ISO 37301, launched on April 13, 2021, contains requirements with guidelines on establishing, maintaining, improving and evaluating the Compliance Management System, bringing innovations when compared to Standard 19600, its predecessor.
ISO is an independent international non-governmental organization, respected worldwide, which today counts with the participation of 165 country members. The organization seeks, among other issues, the development of international, voluntary, consensus-based and relevant practices in order to standardize goods and services through a series of guidelines and requirements. Companies that adhere to ISO standards can be certified by accredited certifiers in their country, after going a thorough process consisting of several phases. It should also be noted that the certification in question is provided to companies regardless of its nature, type or size.
The certification of ISO 37301 Standard is relevant to the global corporate scenario by guaranteeing numerous benefits to organizations that are in accordance with the established requirements. Among those benefits, it can be highlighted the display of the organization’s commitment to risk management, which acts as a seal of quality, the recognition of its system by an independent third party, which increases the confidence of potential business partners, the mitigation of the risk of possible violation of essential principles and values that make up the organization’s reputation for integrity, as well as greater opportunities for new business to be agreed upon.
In view of the premise that the main objective of compliance is to enable the organization’s acts to be in accordance with the applicable rules, either laws or internal regulations, ISO 37301 Standard brings up the need for alignment between the Compliance Management System and this major objective. Clearly, for a successful adoption of a Compliance Management System, it is inevitable that all legal compliance obligations resulting from its activities, goods and the services provided will be identified, which will enable the achievement of an effective basis that enables the establishment of a complete and effective Management System.
Additionally, the ISO 37301 Standard provides for the importance of the adoption of the compliance culture, bringing the need for top management to demonstrate a visible and active commitment in the pursuit of this culture’s consolidation. In short, the emphasis of the compliance culture seeks to make it something intrinsic to the organization’s routine, with the consequent obligation of everyone to comply with ethical conduct standards.
With the inclusion of requirements in the new Standard, which was previously composed only of guidelines, in practice, organizations are guaranteed the possibility, in addition to being aligned with ISO guidelines, to be able to obtain certification under accreditation that they are in compliance with the standard and, therefore, in compliance with international laws and conventions.
In order to implement the system, the organization has to understand its own context, needs and expectations. Once it is executed, the organization must determine the scope of the Compliance Management System to understand its compliance risks, based on ISO 31000:2018 (Risk Management). According to the ISO 37301, the Compliance Management System can be implemented separately or jointly with other systems, such as risk, anti-bribery, regulated by the well known ISO 37001 Standard, and information security.
Although the English version of the standard is already available, the Portuguese version of the Standard was launched on June 3, 2021 and, from that date, the accreditation process for certifying companies will take place.
For more information on ISO 37301 certification, please contact us.