ISO 37301 – Setting Compliance Objectives and Strategies to Achieve Them

Apr 29, 2025 | Compliance

Introduction

A successful compliance management system (CMS) is built on clearly defined and measurable objectives. ISO 37301:2021, the international standard for compliance management systems, emphasises the importance of setting strategic compliance objectives aligned with the organisation’s purpose, risks, and obligations. This blog explores how ISO 37301 guides the development of compliance objectives and the strategies organisations can use to achieve them.

Why Compliance Objectives Matter

Compliance objectives provide a structured way to measure progress, demonstrate accountability, and continuously improve the CMS. Without clear objectives, compliance efforts can become reactive, unfocused, and difficult to evaluate.

  • Well-defined compliance objectives help to:
  • – Translate policies into actionable goals
  • – Prioritise activities based on risk
  • – Drive a culture of performance and accountability
  • – Facilitate monitoring and reporting

Clause 6.2 – Compliance Objectives and Planning to Achieve Them

Clause 6.2 of ISO 37301 requires organisations to establish compliance objectives at relevant functions and levels. These objectives must be:

  • – Consistent with the compliance policy
  • – Measurable (where practicable)
  • – Monitored and communicated
  • – Updated as necessary

In addition, the organisation must determine what needs to be done, by whom, and by when, along with how results will be evaluated.

Examples of Compliance Objectives

  • Typical compliance objectives might include:
  • – Reduce regulatory breaches by 25% within 12 months
  • – Deliver compliance training to 100% of new hires within their first 30 days
  • – Implement a compliance risk register across all departments by Q3
  • – Achieve a 95% completion rate on annual policy acknowledgment

Strategies to Achieve Compliance Objectives

  1. To meet compliance objectives, organisations should consider the following strategies:
  2. 1. Align objectives with key risk areas and stakeholder expectations.
  3. 2. Integrate objectives into departmental plans and KPIs.
  4. 3. Provide targeted training and communication.
  5. 4. Assign responsibility and accountability to specific roles.
  6. 5. Use data and analytics to monitor progress and adjust as needed.

Example: Telecommunications Company

A telecom company sets an objective to reduce customer data privacy complaints by 30% over the next year. To achieve this, it implements targeted employee training, enhances its data handling procedures, and introduces a new monitoring dashboard to track incidents. Regular progress reviews ensure accountability and adjustments.

Conclusion

Setting and achieving compliance objectives is central to an effective compliance management system. ISO 37301 provides a structured framework to ensure that objectives are aligned with organisational goals and supported by actionable strategies. With clear targets and consistent follow-through, organisations can drive continuous improvement and build a resilient compliance culture.

For further information and to book your ISO37301compliance management systems survey please contact: Marcus J Allen at Thamer James Ltd. Email: [email protected]

Marcus has twenty years’ experience in delivering Governance, Risk and Compliance solutions to over two hundred organisations within the UK. Marcus holds the respected Diploma in Governance, Risk and Compliance from the International Compliance Association and holds a master’s degree in Management Learning & Change from the University of Bristol. 

Marcus is a member of BSI G01 Governance Committee, this committee contributed to the formulation of the above Standard, in the UK.