What is ISO 37301?
ISO 37301 is a Type A management system standard which sets out the requirements and provides guidelines for establishing, developing, implementing, evaluating, maintaining, and continually improving a compliance management system (CMS). A CMS provides organizations a structured approach to meet all compliance obligations, i.e., requirements that they mandatorily have to comply with such as laws, regulations, court rulings, permits, licenses, as well as those that they voluntarily choose to comply with such as internal policies and procedures, codes of conduct, standards, and agreements with communities or NGOs. ISO 37301 can be applied to all organizations, regardless of their size, nature, or complexity of activity. CMS is based upon the principles of integrity, good governance, proportionality, transparency, accountability, and sustainability. As with most management system standards, ISO 37301 also follows the high-level structure (HLS) developed by ISO. The HLS structure defines the common terminology and definitions used, as well as the clause sequence (1 to 10), where the requirements for the CMS are set out in clauses 4 to 10. The HLS enables organizations to integrate various management systems, meaning that organizations can either adopt a CMS as a stand-alone management system or they can integrate it with other existing management systems.
Didn’t ISO already publish a standard on compliance management systems?
Yes, in 2014, ISO 19600 Compliance management systems — Guidelines was published. The main difference between these two standards is that organizations can get certified against ISO 37301 by undergoing a conformity assessment via an independent third party. Nevertheless, ISO 37301 builds and expands upon its predecessor (ISO 19600), and organizations that established a CMS based on the guidelines of ISO 19600 already have a head start in complying with the requirements of ISO 37301.
Why is ISO 37301 important for organizations?
For organizations seeking growth and long-term success, consistently adhering to compliance obligations is a must, not an option. A CMS based on the requirements and guidance of ISO 37301 equips organizations with a set of tools (policies, processes, and controls) that allows them to establish and maintain a culture of compliance. Organizations with a CMS based on ISO 37301 commit to sound norms of corporate governance, good practices, and ethical conduct. However, the CMS cannot completely eliminate the risk of noncompliance. In this regard, ISO 37301’s requirements and guidance improve the organization’s ability to identify and respond to noncompliance. In some jurisdictions, the existence of a CMS can be an indicator of the organization’s due diligence and commitment to compliance which may be useful in limiting legal liability and lowering penalties for contraventions of relevant laws. ISO 37301 includes requirements that address competence, communication, and awareness. By complying with these requirements, organizations ensure that the vision of the top management is translated and embedded into the conduct of managers and employees. ISO 37301 also requires and encourages the establishment of concise and effective policies, procedures, and controls which set organizations on a path toward a compliance culture and high ethical and integrity standards. ISO 37301 outlines the quest toward compliance, which begins with setting the tone at the top of the organization. The commitment toward a good compliance culture is articulated by the organization’s governing body and top management through a compliance policy and the setting of compliance objectives at various levels. In addition, the governing body and top management are also required to show leadership and commitment by providing the necessary resources, establishing a compliance function, defining the roles and responsibilities and so on. Above all, the governing body and top management should actively and visibly demonstrate their commitment to the CMS through their actions and decisions.
Why should you pursue a certification in ISO 37301?
Internationally recognized, PECB certifications represent peer recognition of an individual’s professional capabilities to contribute in an organization’s CMS, as an auditor, implementer, or CMS implementation team member. By attending one of our ISO 37301 training courses, you have the opportunity to develop your competence in order to help organizations meet their compliance obligations.
Benefits of implementing ISO 37301 in an organization
By implementing a CMS based on ISO 37301, organizations will be able to:
PECB Certified ISO 37301 Training Courses Available
Enhance your knowledge and advance your career by participating in our ISO 37301 training courses. Check the training courses below and find the one that suits you best.
ISO 37301 Lead Implementer
ISO 37301 Transition
ISO 37301 Foundation
ISO 37301 Lead Auditor
Book your seat