What is ISO 37301

ISO 37301 (Compliance Management System) is an international standard established by the International Organization for Standardization (ISO) in April 2021.
This standard provides a framework for evaluating whether a company¡¯s compliance policies and risk management systems, which address issues that may arise in all aspects of corporate management, are in line with global standards and are being effectively implemented.
Organizations that meet these requirements are awarded an internationally recognized certification.

Effectiveness of ISO 37301

Through an effective, organization-wide compliance management system, organizations can demonstrate their commitment to adhering to applicable laws, regulatory requirements, industry standards, and organizational policies.
This also includes demonstrating compliance with good governance standards, generally accepted best practices, ethical norms, and the expectations of the community.
Many judicial bodies and courts consider an organization¡¯s dedication to compliance through a compliance management system when determining appropriate penalties for legal violations.
Therefore, regulatory and judicial bodies can also benchmark and utilize the ISO 37301 standard as a reference for evaluating organizational compliance.

Relationship between PDCA and the framework in this International Standard

ISO 37301:2021 Requirements

4. Context of the organization
  • 4.1 Understanding the organization and its context
  • 4.2 Understanding the needs and expectations of interested parties
  • 4.3 Determining the scope of the compliance management system
  • 4.4 Compliance management system
  • 4.5 Compliance obligations
  • 4.6 Compliance risk assessment
5. Leadership
  • 5.1 Leadership and commitment
  • 5.2 Compliance policy
  • 5.3 Roles, responsibilities and authorities
6. Planning
  • 6.1 Actions to address risks and opportunities
  • 6.2 Compliance objectives and planning to achieve them
  • 6.3 Planning of changes
7. Support
  • 7.1 Resources
  • 7.2 Competence
  • 7.3 Awareness
  • 7.4 Communication
  • 7.5 Documented information
8. Operation
  • 8.1 Operational planning and control
  • 8.2 Establishing controls and procedures
  • 8.3 Raising concerns
  • 8.4 Investigation processes
9. Performance evaluation
  • 9.1 Monitoring, measurement, analysis and evaluation
  • 9.2 Internal audit
  • 9.3 Management review
10. Improvement
  • 10.1 Continual improvement
  • 10.2 Nonconformity and corrective action

Contact Person

Kim Gi Beom

kgb@icrqa.com

Lee Jae Min

lee2750@icrqa.com