ISO 37301 is a Type A management system standard which sets out the requirements and provides guidelines for establishing, developing, implementing, evaluating, maintaining, and continually improving a compliance management system (CMS). A CMS provides organizations a structured approach to meet all compliance obligations, i.e., requirements that they mandatorily have to comply with such as laws, regulations, court rulings, permits, licenses, as well as those that they voluntarily choose to comply with such as internal policies and procedures, codes of conduct, standards, and agreements with communities or NGOs.
ISO 37301 can be applied to all organizations, regardless of their size, nature, or complexity of activity. CMS is based upon the principles of integrity, good governance, proportionality, transparency, accountability, and sustainability.
As with the most of management system standards, ISO 37301 also follows the high-level structure (HLS) developed by ISO. The HLS structure defines the common terminology and definitions used, as well as the clause sequence (1 to 10), where the requirements for the CMS are set out in clauses 4 to 10. The HLS enables organizations to integrate various management systems, meaning that organizations can either adopt a CMS as a stand-alone management system or they can integrate it with other existing management systems.
Yes, in 2014, ISO 19600 Compliance management systems — Guidelines was published. The main difference between these two standards is that organizations can get certified against ISO 37301 by undergoing a conformity assessment via an independent third party. Nevertheless, ISO 37301 builds and expands upon its predecessor (ISO 19600), and organizations that established a CMS based on the guidelines of ISO 19600 already have a head start in complying with the requirements of ISO 37301.
For organizations seeking growth and long-term success, consistently adhering to compliance obligations is a must, not an option. A CMS based on the requirements and guidance of ISO 37301 equips organizations with a set of tools (policies, processes, and controls) that allows them to establish and maintain a culture of compliance.
Organizations with a CMS based on ISO 37301 commit to sound norms of corporate governance, good practices, and ethical conduct. However, the CMS cannot completely eliminate the risk of noncompliance. In this regard, ISO 37301’s requirements and guidance improve the organization’s ability to identify and respond to noncompliance. In some jurisdictions, the existence of a CMS can be an indicator of the organization’s due diligence and commitment to compliance which may be useful in limiting legal liability and lowering penalties for contraventions of relevant laws.
ISO 37301 includes requirements that address competence, communication, and awareness. By complying with these requirements, organizations ensure that the vision of the top management is translated and embedded into the conduct of managers and employees. ISO 37301 also requires and encourages the establishment of concise and effective policies, procedures, and controls which set organizations on a path toward a compliance culture and high ethical and integrity standards.
ISO 37301 outlines the quest toward compliance, which begins with setting the tone at the top of the organization. The commitment toward a good compliance culture is articulated by the organization’s governing body and top management through a compliance policy and the setting of compliance objectives at various levels. In addition, the governing body and top management are also required to show leadership and commitment by providing the necessary resources, establishing a compliance function, defining the roles and responsibilities and so on. Above all, the governing body and top management should actively and visibly demonstrate their commitment to the CMS through their actions and decisions.
Internationally recognized, certification represent peer recognition of an individual’s professional capabilities to contribute in an organization’s CMS, as an auditor, implementer, or CMS implementation team member. By attending one of our ISO 37301 training courses, you have the opportunity to develop your competence in order to help organizations meet their compliance obligations.
By implementing a CMS based on ISO 37301, organizations will be able to:
Considering the rapid development of industries and global market competition, being an ISO 37301 certified professional gives you the opportunity to help your organization continuously meet compliance obligations.
Our experts are willing to assist you in the process of obtaining an ISO 37301 credential and developing your career skills.
Contact us to begin with the first step
Get introduced to ISO 37301 requirements for a compliance management systemRead more
Become acquainted with requirements and best practices of a compliance management system based on ISO 37301Read more
Develop the competence necessary for the establishment, implementation, maintenance, and continual improvement of a compliance management system based on ISO 37301Read more
Acquire the skills and knowledge necessary to conduct audits of compliance management system based on ISO 37301 and the guidelines for auditing management systems provided in ISO 19011 and the certification process presented in ISO/IEC 17021-1Read more
See the differencies between the ISO 19600 recommendations and ISO 37301 requirements for a compliance management systemRead more