What is ISO 37301?
ISO 37301:2021 is a standard developed by the International Organisation for Standardisation (ISO) that provides guidelines for implementing an effective compliance management system within an organisation. The standard aims to help organisations establish, implement, maintain, and improve a systematic approach to compliance with legal and regulatory requirements, as well as voluntary commitments. By implementing ISO 37301:2021, organisations can establish a robust compliance management system that helps them proactively identify and address compliance risks, demonstrate legal and ethical responsibility, and enhance stakeholder trust.
The key points are
- Scope: ISO 37301 applies to all types and sizes of organisations, regardless of their sector or location. It is designed to be flexible and adaptable to suit different organisational contexts.
- Compliance Management System (CMS): The standard emphasises the need for an organisation to establish a CMS, which is a framework that enables systematic management of compliance obligations. It involves developing policies, procedures, and processes to identify, assess, control, and monitor compliance-related risks.
- Leadership and commitment: ISO 37301 highlights the importance of leadership involvement and commitment in promoting a culture of compliance within the organisation. Top management should demonstrate their commitment by establishing policies, providing necessary resources, and promoting compliance awareness.
- Compliance obligations: The standard emphasises the identification and understanding of applicable compliance obligations, including legal requirements, regulations, industry standards, and voluntary commitments. organisations should establish processes to determine and update these obligations.
- Compliance risk assessment: ISO 37301 stresses the need for a systematic and ongoing process to assess compliance risks. This involves evaluating the likelihood and impact of non-compliance, identifying areas of significant risk, and prioritising actions to address them effectively.
- Compliance controls: The standard emphasises the establishment of controls to manage compliance risks. These controls can include policies, procedures, training, monitoring, audits, and other measures designed to ensure compliance with applicable obligations.
- Monitoring and review: ISO 37301 requires organisations to establish processes for monitoring and reviewing their compliance performance. This involves tracking compliance-related activities, evaluating the effectiveness of controls, and taking corrective actions when non-compliance is identified.
- Continual improvement: The standard promotes a culture of continual improvement in compliance management. organisations are encouraged to set objectives, measure performance, and implement actions to enhance their compliance processes and overall effectiveness.