ISO 37301 uses the broad headings of the now familiar Annex SL framework. This specification is designed to be used in accordance with other management standards such as ISO9001: 2015 etc. The subtle difference is that ISO37301 provides a framework for an organisation to manage an effective compliance arrangement. This helps the organisation toconsider their contextual issues more specifically and associated business risks. 

A key feature of ISO37301 is to spread an effective compliance culture.

In the context of ISO3701 the Standard advocates consideration of broader issues than would be found in ISO9001. These include the business modelling arrangements of the organisation. Strategic issues and regulatory requirements.

A wide appreciation of the issues that might impact upon the compliance management system should be considered.

Careful consideration should be given to the legal and regulatory frameworks that must be followed. It is wise to consider additional emerging regulatory issues as well.

The executive function should consider the applicability of ISO37301 across the business and the desired outcome. 

Additional consideration should be given to:

Nature and scope plus the relationships with third parties. The economic framework and desired risk appetite. The cultural environment that the business faces. Many regulated businesses nowadays are required by stakeholders to focus more keenly on treatment of vulnerable customers. This could be seen as an external prevailing issue.

Internal issues might address, systems, policies, culture and tone, general adherence to governance plans, people, and technology needs.

ISO37301 helps an organisation to focus upon a robust compliance management system. Many will see great similarities with ISO9001 2015. The difference is the focus upon creating the appropriate compliance management system with a PDCA (Plan, do, check act) approach driving strong compliance. The provision of a quality service is taken as being in place.

For further information and to book your BS 1SO 37301 Compliance management systemssurvey please contact: Marcus J Allen at Thamer James Ltd. Email: [email protected]

Marcus has twenty years’ experience in delivering Governance, Risk and Compliance solutions to over two hundred organisations within the UK. Marcus holds the respected Diploma in Governance, Risk and Compliance from the International Compliance Association and holds a master’s degree in Management Learning & Change from the University of Bristol. Marcus is a Fellow of the Institute of Consultants and Fellow of the Chartered Management Institute.