ISO 37301 - Compliance management systems – Requirements with guidance for use

Sidney Vianna

Post Responsibly
Amazing how ISO can't say no to dumb standard proposals. So, now, they have an ISO Management System Standard to "ensure" the organizations comply with all legal requirements they are exposed to.

Out of the box
Organizations that aim to be successful in the long term need to establish and maintain a culture of compliance, considering the needs and expectations of interested parties. Compliance is therefore not only the basis, but also an opportunity, for a successful and sustainable organization.
Compliance is an ongoing process and the outcome of an organization meeting its obligations. Compliance is made sustainable by embedding it in the culture of the organization and in the behaviour and attitude of people working for it. While maintaining its independence, it is preferable that compliance management is integrated with the organization’s other management processes and its operational requirements and procedures.
An effective, organization-wide compliance management system enables an organization to demonstrate its commitment to comply with relevant laws, regulatory requirements, industry codes and organizational standards, as well as standards of good governance, generally accepted best practices, ethics and community expectations.
An organization’s approach to compliance is shaped by the leadership applying core values and generally accepted good governance, ethical and community standards. Embedding compliance in the behaviour of the people working for an organization depends above all on leadership at all levels and clear values of an organization, as well as an acknowledgement and implementation of measures to promote compliant behaviour. If this is not the case at all levels of an organization, there is a risk of noncompliance.
In a number of jurisdictions, courts have considered an organization’s commitment to compliance through its compliance management system when determining the appropriate penalty to be imposed for contraventions of relevant laws. Therefore, regulatory and judicial bodies can also benefit from this document as a benchmark.
Organizations are increasingly convinced that, by applying binding values and appropriate compliance management, they can safeguard their integrity and avoid or minimize noncompliance with the organization’s compliance obligations. Integrity and effective compliance are therefore key elements of good and diligent management. Compliance also contributes to the socially responsible behaviour of organizations.
One of the objectives of this document is to assist organizations to develop and spread a positive culture of compliance, considering that an effective and sound management of compliance-related risks should be regarded as an opportunity to pursue and take, due to the several benefits that it provides to the organization such as:

  • improving business opportunities and sustainability;
  • protecting and enhancing an organization’s reputation and credibility;
  • taking into account expectations of interested parties;
  • demonstrating an organization’s commitment to managing its compliance risks effectively and efficiently;
  • increasing the confidence of third parties in the organization’s capacity to achieve sustained success;
  • minimizing the risk of a contravention occurring with the attendant costs and reputational damage.
This document specifies requirements as well as provides guidance on compliance management systems and recommended practices. Both the requirements and the guidance in this document are intended to be adaptable, and implementation can differ depending on the size and level of maturity of an organization’s compliance management system and on the context, nature and complexity of the organization’s activities and objectives.
This document is suitable to enhance the compliance-related requirements in other management systems and to assist an organization in improving the overall management of all its compliance obligations.

ISO 37301 - Compliance management systems – Requirements with guidance for use
Last edited:

John Broomfield

Super Moderator

This standard duplicates what we already do to ensure our management systems have deployed legal requirements to our processes.

It will not be a best seller.


Involved In Discussions
Thanks Sidney, I haven't been around for a while, but when I saw this standard published I knew where to go to see if it has any value.
I couldn't see any and to have my belief confirmed by you guys is really helpful. The preview on the BSI Website looks generic annex SL and as you say there is no point in repeating this, when al the standards require compliance with legal requirement anyways.
Top Bottom