What is ISO 19600?
ISO 19600:2014 is an international standard developed by the International organisation for Standardisation (ISO) that provides guidelines for establishing, implementing, evaluating, and improving a compliance management system within an organisation. By implementing ISO 19600:2014, organisations can establish a structured and systematic approach to compliance management and the Standard helps organisations identify and mitigate compliance risks, ensure legal and ethical conduct, and foster a culture of compliance throughout the organisation.
The key points and components of the Standard include:
- Compliance management system (CMS): ISO 19600 emphasises the need for an organisation to establish a CMS, which is a framework that enables systematic management of compliance obligations. The CMS should be aligned with the organisation’s overall objectives, policies, and processes.
- Compliance obligations: The standard emphasises the importance of identifying, understanding, and addressing the organisation’s compliance obligations. This includes legal requirements, regulations, industry standards, contractual obligations, and internal policies.
- Leadership and commitment: ISO 19600 highlights the role of leadership in promoting a culture of compliance within the organisation. Top management should demonstrate commitment by establishing a compliance policy, providing resources, and ensuring accountability.
- Compliance risk assessment: The standard requires organisations to conduct a systematic assessment of compliance risks. This involves identifying potential risks, evaluating their significance and likelihood, and prioritising actions to address them effectively.
- Compliance controls: ISO 19600 emphasises the establishment of controls to manage compliance risks. Controls can include policies, procedures, training programs, monitoring mechanisms, and reporting channels to prevent, detect, and respond to non-compliance.
- Communication and training: The standard emphasises the importance of communication and training to promote compliance awareness and understanding throughout the organisation. It encourages the dissemination of relevant information, training programs, and clear communication channels for reporting compliance concerns.
- Monitoring and review: ISO 19600 requires organisations to establish processes for monitoring and reviewing their compliance performance. This includes regular assessments, audits, and evaluations to ensure the effectiveness of the CMS and identify areas for improvement.
- Continual improvement: The standard promotes a culture of continual improvement in compliance management. organisations should set objectives, measure performance, and take corrective actions to enhance their compliance processes and mitigate risks.