ISO 37301 – Compliance Management System

This first edition of ISO 37301:2021, cancels and replaces ISO 19600, which has been technically revised.

Organizations that aim to be successful in the long term need to establish and maintain a culture of compliance, considering the needs and expectations of interested parties.
Compliance is therefore not only the basis, but also an opportunity, for a successful and sustainable organization.
Compliance is an ongoing process and the outcome of an organization meeting its obligations. Compliance is made sustainable by embedding it in the culture of the organization and in the behaviour and attitude of people working for it. While maintaining its independence, it is preferable that compliance management is integrated with the organization’s other management processes and its operational requirements and procedures.
An effective, organization-wide compliance management system enables an organization to demonstrate its commitment to comply with relevant laws, regulatory requirements, industry codes and organizational standards, as well as standards of good governance, generally accepted best practices, ethics and community expectations.
An organization’s approach to compliance, is shaped by the leadership applying core values and generally accepted good governance, ethical and community standards.
Embedding compliance in the behaviour of the people working for an organization depends above all on leadership at all levels and clear values of an organization, as well as an acknowledgement and implementation of measures to promote compliant behaviour.
If this is not the case at all levels of an organization, there is a risk of noncompliance.
In a number of jurisdictions, courts have considered an organization’s commitment to compliance through its compliance management system when determining the appropriate penalty to be imposed for contraventions of relevant laws. Therefore, regulatory and judicial bodies can also benefit from this document as a benchmark.
Organizations are increasingly convinced that, by applying binding values and appropriate compliance management, they can safeguard their integrity and avoid or minimize noncompliance with the organization’s compliance obligations.
Integrity and effective compliance are therefore key elements of good and diligent management. Compliance also contributes to the socially responsible behaviour of organizations.
One of the objectives of ISo 37301 standard, is to assist organizations to develop and spread a positive culture of compliance, considering that an effective and sound management of compliance-related risks should be regarded as an opportunity to pursue and take, due to the several benefits that it provides to the organization such as:
  • improving business opportunities and sustainability;
  • protecting and enhancing an organization’s reputation and credibility;
  • taking into account expectations of interested parties;
  • demonstrating an organization’s commitment to managing its compliance risks effectively and efficiently;
  • increasing the confidence of third parties in the organization’s capacity to achieve sustained success;
  • minimizing the risk of a contravention occurring with the attendant costs and reputational damage.
ISO 37301, specifies requirements as well as provides guidance on compliance management systems and recommended practices. Both the requirements and the guidance in this standard, are intended to be adaptable, and implementation can differ depending on the size and level of maturity of an organization’s compliance management system and on the context, nature and complexity of the organization’s activities and objectives.
ISO 37301, is also suitable to enhance the compliance-related requirements in other management systems and to assist an organization in improving the overall management of all its compliance obligations.