25 Oct What does ISO 37301 mean for compliance management?
In April this year, a new set of global standards for compliance management systems (CMS), the ISO 37301, replaced its predecessor, the ISO 19600.
Both were developed and implemented by the independent and non-governmental body, the ISO (International Organisation for Standardisation), and are set to change the compliance culture of companies from the top down.
You may already feel unnerved by all the abbreviations and numbers, but it’s simpler to understand than it seems at first glance.
We’ve set out the key points you need to know about ISO 37301.
What is ISO 37301:2021?
The ISO 37301 is an internationally recognised standard which provides a comprehensive set of requirements and guidelines for creating a robust CMS within a company, helping to ensure the organisation complies with international legal norms and regulations.
With the increased number of laws and regulations, maintaining a culture of compliance is one of the main challenges that organisations are facing. A compliance management system provides organisations with a structured approach to meet all compliance obligations, those that they have to comply with, such as laws and regulations, and those that they voluntarily choose to comply with, such as internal policies and procedures.
For organisations seeking growth and long-term success, adhering to compliance obligations is not an option, it is a must. Failing to comply with laws and regulations can cost untold amounts in fines and result in irreparable damage to a business’s reputation.
‘The new standard gives requirements and guidelines for establishing, developing, implementing, evaluating, maintaining and improving an effective compliance management system within an organisation.’
The standard sets out a pathway towards compliance, and it begins at the top of the organisation, however big or small.
ISO 37301 requires a commitment to a ‘good compliance culture’ from the organisation’s governing body and top management, through a formula of compliance policy and objectives at various levels, as well as requiring the establishment of processes and controls in order to improve the organisation’s performance regarding compliance obligations.
‘Adhering to principles of good governance, integrity, transparency, accountability and sustainability, is central to the standard.’
What can the new standard do for you?
The new standard can help:
- Improve understanding of existing and new laws, regulations and rules, and how to comply with them
- Prevent compliance breaches or detect and respond to them sooner – helping you avoid fines, stoppages, prosecutions and reputational damage
- Bring together all your processes, procedures and policies so you can manage them more efficiently
- Demonstrate you operate lawfully on principles of good governance, integrity, ethics, transparency, accountability and sustainability
- Increase stakeholder confidence in your business and better manage your risk
What is the difference between ISO 19600:2014 and ISO 37301:2021?
The most important difference between these two standards is that ISO 37301 provides a CERTIFIABLE global benchmark for compliance systems.
ISO 19600 provided only RECOMMENDATIONS, as opposed to ISO 37301 which provides requirements for the implementation of a compliance management system. Therefore, with the new standard, organisations can verify and certify their CMS through an independent third party.
Migration from ISO 19600 is expected to be smooth, as many of the core elements of ISO 19600 have been maintained and incorporated into the new standard. Any organisation that had already followed or implemented the guidelines of ISO 19600 will already have made strong headway in complying with ISO 37301.
The numbers at the end (2014 and 2021) simply refer to the year when they came into being!
Is the standard useful for SMEs?
Businesses of all sizes, including small and medium sized ones, can benefit from implementing the standard. Afterall, every organisation is expected to act within the law.
The key point here is that the requirements of ISO 37301 are set out proportionately to the size of your business. So, implementing the standard will be much less complicated for a small company, as its organisation is usually less complex.
How we can help you
Our team at KCS Compliance Services is experienced and highly knowledgeable on matters of compliance and quality management. We have assisted countless businesses in successfully achieving — and maintaining — full accreditation.
As well as offering a comprehensive and objective assessment of your business, we can advise on the next steps to becoming ISO accredited.
Email us at: [email protected]
Call us on: 01908 380 401