ISO37301 under the section of compliance obligations requires that an organisation focuses upon compliance requirements as a key feature of the compliance model.
This should include reference to the applicable laws and regulations that are in force, in relation to the scope of the compliance framework.
In addition, key permits and licences issued by regulatory bodies or authorities should be identified and monitored.
Rules from regulators and governing agencies should be identified, documented and monitored. Furthermore, key judgements from courts and tribunals should be identified and understood by the organisation.
The organisation may wish to manage looser more localised arrangements with community groups or non-government agencies. These may have well been identified within the external factors relevant to the enterprise.
Additional compliance obligations can include professional memberships of organisations, such as institutes, associations and guilds.
It is good practice to create some form of master repository to house these obligations. These could be broken down by topic; laws, regulations, orders, judgements, local licences, permits, divisional leases, stakeholder obligations and individual professional and trade bodies.
Denoting the key features of the regulation or law, what is relevant to the organisation and how the enterprise complies is a good step.
Keeping up to date with all these various obligations will require careful monitoring and horizon scanning in some cases. Updating the aforementioned register is good practice.
Adding the key statutory and regulatory requirements to the organisation’s risk register is good way for the executive team to identify the importance of each item identified and the approach to be taken for compliance.
For further information and to book your BS 1SO 37301 Compliance management systemssurvey please contact: Marcus J Allen at Thamer James Ltd. Email: [email protected]
Marcus has twenty years’ experience in delivering Governance, Risk and Compliance solutions to over two hundred organisations within the UK. Marcus holds the respected Diploma in Governance, Risk and Compliance from the International Compliance Association and holds a master’s degree in Management Learning & Change from the University of Bristol. Marcus is a Fellow of the Institute of Consultants and Fellow of the Chartered Management Institute.