What’s New in ISO 37301:2021 & How it can improve your Compliance Management

If you struggle to understand how to identify and evaluate your compliance obligations (or legal requirements) in ISO 14001:2015, a newly, published ISO Standard could provide the framework to develop a solution to your problem,

This article looks the publication in April 2021 of ISO 37301:2021 with the title of Compliance management systems — Requirements with guidance for use, its background, benefits and contents together with the opportunity to use ISO 37301 to support compliance management in conjunction with other Management System Standards, such as ISO 14001, ISO 9001 & ISO 45001 for environmental, quality and occupational health and safety management systems.

ISO 37301:2021 Background
it should be noted that ISO 37301:2021 has been, previously, known as ISO 19600:2014. This former ISO Standard has, now, been cancelled and replaced by ISO 37301:2021 with the key changes being that it:

  1. Contains requirements with additional guidance for use based on those requirements
  2. Follows the ISO requirement for a harmonized structure for management system standards.

ISO 37301:2021 & its High-Level Structure
The use of ISO 37301 can be visualised as being based on the same Plan-Do-Check-Act (PDCA) process made popular by Dr. Deming & the ISO High-Level Structure published in Annex SL in the ISO/IEC Directives, Part 1.

A figure on page vii provides a clear representation of the requirements and mapping these requirements to the process for driving continual improvement using the Plan-Do-Check Act process.

Compliance Background
Many organizations have a long-term aim to be successful with a need to establish and maintain a culture of compliance, considering the needs and expectations of interested parties. Compliance becomes, not only, the basis, but also an opportunity, for a successful and sustainable organization.

As compliance is recognised as an ongoing process with the intended outcome of allowing the organization to meet its obligations. Compliance is made sustainable by embedding it in the culture of the organization and within the behaviour and attitude of people working for it.

In summary, an effective, organization-wide compliance management system enables an organization to demonstrate its commitment to comply with relevant laws, regulatory requirements, industry codes and organizational standards, as well as standards of good governance, generally accepted best practices, ethics and community expectations.

Benefits of Compliance Management System
An organisation implementing a Compliance Management System can through its positive culture of compliance and sound management of compliance-related risks should be regarded as an opportunity due to the several benefits that it provides to the organization such as:

  1. improving business opportunities and sustainability;
  2. protecting and enhancing an organization’s reputation and credibility;
  3. taking into account expectations of interested parties;
  4. demonstrating an organization’s commitment to managing its compliance risks effectively and efficiently;
  5. increasing the confidence of third parties in the organization’s capacity to achieve sustained success;
  6. minimizing the risk of a contravention occurring with the attendant costs and reputational damage.

ISO 37301 Structure
So, let’s look at the structure of ISO 37301, which as described earlier, this ISO Standard is based on the High-Level Structure described in Annex SL.

You can find out more about the Annex SL approach to the High-Level Structure for Management System Standards in my article here.

In ISO 37301, Clause 3 – Terms and Definitions provides for ten specific terms and their associated definitions for a Compliance Management System. These are:

There are additional requirements in Clause 4 – Context of the Organization cover the determination of the scope of the compliance management system, compliance management system, Compliance obligations & compliance risk assessment as well as the normal High-Level Structure requirements for organizational context & the needs and expectations of interested parties.

Significant importance for leadership and commitment to the Compliance Management System is provided in Clause 5 – Leadership covers specific requirements for a governing body and top management, a compliance culture, compliance governance, governing body and top management, compliance function and management

Clause 6 – Planning provides for modified requirements to address risks and opportunities, compliance objectives & the planning of changes.

To support the planning for the Compliance Management System, Clause 7 – Support provides for additional requirements for the employment process for personnel and Training as well as the High-Level Structure requirements for resources, competence, communication & documented information.

Clause 8 – Operations provides for additional requirements for the establishment of compliance controls and procedures, a mechanism for raising compliance concerns and an investigation processes in addition to the High-Level Structure requirements for operational planning and control.

Processes within Clause 9 – Performance Evaluation provide for additional requirements covering sources of feedback on compliance performance, the development of indicators, compliance reporting and associated record-keeping. The normal High-Level Structure requirements for General, Internal Audit & Management Review complement the performance evaluation processes.

Finally, Clause 10 – Improvement follows the High-Level Structure with recognition of non-compliance having a similar status as nonconformity given in other Management System Standards.

So, to summarise:

The ISO 37301:2021 provides the requirements and guidance for implementing and maintaining a Compliance management system based on the High-Level Structure based on Annex SL.

As such it is compatible with other Type A Management System Standards, such as ISO 14001, ISO 9001 & ISO 45001 and could be used to further aid the management of compliance obligations or legal requirements for these Management Systems.

You can purchase a copy of ISO 37301:2021 from your National Standardisation Body with a selection of the main Standards Bodies given in the table below:

Standards BodyWebsite
ISOhttps://www.iso.org/store.html
BSIhttps://shop.bsigroup.com/
ANSIhttps://webstore.ansi.org/
Standards Canadahttps://global.ihs.com/
Standards Australiahttps://www.techstreet.com/

If this article has helped to advance advance your understanding of compliance management and the opportunities of using ISO 37301:2021 in conjunction with other Management System Standards, such as ISO 14001, ISO 9001 and ISO 45001, please leave a comment in the box below.

If you enjoyed this article, you should subscribe to our YouTube Channel – EMSmastery, where you can watch our videos, such as our video accompanying this article on What’s New in ISO 37301:2021 & How it can improve your Compliance Management and subscribe in our YouTube channel for new videos released each week.

#ISO37301, #Compliance, #EMSmastery

Share this article on Social Media:

Leave a Reply