What is ISO 37301?

ISO 37301 is a Type A management system standard which sets out the requirements and provides guidelines for establishing, developing, implementing, evaluating, maintaining, and continually improving a compliance management system (CMS). A CMS provides organizations a structured approach to meet all compliance obligations, i.e., requirements that they mandatorily have to comply with such as laws, regulations, court rulings, permits, licenses, as well as those that they voluntarily choose to comply with such as internal policies and procedures, codes of conduct, standards, and agreements with communities or NGOs. 

ISO 37301 can be applied to all organizations, regardless of their size, nature, or complexity of activity. CMS is based upon the principles of integrity, good governance, proportionality, transparency, accountability, and sustainability. 

As with the most of management system standards, ISO 37301 also follows the high-level structure (HLS) developed by ISO. The HLS structure defines the common terminology and definitions used, as well as the clause sequence (1 to 10), where the requirements for the CMS are set out in clauses 4 to 10. The HLS enables organizations to integrate various management systems, meaning that organizations can either adopt a CMS as a stand-alone management system or they can integrate it with other existing management systems.

 

Why is ISO 37301 important for organizations?

For organizations seeking growth and long-term success, consistently adhering to compliance obligations is a must, not an option. A CMS based on the requirements and guidance of ISO 37301 equips organizations with a set of tools (policies, processes, and controls) that allows them to establish and maintain a culture of compliance.

Organizations with a CMS based on ISO 37301 commit to sound norms of corporate governance, good practices, and ethical conduct. However, the CMS cannot completely eliminate the risk of noncompliance. In this regard, ISO 37301’s requirements and guidance improve the organization’s ability to identify and respond to noncompliance. In some jurisdictions, the existence of a CMS can be an indicator of the organization’s due diligence and commitment to compliance which may be useful in limiting legal liability and lowering penalties for contraventions of relevant laws.

ISO 37301 includes requirements that address competence, communication, and awareness. By complying with these requirements, organizations ensure that the vision of the top management is translated and embedded into the conduct of managers and employees. ISO 37301 also requires and encourages the establishment of concise and effective policies, procedures, and controls which set organizations on a path toward a compliance culture and high ethical and integrity standards.

ISO 37301 outlines the quest toward compliance, which begins with setting the tone at the top of the organization. The commitment toward a good compliance culture is articulated by the organization’s governing body and top management through a compliance policy and the setting of compliance objectives at various levels. In addition, the governing body and top management are also required to show leadership and commitment by providing the necessary resources, establishing a compliance function, defining the roles and responsibilities and so on. Above all, the governing body and top management should actively and visibly demonstrate their commitment to the CMS through their actions and decisions.

Why should you pursue a certification in ISO 37301?

Internationally recognized, PECB certifications represent peer recognition of an individual’s professional capabilities to contribute in an organization’s CMS, as an auditor, implementer, or CMS implementation team member. By attending one of our ISO 37301 training courses, you have the opportunity to develop your competence in order to help organizations meet their compliance obligations. 

  • ISO 37301 Introduction training course is appropriate for professionals who want to have a brief and general understanding of ISO 37301 requirements for a CMS
  • ISO 37301 Transition training course is appropriate for professionals who are already acquainted with ISO 19600 and want to update their knowledge.
  • ISO 37301 Foundation training course is appropriate for entry-level professionals and members of a compliance team. This two-day training course familiarizes you with ISO 37301 requirements and guidance for a compliance management system.
  • ISO 37301 Lead Implementer is a five-day training course that allows you to acquire the necessary knowledge and skills to implement a CMS in an organization, based on the requirements and guidance of ISO 37301.
  • ISO 37301 Lead Auditor is also a five-day training course which aims to improve your professional capabilities to audit a CMS based on ISO 37301, in compliance with the guidelines for auditing management systems provided in ISO 19011 and the certification process described in ISO/IEC 17021-1.

Benefits of implementing ISO 37301 in an organization

By implementing a CMS based on ISO 37301, organizations will be able to:

  • Undergo a formal third-party conformity assessment for their CMS
  • Develop a positive culture of compliance
  • Quickly and effectively address compliance concerns
  • Protect their reputation and safeguard their integrity by preventing and detecting unethical conduct
  • Improve business opportunities and sustainability
  • Carefully consider requirements and expectations of internal and external interested parties
  • Develop strong and valuable relationships with regulators
  • Increase the confidence of third parties in the organization’s capacity to achieve sustained success
  • Build customer trust and loyalty