Fortune 500. In global supply chains companies of all
sizes must comply with environmental regulations. Regardless of size Assent has products and services to help
any sized company meet their environmental compliance obligations.

Toll Free: 1 866 964 6931
Fax: 1 866 391 5954
info@AssentCompliance.com
OTTAWA, ONTARIO
CANADA (HQ)
NEW YORK,
NEW YORK
TAIPEI,
TAIWAN
MUNICH, GERMANY
LONDON, UK
KENYA
(CONFLICT MINERALS)
BANGALORE, INDIA
OUR
GLOBAL
OFFICES
CANADA
ASSENT COMPLIANCE
The World Exchange Plaza
1150-45 O’Connor St.
Ottawa | ON | K1P 1A4
Toll Free: 1 866 964 6931
Fax: 1 866 391 5954
CANADA (HEADQUARTERS)
ASSENT COMPLIANCE
56 Sparks Street | Suite 510
Ottawa | ON | K1P 5A9
Canada
UNITED STATES
ASSENT COMPLIANCE
244 Fifth Avenue | Suite 1717
New York | NY | 10001
United States of America
Toll Free: 1 866 964 6931
Fax: 1 866 391 5954
UNITED KINGDOM
ASSENT COMPLIANCE
Longcroft House
2-8 Victoria Avenue
Bishopsgate
London | UK | EC2M 4NS
Phone: +44 20 3384 5801

CHAPTER 1
PLANNING FOR EXPANSION
GETTING A
SOLUTION
THAT SCALES
10
ASSENT COMPLIANCE THE COMPLETE GUIDE TO VENDOR SOURCING

“Today we are talking about conflict minerals,” she
says. “Tomorrow it could be wood, or other materi-als,”
she says. “The list can just go on and on.”
Companies, often prodded by activist sharehold-ers
as much as regulation, are being forced to be
more transparent about their sustainability efforts.
We set out to identify some of the issues that are
on activist and shareholder agendas. These issues
could become the next conflict minerals if Congress
or state legislators decide to pick up the cause and
require companies to disclose more about how they
use certain controversial components, or if they
engage in questionable practices.
When Congress included a demand for the disclo-sure
of the use of “conflict minerals” throughout
the supply chain in the Dodd-Frank Act—legislation
primarily focused on banking reform—it took many
companies by surprise.
Maybe it shouldn’t have. For several years leading
up to passage of the reform bill activist groups and
shareholders continuously advocated for legisla-tion
to combat the problem of militant groups in
the Congo region of Africa using the proceeds from
the mining of tin, tungsten, tantalum, and gold to
fund violence, and they targeted U.S. companies
that used the minerals in their products.
“We all knew this was coming, I just wasn’t expect-ing
it to be a part of Dodd-Frank to be honest.",
says Sonal Sinha, associate vice president of Industry
Solutions for MetricStream, a provider of governance,
risk, and compliance solutions. Now, however, “there
is a lot more transparency and greater expectations
shareholders are placing on operations.”
PLANNING FOR EXPANSION
GETTING A SOLUTION THAT SCALES

Tin produced in the region is controversial, not just
because of ongoing human rights concerns, but for
environmental reasons as well. Recent protests have
targeted Apple, Samsung, Sony, LG, and others about
the damage done to tropical rainforests from tin
mining in the country. Members of the environmental
group Friends of the Earth berated Apple with more
than 24,000 e-mails and letters this summer to
demand more information on its use of the tin mined
in Indonesia, a request they complain has thus far
been ignored.
Palm Oil Problems: Palm oil, also produced in
Indonesia and in other countries, is another product
that has drawn close attention from activists and
could end up on the radar screens of regulators.
Groups like the Roundtable on Sustainable Palm Oil
have championed sustainably produced palm oil and
global standards, citing “environmental destruction
and the abuse of human rights.” Palm oil and its de-rivatives
are used in thousands of products, including
cooking oil, soap, lipstick, and fuel.
Child labor is also alleged to be widespread in
Indonesia’s palm oil industry. An investigative report
by Bloomberg Business Week, published in July,
documented evidence of human trafficking, violence
against workers, and slavery.
“Blood Diamonds”: The trend isn’t a new one.
Consider diamonds, and so-called “blood diamonds”
that finance violent rebel groups throughout Africa
and Latin America. It served as a precursor to U.S.
legislation echoed years later by the conflict min-erals
rule. A voluntary protocol put in place by the
World Diamond Council, as well as the multi-national
“Kimberly Process,” offers conflict-free certifications
intended to eliminate the use of blood diamonds in
jewelry and manufacturing supply chains. The Clean
Diamond Trade Act, signed into law by President
George W. Bush in 2003, demanded U.S. participation
in the Kimberley Process. With growing complaints
by activists - notably Global Witness (also a forceful
proponent of conflict minerals regulations) - that the
Kimberly Process is failing in its effort, additional
regulations might lurk in the future.
“Death Metal”: A geographic hot spot that could lead
to new law or regulations is Indonesia, particularly
the Bangka Island region. Military violence, often tied
to a crackdown on peaceful demonstrations, the
persecution of journalists, and the excessive use of
force by police, have long been concerns for human
rights groups. As many as 2 million people were mas-sacred
in 1965-1966 during a violent purge of the
Communist Party, now considered as genocide.
PROBLEM MATERIALS

The Knock on Wood: Certain wood, produced do-mestically
and abroad, could end up on the list of
materials that regulators will have their eyes on in
the near future.
Where companies get their wood, and how they ensure
that proper reforestation programs are in place, is a
growing concern. Swedish furniture maker Ikea, for
example, uses nearly 1 percent of the total wood used
commercially around the world, making it one of the
largest users of wood in the retail sector. As such, it
has been under pressure from activists to treat that
use more responsibly. The company, in its most recent
sustainability report, insists that it has done so.
Ikea has bolstered its use of FSC certified timber to
nearly 23 percent and has 19 foresters devoted to
ensuring that all wood is sourced in compliance with
company standards intended to “protect biodiversity,
prevent deforestation, and support the livelihoods of
communities in forest regions.” Company standards
are also intended to avoid illegal logging.
Cobalt: It wasn’t included in the list of four conflict
minerals cited by the Dodd-Frank Act, but many
speculate that cobalt could be added to the list even-tually.
The Democratic Republic of Congo, targeted by
the rule, is also the largest producer of the world’s
cobalt supply. Cobalt is used as a blue pigment in
many paints and is widely used as a component of
lithium ion batteries. Its strength and durability has
also made it a preferred metal in tool construction,
notably drill bits, and for artificial joints and limbs.
The Enough Project estimates that 60 percent of that
production comes from illegal mines. Unsafe working
conditions and child labor have been cited by the hu-man
rights watchdog.
Dirty Water: A wide range of other physical commodi-ties
could also, rather easily, fall under the regulatory
umbrella, including the sourcing of cotton, leather,
food items, and even water.
“A lot of people are talking about water footprints;
it is not only about carbon footprints anymore,” says
Mikko Valtonen, business development director for
BWise, a global enterprise governance, risk manage-ment
and compliance software company owned by
NASDAQ OMX. “Water is the reason for several wars
around the world. There isn’t a lot of public reporting
about that yet because companies really need to
think about it before they announce all the problems
they are causing with their water use.”

Factory Conditions: Reports of harsh working
conditions and employee suicides at China-based
manufacturer Foxconn have been an ongoing PR
nightmare for Apple and other tech companies that
rely on the cheap labor it provides.
Worker safety also came to light, in dramatic fashion,
earlier last year when a garment factory collapse
in Bangladesh killed 1,129 workers. Following
the disaster, many retailers agreed to sign onto a
legally binding European accord that requires that
retailers fund fire safety and building improvements
at the Bangladeshi factories they employ. A non-legally-
binding effort spearheaded in the U.S. for
its companies has been less successful, with compa-nies
like Walmart and GAP citing legal liabilities for
their refusal to sign on. Although federal legislation
to force an EU type of agreement is unlikely, expect
to see shareholder activists push a similar agenda.
Human Trafficking and Slavery: Many U.S. regula-tions
can trace their origin to similar efforts that ini-tiated
either overseas or on the local level. Potential
rules for public companies regarding human traffick-ing
and slavery would be an example of both.
The California Transparency in Supply Chains Act re-quires
many companies doing business in California
to disclose efforts they have taken to eliminate hu-man
trafficking and slavery from their supply chains.
The law applies to retail sellers and manufacturers
with annual worldwide gross receipts exceeding
$100 million that have either sales or operations
in the state.
POOR SOURCING PRACTICES

“Are you going to buy a new technology solution
for all upcoming legislation?” he asks. “I don’t think
that makes any sense.” Instead, especially larger
companies, should look to maintain a broader com-pliance
perspective, and conflict minerals
demands, “should be seen as part of
the bigger change in the regula-tory
environment.”
Doing just what is necessary to
meet regulatory demands and
deadlines isn’t enough. Valtonen
puts the focus on risk manage-ment.
“It’s a pretty simple task to
send your suppliers a questionnaire,” he
adds. “But consequences can go unseen if you are
only looking at a point of supply or treating this
as a pure supply chain tool. Think about solutions
that can integrate into other parts of your business.
Start small, but think big.”
LEVERAGING CONFLICT MINERALS COMPLIANCE
Given the lengthy list of supply chain issues that could eventually spur new regulations, companies may want
to leverage their ongoing conflict minerals efforts to gear up for what is to come.
“For smart businesses to stay ahead of the regula-tors,
they need to look past specific regulations on a
micro level and look at the solution holistically,” says
Matt Whitteker of Assent Compliance, a Software
and Services Provider. “Regulators regu-late
what’s fashionable and what will
get those mandating the regula-tion’s
votes. It’s naïve to try and
predict the future, but with a
program that gives companies
insight into products’ material
composition, they can rapidly
adjust to any new regulation that
is passed.”
The benefit for companies as they slog through
conflict minerals due diligence is that they can adapt
their work to other potential causes, Valtonen says.
START
SMALL,
BUT
THINK
BIG.

16
CHAPTER 2
VENDOR SOURCING
BEST PRACTISES
FOR CONFLICT MINERALS
When sourcing a software vendor for Dodd Frank Conflict Mineral Compliance there are several important factors to note. In this article we will examine the methodology surrounding the approach several software firms have taken and examine implications and processes involved with each methodology. We will also look at salient factors that should be considered when choosing a software vendor.

CLIENT DIRECT VS SUPPLIER DIRECT.
Client Direct: In the client direct model firms pay for a software platform either hosted or cloud based to man-age
their compliance processes. There can be a combination of licensing fees, set up costs and if purchasing a
hosted solution, hardware costs. Typically these solutions will have multiple modules for different restricted
substance lists, social regulations and compliance requirements. For supplier data procurement there are either
supplier data exchanges put in place through a portal or a wizard which is free for suppliers to use.
Supplier Direct: Under this model firms would purchase a software platform which may be cheaper than the client
direct model but would then require that their suppliers pay the vendor to submit data on the platform. This
model is typically only practical for Fortune 50 sized firms who have immense leverage and control over their
suppliers. Under this data exchange, supplier direct model the platform is usually only valid for one regulation.
CLOUD BASED VS HOSTED
There are currently vendors who offer solutions that are cloud hosted, meaning there are no hardware installation costs.
DIFFERENT SOFTWARE MODELS
Cloud Based: Usually offers a lower cost and unlimited
seat licensing for a fixed monthly cost and a onetime
set up cost. Traditionally cloud based solutions are
the direction most firms are moving because of the
ease to deploy and lower costs.
Hosted: Firms offering hosted solutions require the
purchase of servers and each computer installs local
software on individual machines. When upgrades
to the software occur they must re-install on each
computer where the solution is running.
Once the decision has been made on supplier direct Vs client direct and hosted Vs cloud then next decision should
in terms of scalability in terms of regulation. You and your team should have a discussion about your current and
future regulatory landscape. Do you sell into Europe? In which case you will have to comply with REACH. Are you
in electronics? You might have to comply with RoHS. It is very important when selecting a software platform that
it is both usable and affordable to use for other regulations. Purchasing a solution that is only useable for one
restricted or compliance required substance list, is inefficient.

Once the decisions have been made around how broad reaching the software solution should resemble it’s time
to source conflict mineral firms. The leading solution providers in each sphere are as follows:
Cloud Based/Client Direct: Assent Compliance – www.AssentCompliance.com
Hosted/Client Direct: PTC
Cloud Based/Supplier Direct: Ipoint

ITEMS TO NOTE WHEN SOURCING:
• Does the vendor have experience in your vertical?
• Is the solution usable for other regulations in the future?
• How much to add modules in the future?
• Can you outsource data analysis or supply chain work to the
vendor if warranted?
• Are there any law firms/accounting firms the vendor is
currently working with?
WHAT TO ASK DURING AN IT PRESENTATION?
• Show us a copy of an implementation plan for your solution
• Will you come on site for a presentation?
• Show how your system handles conflict mineral compliance end to end
• Please outline your process methodology and why it's best for our client
• Show us how you save on supplier touch time and data analysis
• Can your solution integrate with ERP/PLM systems?
CORE FEATURES THAT ARE NEEDED:
• Mechanism to gather data from suppliers
• Data analytics and reporting on collected info
• Detailed reports on supplier response rate/missing info
• Ability to attach/map tier 2-3 suppliers to tier 1
• Task assignment and CRM capabilities

Once the presentation portion of the selection process has been finalized and it comes time to select the vendor
there are several other best practises to consider:
Involve IT Early: Include the IT department from the
beginning to ensure that the set up process identi-fied
by the vendor is one that can work with current
IT in place at the firm. Bringing IT to the table late in
the game only to find major road blocks presents a
major challenge.
Requirements Definitions: Make sure you outline all
your requirements very clearly. The last thing anyone
wants is “scope creep” which could cause more costs
for your firm and more headaches for your vendor. Be
very clear when outlining requirements.
End User Approval: Ensure that the power users of
the system who will be doing the majority of the use
time give their approval. In many cases management
procures a system and the actual users disagree with
the choice. Make sure selection is agreed on inter-nally
by the major users of the platform.

21
CHAPTER 3
THE PITFALLS OF SUPPLIER DIRECT PAYMENT

In the compliance world there have often been at-tempts
to institute supplier-direct payment models.
What this means is that vendors have modeled their
business around the concept of selling a product or
data exchange platform to a tier 1 customer (usu-ally
a Fortune 50), who in turn asks their suppliers
to pay the service provider to exchange data. This is
not a new concept. Vendors to large retailers (i.e. the
Walmarts of the world) have a host of requirements
Let’s first examine the early attempts at the supply
direct payment model in the compliance industry.
BOMcheck was first developed as an initiative be-tween
Seimens Health Care and Phillps and several
other companies to spread compliance requirements
across the entire supply chain. While conceptually
the idea was good (a centralized database with a
small cost shared amongst thousands of supplier
companies to upload their data), the experiment saw
Seimens pulling out and developing their own pro-gram
which was only marginally effective and left
large gaps in user’s compliance programs, namely
from missing data and difficulty drawing reports on
who the missing suppliers were. As a system this
placed on them, in many cases having to sign up and
pay an EDI (Electronic Data Interchange Vendor) and
meet other strict vendor guidelines. While this model
may be effective for certain sectors (I.e. retail) where
the status quo is to actively jump through hoops in
order to achieve widely sought after distribution,
other sectors have much more sensitive relation-ships
with their supply chains and there can be huge
pitfalls with using the supplier direct payment model.
program also left much to be desired in terms of
features, reporting capabilities, system integration
capabilities and general functionality. In other words,
it was not a robust enough compliance software
system. This system also met scalability challenges.
As new regulations were released we’re already paid
subscribers expected to pay extra? Expanding the
system beyond its initial architecture was challeng-ing,
and sources confirm this model does not lend
itself to shipping new features. With lead champions
of this program moving towards more robust systems
it was clear this model, while hypothetically a good
idea, did not yield the results it set out to achieve.
THE PRECEDENCE
THE HISTORY

With the passing of the Dodd Frank Act and the Conflict Mineral provision, various firms thought that through
this supplier direct model they could amend the model for conflict mineral compliance. From a platform vendor
perspective this model is conceptually very lucrative:
1. Get a Fortune 500 firm with a large supply chain.
2. Convince them they will not have to pay and have their compliance program for free.
3. Have the client mandate that their supply chain pay the provider to use the data exchange.
4. For the vendor the 1000’s of suppliers @ x $/per becomes very lucrative.
Around 2010, 2 new compliance vendors entered the market with this model. Ipoint and Source Intelligence were
centered around the concept of supplier direct payment. However, as history has proven, this model is riddled with
several very large pitfalls, especially for the requirements of Dodd-Frank Conflict Minerals compliance.
THE PRESENT

take a lot of pride in their compliance programs
and often have deep relationships with their test
labs and software platforms. In many cases these
suppliers will be very resistant, and could outright
refuse using the third party vendor. This is not a
best practise in supply chain management.
Supplier Paid Models Don’t Scale: Over the last
decade there has been an exponential rise in
governance and compliance related regulations.
Taken from PTC the graph below demonstrates the
responsibilities that have been placed on compli-ance
departments. Buying solutions for individual
regulations do not scale. These vendors also have
trouble adding functionality to the supplier side
system as to do so at the same price point would
be doing so for free. This is in conflict with their
business model.
As an example. Imagine firm X makes suppliers pay
$500/yr to access their data transmission portal for
regulation A. As regulation B,C,D,E are introduced
they have only 2 options. Fund the development
from the customer instituting the mandate on their
supplier (you) or making the supplier pay more.
Suppliers cannot and will not pay large sums to fund
a software platform that is of no benefit to them.
Conflict of Interest: When you ask your suppliers to
pay a third party, they then become the customer of
that third party. This puts the vendor in a conflict
of interest. While they are supposed to be your
representative, responsible for data, supplier ac-countability
and in some cases quality, they must
also keep their customers happy. This often means
taking their data carte blanche and rarely going
through proper due diligence processes. Keep in
mind that whenever you make your suppliers pay
for a service, the service providers loyalty to your
firm is now in a conflict of interest with their new
clients (your suppliers).
Supplier Buy In: Mandating that your supply chain
pay for a third-party service provider, in most cases
does not get a high percentage of buy in, especially
for suppliers with whom you do not move large
volumes of product. Key accounts will in almost all
cases comply with the request, but as supply chain
vendor proportions in terms of $ is typically a long
tail, having these gaps in your compliance program
can cause large issues for data integrity.
Being Draconian: With companies like BOMcheck,
Ipoint and Source Intelligence all operating on sup-plier
paid models, in many cases suppliers can be
asked to subscribe to 3+ vendors. This isn’t realistic
nor fair to your valued suppliers. Companies often
THE IMPLICATIONS

Supplier Paid Models Don’t Allow For Customizations: Are you buying a platform or a single regulation solu-tion?
A platform can be both, a single source solution can only be one.
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012and
pending
1200
1000
800
600
400
200
0
Environmental Regulations by Region as of May 2012
Entering into force or pending
Source: Bill Ricci, Sr Director of Supplier Quality, Flextronics International, PTC & Flextronics Webcast
"Ensuring Product Compliance while Managing a Global Supply Chain Webcast
Legend
US & Canada Asia Pacific
EMA with Central Asia International Organization
Latin America with Carribean World Total

26
• Suppliers responded & uploaded compliance data (EICC forms)
• Assent & Client reviewed & reported to stake holders with regular update meetings
• All suppliers responded, data analyzed & a determination of No 3TG’s from the DRC found
• Total time to completion – 4 Months
• A supplier scope analysis conducted in partnership with Assent Compliance
• Assent Compliance Software Set Up
• Suppliers & Contact Info uploaded & compliance database set up.
• Assent performed automated information requests to the supply chain
• Ongoing to maintain verifiable business records for all current & new suppliers
Under Dodd Frank section 1502 retailers must comply with the conflict mineral regulation.
Here’s how one of USA’s most recognizable retailers* got to 100% completion with Assent in just 4 months & for less than the cost of a full time hire.
A TIER 1
RETAILER & CONFLICT
MINERALS
A CASE STUDY
Collecting Conflict Mineral compliance data for all suppliers potentially in scope & associated reporting, due diligence & maintaining a scalable process for the long term.
THE PROBLEM
HIGHLIGHTS
*Reference available on request
• Low Cost: Total Cost Year 1 For Turnkey Services
• 0-100% Completion in <4 months <$70k
• The first retailer nationwide to hit this milestone
EXECUTION
COMPLETION
SETUP
LAUNCH
MAINTENANCE
THE SOLUTION
• Ongoing turnkey support & service in maintenance phase approximately $30k/year (Both less than the cost of 1 FTE)

27
CHAPTER 4
COMPLIANCE
AND BIG DATA

Data rules the compliance world. In order to collect compliance data firms need a mechanism, typically a
suppler portal that is scalable (can be used for entire supply chains, or just parts thereof), can expand to meet
your program and that allows users to draw deep analytics on the data collected.
When sourcing a compliance vendor it’s imperative to ask about the current database size of pre-existing
compliance contacts/relationships as well as their database size of outsource compliance data. In many cases
companies will have corporate level EICC forms, will have public REACH, RoHS declarations etc. These can be
mined and then ported from one firm to another when matches occur.
QUESTIONS TO ASK YOUR VENDOR ON THE TOPIC OF BIG DATA
1. How many pre-existing contacts do you have? Are these available?
2. How many suppliers do you currently deal with? On the low end of the spectrum companies like BOMcheck
have 3000 http://assistant.bomcheck.net/index.php/all-topics-menu/99-joining-bomcheck/how-many-parts-
suppliers-and-manufacturers-are-in-bomcheck . Other firms like Assent have over 100 000 different
contacts/firms in scope of various programs.

29
ASSENT COMPLIANCE CONFLICT MINERAL TOOLKIT
CHAPTER 5
COMPLIANCE &
PROFESSIONAL SERVICES

When selecting a compliance vendor it’s important to note that that some firms can offer professional services
and some do not. As regulations roll out and new regulations are introduced having a partner with:
• Regulatory Compliance Services
• Supply Chain Services
Might be a valuable offering to your team. While some companies have extremely robust compliance divisions
and regulatory experts on staff, some companies do not and some need support at certain peak periods. When
selecting your compliance vendor it’s important to inquire about the availability of these services and the rates.
In many cases there is a dichotomy between software vendors and consulting firms where one typically does
not do the other (or do the other well).
COMPLIANCE & PROFESSIONAL SERVICES

5. Find out who was last to the party: While some
firms might have “been around” for a while,
many firms scramble to develop solutions for
new regulations. Case in point with the Conflict
Minerals regulations, at passing of the law
there were 3 service providers of software and
services.(There is only one software/IT vendor
cited in the regulation. Assent of course) Now
there are over 15 service providers claiming
to be “experts” in conflict mineral compliance.
Chances are that these late comers have patched
together solutions for current clients that use
them for something different all together and
are now trying to commercialize their patch
work. Be wary of any solution providers that
have not directly been working in materials
compliance for at least 5+ years.
6. Evaluate the option of Turnkey: Is it more ex-pensive
to hire new staff or use professional ser-vices
or a combination of software and services
from a third party? Some firms have found that
outsourcing the majority of compliance work is
the most cost effective means of compliance.
BEST PRACTISES:
1. Ask for an outline of the professional services
available: Firms should have this outlined on
their website. If this is not visible, chances are
they might outsource or use a third party.
2. Get the rates: Vendors should have set hourly
rates for data collection, data analysis, compli-ance
plan development and regulatory consult-ing.
Get the rates for each respective service.
3. Get the location: You should also inquire if supply
chain and regulatory staff are North American or
off shore. In some cases firms outsource to India
or other locals which might be in conflict with
your corporate policy. In some cases firms might
have offices in specific geographic locations
for a reason. (Ie: Assent has an office in Kenya
for conflict mineral smelter sourcing). Its just
important to ensure you’re informed
4. Get case studies and references: While this is
status quo when sourcing a vendor ensure
that you have both references for professional
services and IT. Any well-established firm will be
able to provide these.

32
CHAPTER 6
BUILDING YOUR BUSINESS CASE FOR COMPLIANCE

What did this mean for its bottom line? At the open
Apples Stock Price was $535. At the close it was
$544. Apple currently has 892 Million outstand-ing
shares. A share increase of 9$ x 892 million =
a market cap increase of 8 billion dollars! While
companies often see compliance and sustainability
as simply an expense item, it shows that both Main
Steet and Wall Street reward compliant companies.
Consumers gravitate to brands that publicize their
compliance and Wall Street rewards them. It seems
then that investment into a compliance program
can pay huge dividends. Don’t take our word for
it though… it's a recent study conducted by NAEM
(this was a key finding).
Your compliance department has decided to source
a solution because work is piling up, there are new
regulations to cope with and automation is needed.
Executives will always need a business case for
doubling down on compliance.
Apple recently announced that it was now 100%
conflict tantalum free. Media was quick to pick up
the story and Apple was featured on popular tech
blogs, the New York Times and dozens of other tier
1 media outlets. (mashable, venture beat, LA Times
Etc). Here are a few of the links.
• http://mashable.com/2014/02/13/
apple-conflict-free-metals/
• http://www.nytimes.com/2014/02/14/technol-ogy/
apple-says-supplies-dont-come-from-war-zones.
html?hpw&rref=business&_r=0
THE BUSINESS CASE FOR SUSTAINABILITY IS GETTING EASIER TO MAKE
Compared with the case studies NAEM members shared even five years ago, the business case for corporate
sustainability seems to be getting easier to make. Among leadership companies, the concept is widely under-stood
both in theory, as well as in operational terms. These advanced efforts have rippled throughout the entire
business ecosystem, spurring new attention to sustainability at all levels of the supply chain.
More widespread understanding of what it means Broader cultural awareness of sustainability means that
employees are coming to work with a better understanding of the topic, which makes it an easier sell for those
seeking buy-in for their projects. This alignment includes those at the leadership levels as well, as sustainability

the formal regulatory requirements. The risks of
non-compliance are easy to quantify, as they are
associated with fines, bad publicity and even losing
preferred-supplier status. Compliance also serves
as the foundation upon which most sustainability
programs are built, as one respondent described:
“We believe as a fundamental basis of being a
sustainable organization, we need to be compliant
with environmental regulations.”
CURATED TED TALK
For more on what Wall Street thinks about sustain-ability
and compliance Chris McKnett delivers an
insightful TED talk. “Sustainability is pretty clearly
one of the world's most important goals; but what
groups can really make environmental progress in
leaps and bounds? Chris McKnett makes the case
that it's large institutional investors. He shows how
strong financial data isn't enough, and reveals why
investors need to look at a company's environmen-tal,
social and governance structures, too”
Watch the full talk here:
http://www.ted.com/talks/chris_mcknett_the_in-vestment_
logic_for_sustainability.html
has gone from an abstract external conversation
to one that relates to what companies are doing
internally. As one EHS leader with sophisticated
sustainability programs told us:
“After a few years of watching and listening and
trying to understand what was being talked about
with regards to sustainability, our team and myself
and many of the professionals in our function said,
‘Well that’s what I do. Or that’s mostly what I do.’”
Indeed, according to NAEM’s 2012 report on EHS
and Sustainability Staffing and Structure, the top
programs that respondents identified as ‘sustain-ability’
fall within the responsibilities of the EHS
function: carbon foot printing, setting sustainability
goals, energy and carbon management, sustainabil-ity
strategy, waste recycling and water efficiency.
Regulatory requirements Regardless of age or
size, all of the companies we spoke with have a
strong focus on meeting environment, health and
safety, and increasingly, sustainability regulations.
As product compliance, green chemistry, storm
water and cap-and-trade regulations come into
effect, many of the programs that companies are
voluntarily undertaking today will be written into

35
CHAPTER 7
A COMPLIANCE VENDOR REVIEW

** Data below was compiled based on customer input and demonstrations received between Jan 2012 to Dec
2013. Specific systems could have updated or upgraded features in the interim.
COMPETETIVE COMPARISON BASED ON
AVAILABLE CUSTOMER FEEDBACK
ITEM ASSENT PTC AGILE SAP
Availability of ERP - API    
Supplier Portal included    
Cloud Platform Available    
Supplier Portal with Supplier data conversion    
Suppler Portal with Customer Supplier Surveys    
Bi-Directional Supplier Communications    
Internal task tracking    
External (Supplier and 3rd Party) task tracking    
Storefront for tracking Customer Declarations    
Global Product Regulatory Tracking System    
1 click reports for Customer Specific Delcaration Requirements    
Basic Global Regulatory Support Included    
Comprehensive (In-house) Global Regulatory Support Available    
Built-In Risk Assessment    
Declaration Roll-ups    
Mass Declarations available in-system    
Automated Pass/Fail Analysis    
Supplier declaration gathering available    
Audit trails tracked and exportable    
Approximate 5 year software cost for Small Business $165,000 N/A N/A N/A
Approximate 5 year software cost for Medium Business $350,000 $2,500,000 $10,000,000 $10,000,000
Approximate 5 year software cost for Large Business $1,000,000 $5,000,000 $20,000,000 $20,000,000
ASSENT VS THE COMPETITION – TIER 1

ITEM ASSENT ACTIO GEMS
Availability of ERP - API   
Supplier Portal included   
Cloud Platform Available   
Supplier Portal with Supplier data conversion   
Suppler Portal with Customer Supplier Surveys   
Bi-Directional Supplier Communications   
Internal task tracking   
External (Supplier and 3rd Party) task tracking   
Storefront for tracking Customer Declarations   
Global Product Regulatory Tracking System   
1 click reports for Customer Specific Delcaration Requirements   
Basic Global Regulatory Support Included   
Comprehensive (In-house) Global Regulatory Support Available   
Built-In Risk Assessment   
Declaration Roll-ups   
Mass Declarations available in-system   
Automated Pass/Fail Analysis   
Supplier declaration gathering available   
Audit trails tracked and exportable   
Approximate 5 year software cost for Small Business $165,000 $200,000 $250,000
Approximate 5 year software cost for Medium Business $350,000 $400,000 $750,000
Approximate 5 year software cost for Large Business $1,000,000 $1,000,000 $2,000,000

ITEM ASSENT GREENSOFT
SOURCE
INTELLIGENCE
Availability of ERP - API   
Supplier Portal included   
Cloud Platform Available   
Supplier Portal with Supplier data conversion   
Suppler Portal with Customer Supplier Surveys   
Bi-Directional Supplier Communications   
Internal task tracking   
External (Supplier and 3rd Party) task tracking   
Storefront for tracking Customer Declarations   
Global Product Regulatory Tracking System   
1 click reports for Customer Specific Delcaration Requirements   
Basic Global Regulatory Support Included   
Comprehensive (In-house) Global Regulatory Support Available   
Built-In Risk Assessment   
Declaration Roll-ups   
Mass Declarations available in-system   
Automated Pass/Fail Analysis   
Supplier declaration gathering available   
Audit trails tracked and exportable   
Approximate 5 year software cost for Small Business $165,000 $125,000 $150,000
Approximate 5 year software cost for Medium Business $350,000 $300,000 $400,000
Approximate 5 year software cost for Large Business $1,000,000 N/A N/A

Product Compliance Software Vendor Sourcing Guide

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (15)

Similaire à Product Compliance Software Vendor Sourcing Guide

Similaire à Product Compliance Software Vendor Sourcing Guide (20)

Plus de Matt Whitteker

Plus de Matt Whitteker (20)

Dernier

Dernier (20)

Product Compliance Software Vendor Sourcing Guide