About ISO 37301 Certification
Display the value of your compliance management system
The forthcoming ISO 37301 framework will create a new certifiable global benchmark for compliance systems, improving the way your organisation conducts compliance and displaying the merits of your system to stakeholders. It relies upon ISO’s tried and tested Plan-Do-Check-Act (PDCA) principle which requires that certified companies operate with a continuous improvement cycle.
Built upon the previous standard for compliance programmes, ISO 19600, organisations that have already structured their system for this standard can expect a smooth and efficient transition. However, the flexibility that is a hallmark of all ISO standards means that even organisations who are wishing to get started can do so easily by making small structural changes to their current programme, in order to build a system that fits their needs and meets the standard's requirements.
Who can apply for an ISO 37301 compliance management system certification?
Private organisations: the company at large, a business unit or a subsidiary
Public organisations: administrations, services, political parties
Not-for-profit organisations: NGOs, charities, foundations, associations
Why choose this certification?
Certification against ISO 37301 demonstrates your organisation's commitment towards an effective compliance management system and any of its applicable subsections like:
- General compliance
- Export control
- Data privacy.
The inclusion of these subsections demonstrates its wide-ranging applications and its potential to revolutionise your overall compliance efforts. However, as with all of ISO’s standards, the requirements are broad enough to allow you to build a system that best suits the needs of your organisation, deciding upon the scope, location, number of people we interview, depth of the audits within the organisation, and which subsections to include.
Key benefits include:
- The recognition of becoming one of the first organisations certified against the standard
- Build trust with stakeholders
- Establish credibility in the market
- Gain a competitive advantage
- Stabilise partner ecosystems
- Increase operational efficiencies
- Reduce the risk of prosecution for non-compliance
How it differs from ISO 37001?
Why should we get certified for both standards when we can just certify our overall compliance management system? Industry professionals might use this logic to conclude that the publication of ISO 37301 will make ISO 37001 irrelevant. However, ISO 37001 and future ISO compliance standards still offer substantial value which includes:
- Additional requirements for specific operational controls related to anti-bribery
- Demonstrates the strength of your anti-bribery management system specifically through an in-depth audit of this compliance subsection
- An ability to be integrated in to your compliance management system, reducing the total audit duration time and effort that would normally be required to achieve them separately
What do you need to get certified?
How to prepare?
Recently published, organisations interested in ISO 37301 should start with the re-structuring of your compliance programme or management system according to the initial ISO draft. Though we are not able to directly assist you in this initial step, we can offer training which prepares you with the thorough knowledge of the standard that you will need to complete the re-structuring. After this has been completed, ETHIC Intelligence can perform the required Readiness Assessment (gap analysis) to identify any non-conformities. After performing any necessary corrective actions, your system will be well positioned for certification upon the standard's release.
Interested organisations can also contact us to keep up to date on all of the latest news and developments around this exciting standard.
What does the certification process actually cover?
- Assesses an organisation’s compliance management system: how it is designed, implemented, controlled, and improved
- System design and implementation is audited:
- at the headquarters
- in a sample of locations where the operations are conducted
Is there a report and what does it cover?
- A detailed report of the organisation’s compliance management system
- A list of findings identifying non-conformities, opportunities for improvement, best practices, and observations…
Do we get a certificate?
- The Certification Committee verifies that certification requirements are fulfilled and awards the certificate for 3 years with annual surveillance audits