Some may be aware of an obscure but important guideline called ISO 19600 “Compliance Management System” which was introduced in 2014. This guideline has now been replaced by a full on Type A management standard ISO 37301 which affords organizations with a best practices approach to modernize their compliance.
ISO 37301 specifies requirements which organizations must meet to provide stakeholders the assurance they need that obligations are being met.
ISO 37301 is certifiable and applicable for organizations of all shapes and sizes. It can serve as a management system for corporate obligations, or as an overarching framework for managing compliance across risk domains or provide better assurance for areas which no standards exist.
ISO outlines the following benefits for this standard:
improving business opportunities and sustainability;
protecting and enhancing an organization’s reputation and credibility;
taking into account expectations of interested parties;
demonstrating an organization’s commitment to managing its compliance risks effectively and efficiently;
increasing the confidence of third parties in the organization’s capacity to achieve sustained success;
minimizing the risk of a contravention occurring with the attendant costs and reputational damage.
ISO 37301 builds on and replaces ISO 19600 with the following differences:
ISO 37301 is a Type A management standard that is certifiable
compatible with other Type A Management System standards such as ISO 9001, 45001, 14001, etc.
replaces should with shall statements
adds whistleblowing and expands culture and governance
adds requirements for hiring or promoting staff to critical positions.
adds assessment of staff in matters of regulatory compliance.
provides description of what is considered a regulatory compliance culture.
highlights the issues of independence, staffing and skills of Regulatory Compliance to operate without interventions and with appropriate staff.
identifies Code of Ethics and Conduct as a key element in determining and controlling compliance.
Is this standard what you need to modernize your compliance?
With increasing and expanding stakeholder obligations this standard applied effectively will help organizations demonstrate that they have the capabilities to properly contend with risk and ensure that obligations can be met today and into the future.
ISO 37001 is applicable for organizations that:
want to modernized their corporate compliance efforts with industry best practices
need a compliance management system for specific risk domains not currently covered
need an overarching assurance framework across existing compliance management systems (e.g. safety, security, environmental, EHS, ESG, etc.)
need to better address obligations not currently captured under existing management systems
engender greater stakeholder trust
More information can be found on the ISO website: