New ISO Standard 37301 for Compliance Management Systems
The International Organisation for Standardisation (“ISO”) has published its new standard ISO 37301: Compliance management systems: – Requirements with guidance for use. This document specifies requirements and provides guidelines for establishing, developing, implementing, evaluating, maintaining and improving an effective compliance management system within an organization. The document was established by 42 countries and might be adequate to be labelled as the “gold standard” for compliance management systems.
ISO 37301 builds on the experience gained with ISO 19600 and at the same time replaces ISO 19600. On substance, both Standards are largely congruent. However, ISO 37301 addresses some important new elements (7.2.2. Employment Process; 8.3. Raising concerns; 8.4. Investigation Process; 9.2. Internal Audit) and contains an Annex A – Guidance for use with significant supporting information. As a requirements standard, ISO 37301 outlines measurable elements, which allows the establishment by third parties of whether an organization meets the requirements. The standard might also be integrated into an organization’s other management systems, such as ISO 37001: Anti-Bribery Management Systems or ISO 9001: Quality Management Systems – Requirements, thus increasing efficiencies, effectiveness and productivity.
According to ISO, the new standard recommends the involvement of senior management, advocates compliance as a principle of good governance and recommends integrating compliance management right across the whole organization. Pursuant to the organization, the benefits of implementing ISO 37301 are expected to include not only a reduced risk of fines due to non-compliance, but also enhanced reputation and credibility, providing greater confidence to clients and other stakeholders as well as increased business opportunities.