Generally, binding laws, standards and various norms determining the rules of conduct are an everyday part of our lives. Enormous developments, especially in information technology, business approaches and related regulations, force organisations, whether in the private or public sector, to streamline their activities. When it comes to efficiency in managing the management and control of obligations arising from all sorts of regulations, then since 2014, there was the ISO 19600 standard and the so-called Compliance management system (“CMS”). So what are the changes?
ISO 37301:2021 is here!
ISO 37301 is a new international standard that specifies requirements and provides guidance for establishing, developing, implementing, evaluating, maintaining, and improving a CMS. CMS provides companies with a structured approach to fulfilling obligations arising from generally binding legal regulations, related case law, licenses, contractual obligations or other permits, and internally established management standards, codes of conduct, internal rules, procedures etc.
How is ISO 37301:2021 different from ISO 19600:2014?
ISO 37301:2021 officially replaces ISO 19600:2014. ISO 37301 is a type A standard; in addition to recommendations, it also contains requirements, and it is possible to certify a CMS, unlike ISO 19600.
Who for is the standard?
ISO 37301 can be implemented in all types of organisations, regardless of whether they operate in the private or public sector and regardless of their size or nature.
So why proceed with the implementation of CMS based on ISO 37301?
The standard helps organisations implement and organise effective measures (policies, processes, controls) that allow managing the potential risk of non-compliance, i.e. any sanctions resulting from a breach of generally binding legal regulations or other organisation obligations. Efficiency is primarily monitored by the adequacy of such a CMS, which means that it is adapted to the organisation’s context and, as a result, does not cost more resources than benefits. The result is a corporate culture of ethical behaviour and established mechanisms for preventing, monitoring and dealing with risks or manifestations of non-compliance. Undoubtedly, an effectively functioning CMS can be taken into account by bodies active in criminal proceedings as an instrument of so-called development according to Act No. 418/2011 Coll., On the Criminal Liability of Legal Entities and Proceedings Against Them.
Other benefits from the implementation of ISO 37301
Along with the implementation of the organisation’s CMS:
- develops a culture of compliance
- protects its reputation, prevents unethical behaviour, but also possible sanctions for non-compliance
- quickly and efficiently detects and resolves any discrepancies
- increases trust with regulators or supervisors
- addresses the expectations of stakeholders such as employees or business partners
- builds trust and loyalty with customers
- develops business opportunities, including the ability to pass the CMS’s conformity assessment with the international standard ISO37301
Structure and requirements of ISO 37301
The structure of ISO 37301 is based on the PDCA cycle and is the so-called High-level structure standard (“HLS”), is universal in its structure (10 standardised chapters) and is thus ready for integration with multiple management systems in the company. As mentioned above, ISO37301 also includes a set of recommendations contained in Annex A of the standard.