ISO 37301:2021 Compliance Management Systems — Requirements with guidance for use provides guidelines for establishing, developing, implementing, evaluating, maintaining, and improving an effective and responsive compliance management system within organizations.
The standard is essential for organizations seeking to ensure adherence to laws, regulations, and ethical standards within their operational context. It helps in mitigating risks, fostering a culture of integrity, and enhancing organizational governance and reputation.
ISO 37301 provides benefits in terms of:
- promoting ethical business practices and reducing the risk of non-compliance;
- enhancing trust among stakeholders;
- improving management processes and operational efficiency;
- supporting corporate governance and responsibility.
Table of Contents
Introduction |
1 Scope |
2 Normative references |
3 Terms and definitions |
4 Context of the organization |
4.1 Understanding the organization and its context |
4.2 Understanding the needs and expectations of interested parties |
4.3 Determining the scope of the compliance management system |
4.4 Compliance management system |
4.5 Compliance obligations |
4.6 Compliance risk assessment |
5 Leadership |
5.1 Leadership and commitment |
5.2 Compliance policy |
5.3 Roles, responsibilities and authorities |
6 Planning |
6.1 Actions to address risks and opportunities |
6.2 Compliance objectives and planning to achieve them |
6.3 Planning of changes |
7 Support |
7.1 Resources |
7.2 Competence |
7.3 Awareness |
7.4 Communication |
7.5 Documented information |
8 Operation |
8.1 Operational planning and control |
8.2 Establishing controls and procedures |
8.3 Raising concerns |
8.4 Investigation processes |
9 Performance evaluation |
9.1 Monitoring, measurement, analysis and evaluation |
9.2 Internal audit |
9.3 Management review |
10 Improvement |
10.1 Continual improvement |
10.2 Nonconformity and corrective action |
Annex A Guidance for the use of this document |
A.1 Background and Scope |
A.2 Normative references |
A.3 Terms and definitions |
A.4 Context of the organization |
A.5 Leadership |
A.6 Planning |
A.7 Support |
A.8 Operation |
A.9 Performance evaluation |
A.10 Improvement |
Implementation
Implementing a compliance management system in conformity with ISO 37301 involves several key steps.
Here are those steps.
Leadership and Commitment
- Demonstrate leadership commitment to compliance within the organization.
- Establish a compliance policy that aligns with organizational goals.
Scope and Context
- Determine the scope of the compliance management system.
- Understand the internal and external context, including legal and regulatory requirements.
Legal and Regulatory Compliance
- Identify and comply with relevant legal and regulatory requirements applicable to the organization.
- Stay informed about changes in legislation that may impact compliance.
Compliance Policy
Develop a compliance policy that outlines the organization’s commitment to adhering to legal and regulatory requirements.
Risk Assessment
- Identify and assess compliance risks associated with the organization’s activities.
- Determine the necessary controls to manage and mitigate compliance risks.
Compliance Objectives and Targets
- Establish specific, measurable, and time-bound compliance objectives and targets.
- Set goals for achieving and maintaining compliance with applicable laws and regulations.
Compliance Controls
- Implement controls and procedures to ensure compliance with legal and regulatory requirements.
- Develop processes for monitoring and enforcing compliance.
Communication and Training
- Communicate compliance policies, objectives, and expectations to employees and relevant stakeholders.
- Provide training to employees on compliance requirements and their responsibilities.
Monitoring and Measurement
- Implement systems for monitoring and measuring compliance performance.
- Regularly assess the organization’s compliance against established objectives and targets.
Data Analysis and Reporting
- Analyze compliance performance data to identify trends, areas for improvement, and opportunities.
- Prepare regular reports on compliance achievements and initiatives.
Legal Register
- Establish a legal register that documents and tracks applicable legal and regulatory requirements.
- Keep the legal register up-to-date with changes in legislation.
Internal Audits
- Conduct internal audits to assess the effectiveness of the compliance management system.
- Ensure that audits cover relevant legal and regulatory requirements.
Management Review
- Conduct periodic management reviews to assess the overall performance of the compliance management system.
- Use review findings to make informed decisions and improvements.
Continual Improvement
- Establish processes for continual improvement of the compliance management system.
- Regularly review and update compliance practices based on feedback and changing requirements.
Documentation and Record-Keeping
- Develop and maintain documentation related to compliance policies, procedures, and practices.
- Keep records of audits, training, and any changes made to the compliance management system.
Legal and Ethical Considerations
- Ensure that compliance practices align with legal, ethical, and professional standards.
- Establish processes to handle compliance-related legal and ethical issues.
Integration with Other Management Systems
Integrate compliance management with other relevant management systems, such as quality management or environmental management.
In conclusion…
By following these steps, organizations can implement a compliance management system in conformity with ISO 37301. Regular reviews and updates are essential to ensure the continued effectiveness and relevance of the compliance management practices.
ISO 37301 can be purchased through the ISO.org website.
Comments (0)