What is ISO 37301?
ISO 37301 is a Type A management system standard which sets out the requirements and provides guidelines for establishing, developing, implementing, evaluating, maintaining, and continually improving a compliance management system (CMS). A CMS provides organizations a structured approach to meet all compliance obligations, i.e., requirements that they mandatorily have to comply with such as laws, regulations, court rulings, permits, licenses, as well as those that they voluntarily choose to comply with such as internal policies and procedures, codes of conduct, standards, and agreements with communities or NGOs.
ISO 37301 can be applied to all organizations, regardless of their size, nature, or complexity of activity. CMS is based upon the principles of integrity, good governance, proportionality, transparency, accountability, and sustainability.
As with the most of management system standards, ISO 37301 also follows the high-level structure (HLS) developed by ISO. The HLS structure defines the common terminology and definitions used, as well as the clause sequence (1 to 10), where the requirements for the CMS are set out in clauses 4 to 10. The HLS enables organizations to integrate various management systems, meaning that organizations can either adopt a CMS as a stand-alone management system or they can integrate it with other existing management systems.
Didn’t ISO already publish a standard on compliance management systems?
Yes, in 2014, ISO 19600 Compliance management systems — Guidelines was published. The main difference between these two standards is that organizations can get certified against ISO 37301 by undergoing a conformity assessment via an independent third party. Nevertheless, ISO 37301 builds and expands upon its predecessor (ISO 19600), and organizations that established a CMS based on the guidelines of ISO 19600 already have a head start in complying with the requirements of ISO 37301.
