For organisations seeking growth and long-term success, compliance is necessary, not an option. Compliance management provides organisations with a structured approach to meeting all compliance obligations. These include requirements that they must comply with mandatorily, such as laws, regulations, court decisions, permits, and licences, as well as those that they choose to comply with voluntarily, such as internal policies and procedures, codes of conduct, or standards and agreements with communities or NGOs.
Compliance Management System based on ISO 37301
ISO 37301 is a Type A management system standard that specifies requirements and provides guidance for establishing, implementing, maintaining and continuously improving a compliance management system (CMS). ISO 37301 can be applied to all organisations regardless of their size, nature or complexity of operations. The CMS is based on the principles of integrity, good governance, proportionality, transparency, accountability and sustainability.
Benefits of CMS for the organisation
- Building a positive culture of compliance in the organisation
- Resolving compliance issues quickly and effectively
- Protecting reputation and ensuring integrity by preventing and detecting unethical behaviour
- Increasing business opportunities and the organisation’s ability to achieve sustained success
- Building customer trust and loyalty
Subject of our professional services
1 | Analysis of the existing system and CMS project planning
Analysis of the context of the organisation and gap analysis of the current state • Development of an CMS project plan
2 | Establishment and implementation of the CMS
Identification and description of the boundaries and scope of the CMS • Definition of the organisational structure, roles and responsibilities of individuals and relevant committees • Design of the compliance policy • Setting up and documenting CMS processes
3 | Identification of compliance obligations and risks
Selection and documentation of a procedure for identifying compliance obligations • Identification and documentation of compliance obligations • Creation of a register of obligations • Change management • Selection and documentation of a methodology for compliance risk management • Identification, analysis and assessment of bribery risks • Selection of options and measures for risk treatment • Management of bribery risk treatment plans
4 | Documentation of topic-specific policies and procedures
CMS documentation structure design and management • Design and documentation of topic-specific policies and procedures • Support for the implementation of specific measures • Design and performance of training and awareness-raising activities
5 | Internal audit, supplier audit and certification audit support
Draft and documentation of the CMS internal audit charter • Draft CMS audit program and planning of audit activities • Implementation of internal audit and supplier audit • Support follow-up activities and actions after the audit • Preparation for and support during the certification audit
Advanced GRC applications
The difficulty of executing CMS processes increases with the size of the organisation and is influenced by the business sector and the maturity of the management system. Complex organisations and organisations operating in highly regulated industries or with complex management systems are recommended to use advanced modular tools.
More information can be found in the Applications section.
Quality of our services
During the provision of consulting services, the standards of quality of consultancy service based on ISO 20700, information security based on ISO/IEC 27001 and project management based on ISO 21502 are applied.
Competences of our consultants:
- Certified ISO 37301 Lead Implementer
- Certified ISO 37001 Lead Implementer
When conducting an internal audit (first-party audit) or second-party audit, the best practice of auditing management systems, as defined in ISO 19011, ISO/IEC 27007 and other relevant standards, is applied.
Competences of our auditors:
- Certified ISO 37301 Lead Auditor
- Certified ISO 37001 Lead Auditor