Migrating from ISO 19600:2014 to ISO 37301:2021

Article written by Albana Iseni

Share on facebook
Share on twitter
Share on linkedin

What is a Compliance Management System (CMS)?

For organizations seeking growth and long-term success, adhering to compliance obligations is not an option, is a must. Failing to comply with laws and regulations could mean losing millions in fines, or worse, damaging the organization’s reputation in the global marketplace. 

ISO 37301:2021 is a Type A management system standard which sets out the requirements and provides guidelines for establishing, developing, implementing, evaluating, maintaining, and continually improving a compliance management system (CMS).

ISO 37301:2021 is applicable to all organizations, regardless of their size, nature, or the complexity of activities that they perform. In this regard, ISO 37301:2021 includes control mechanisms for prevention, early detection, and elimination of violations. In a nutshell, the compliance management system covers all measures, structures, and processes that affect compliance within the organization. Hence, it will guide the organization in adhering to laws, rules, and standards at both national and international levels. 

It is advisable that organizations appoint a person responsible for ensuring that the CMS is in place meets the requirements of ISO 37301:2021, is implemented, functional, and properly maintained. In this light, an ISO 37301 certification would be an added value for the person carrying out the aforementioned responsibilities.  

Migrate from ISO 19600:2014 to ISO 37301:2021

ISO 37301:2021 is built upon and officially replaces its predecessor ISO 19600:2014. With the publication of the ISO 37301:2021 Compliance Management System standard, ISO 19600:2014 has formally been withdrawn. Nevertheless, all organizations that have already structured their systems based on ISO 19600:2014 can expect a smooth and efficient transition. Likewise, all ISO 19600 certified individuals can expect a smooth transition to an ISO 37301:2021 certificate. 

The main and the most important difference between these two standards is that ISO 19600 provides only recommendations, as opposed to ISO 37301 which provides requirements for the implementation of a compliance management system. Therefore, with the new standard, organizations can verify and certify their CMS through an independent third party. 

This newly published standard provides the necessary guidelines which help you:

  • Be aware and comply with existing and new laws, regulations, and rules that should be followed
  • Be aware of the potential risk of breaching any regulation
  • Eliminate and correct potential breaches in an effective manner

Why implement a CMS?

With the increased number of laws and regulations, maintaining a culture of compliance is one of the main challenges that organizations are facing. A compliance management system provides organizations with a structured approach to meet all compliance obligations, those that they have to comply with, such as laws and regulations, and those that they voluntarily choose to comply with, such as internal policies and procedures. 

In addition, ISO 37301:2021 requires the establishment of processes and controls in order to improve the organization’s performance regarding compliance obligations. Consequently, implementing a CMS based on ISO 37301:2021 demonstrates commitment to norms of corporate governance, good practices, and ethical conduct, principles that contribute an organization’s overall success. 

Besides the aforementioned points, the benefits of a CMS certification include:

  • Maintaining the organization’s reputation
  • Demonstrating commitment to an effective compliance management system
  • Reducing the risk of prosecution in legal proceedings
  • Strengthening the organization’s position in the market
  • Proof of the organization’s integrity levels and business values 

About the Author

Albana Iseni is a Product Marketing Manager for GRC and Privacy at PECB. She is in charge of conducting market research while developing and providing information related to ISO standards.

Leave a Reply

Your email address will not be published. Required fields are marked *

Testimonals
Crest Advisory Africa Logo
PECB Platinum Partner
The Institute of Risk Management South Africa
Services SETA