ISO 37301

ISO 37301:2021 is the ”state-of-the-art answer” to a question that all organizations, regardless of sector or size, shall ask themselves: How can my company effectively and efficiently manage the large number of regulations and standards – in other words: How does it deal with “Compliance”?

The introduction of ISO 37301 not only systematizes compliance activities and optimizes processes, but also systematically improves legal certainty and the general conditions by means of transparent systems for responsible persons, representatives and managers.

A modern organization can only be successful if it can manage all regulations that the digital transformation implicates. Above all, this requires a culture of integrity and compliance, considering the needs and expectations of all interested parties. An ISO 37301 certified organization inspires greater trust and confidence among its customers, suppliers, employees, authorities and investors. This generates real market advantages, which is an asset in tenders.

Due to the same structure (High Level Structure), ISO 37301 can be easily combined with other ISO Standards. In addition, the legal requirements (compliance obligations) of ISO 9001, ISO 14001, or ISO 45001 etc. can be managed more efficiently and effectively by implementing ISO 37301.

• Establishing a “Compliance Management System“ (CMS) in order to minimize the risks of noncompliance
• Continual improvement and further development of the CMS
• Improved information policy on the development of compliance
• Increased benefits through integration into existing management systems such as ISO 9001, ISO 14001 and ISO 45001 etc.
• Certification of the CMS by an external organization
• Determining the own level of compliance and declaration of conformity with the present CMS specifications
• Demonstrating the commitment to comply with the law and increasing legal certainty

Companies and organizations in the industrial, commercial and service sectors as well as social institutions, public and municipal sectors or railroad companies. Organizations that have already implemented ISO Standards such as ISO 9001, ISO 14001, and ISO 45001 etc. benefit from an easier integration, as all ISO Standards follow the same structure (HLS).

The ISO 37301 management system includes requirements for compliance management systems that help organizations to manage their compliance risks and improve their performance. The CMS specifications can be applied by any organization.

All requirements contained in this ISO 37301 specification are intended for inclusion in a CMS. The extent to which they are applied depends on factors such as the corporate policy of the organization concerned, the type of activity, the products or services as well as the risks and complexity of the operations.

For a certification acc. to ISO 37301, an organization shall fulfill the following criteria:

• Identifying the relevant context of the organization
• Conducting a risk and opportunity analysis
• Planning and setting the objectives for improvement
• Integrating the requirements into existing business processes
• Appointing an independent compliance function while considering good governance practices
• Implementing relevant control systems and adequate reporting systems
• Internal audits and periodical reviews of the systems conducted by top management

ISO 37001, ISO 9001, ISO 14001, ISO 45001, ISO 22301, ISO 31000, SCP, SCC, AUVA SGM, EN 13816, Railway safety acc. to Article 9 of EU Directive 2016/798 (2004/49)

• Flyer ISO 37301 - pdf (473 KB)