ISO 37301:2021 Compliance Management System

 

What is ISO 37301?

ISO 37301 is an international standard for compliance management systems and provides guidelines for establishing, developing, implementing, maintaining, and improving an effective and responsive compliance management system within organizations.

By implementing the ISO 37301 compliance management standard, organisations are able to establish a systematic approach to compliance management whilst ensuring that they meet legal and regulatory requirements.

Once certified, organisations can proudly promote themselves as certificate holders in any of their promotional materials and can include the URS certification logo free of charge.

 

Who requires an ISO 37301 certification?

Whilst ISO 37301 is not a regulated standard; any organisation involved in highly regulated sectors such as finance, healthcare and insurance would benefit from becoming certified for ISO 37301.

How can a ISO 37301 certification benefit your business?

Becoming certified for ISO 37002 can bring a wide range of benefits to your organisation, including:

 

• Risk mitigation


• Streamlined processes


• Improved governance

How can you prepare for ISO 37301 Certification?

Although the thought of starting the certification process may seem daunting, there are a variety of steps you can take to make the process to becoming certified far more streamlined:

 

• Familiarise yourself with the ISO 37301 standard


• Conduct a gap analysis to highlight areas that do not meet the standard requirements


• Establish a compliance policy that aligns with the objectives of ISO 37301

What are the key requirements of ISO 37301?

When working towards becoming certified for ISO 37301, there are various areas that will be a focus during the audit. These areas include:

 

• Clear policies


• Integrity and accountability


• Leadership


• Controls and processes

What clauses make up the structure of ISO 37301?

 

Clauses 1-3 – Introductory clauses:

The first three clauses of ISO 37301 introduce the both the scope and application of the standard and clarify how the requirements included are designed to benefit organisations. It is also in this section that the Plan-Do-Check-Act cycle is introduced to demonstrate the elements that a compliance management system consists of.

To assist with understanding, clause 3 provides and extensive list of definitions for terms that are used throughout the standard. Familiarisation with these terms will enable organisations to better apply the standard requirements to their organisation.

 

Clause 4 – Context of the organisation:

Clause 4 provides guidance to help organisations understand the role that they play within the implementation and maintenance of the compliance management system. This is achieved by exploring compliance obligations and the needs and expectations of interested parties.



Climate Change Amendments:

The amendments have not changed the requirements of clause 4.1 and 4.2, rather they have added an assurance that climate change is considered for the management system. Due to the necessity of climate awareness, it should be considered by organisations and is therefore included as part of the standard.

Rather than a transition being required, organisations should instead consider and apply the guidance provided in the amendment. Should a company minute their considerations during their Management Review regarding CCC as well as evidence of their considerations and any actions, a discrepancy shall NOT be raised. However, should no minute exist for any considerations, then a discrepancy will be raised.

Where a minute and evidence does exist but is clearly of little relevance to CCC an Opportunity for Improvement (OFI) will be raised.

 

Clause 5 – Leadership:

Clause 5 places its focus on the roles of leadership and top management in relation to the Compliance Management System and outlines requirements that must be in place.

 

Clause 6 - Planning:

Clause 6 prioritises identifying and addressing risks and opportunities related to the Compliance Management System. This includes creating compliance objectives and planning methods of achieving them.

 

Clause 7 - Support:

Clause 7 focuses on the resources, competency, awareness and documentation that are necessary to support the Compliance Management System through all phases of the cycle.

 

Clause 8 – Operation:

Clause 8 details the operational processes of the CMS, including both planning and control, and operational planning. This section also includes guidance and requirements on the execution of the planned actions.

 

Clause 9 – Performance evaluation:

Clause 9 explores the recommended methods of monitoring, measuring, and evaluating the performance of an organisations Compliance Management System. Providing in depth guidance on internal audit and management review methods.

 

Clause 10 - Improvement:

In the final section of the standard, clause 10 focuses on addressing nonconformities through the implementation of corrective actions, along with the continual improvement of the effectiveness of the CMS.

 

How long will your ISO 37301 certificate be valid for?

Your ISO 37301 certificate will be valid for at least three years; dependent on the type of site that is being certified.

 

Ready to get started? Apply using the quotation link below.