Non-binding discussion

ISO 37301 Compliancemanagement

Compliance as a business requirement

Everyone is talking about compliance again. The “Act on Corporate Due Diligence to Prevent Human Rights Violations in Supply Chains” (Germany) has, among other things, ensured that corporate responsibility, compliance with rules and laws, as well as adherence to moral and ethical voluntary commitments, are once again more in the public eye.

In addition to the indirect consequences of a lack of compliance (loss of sales due to bad press, shitstorms on the internet …), direct penalties for companies should also become more tangible and visible. Breaking the rules will then also lead more quickly to fines, corporate penalties or even profit skimming. It is therefore in the company’s own interest to establish a culture of compliance in its own organisation as early and effectively as possible so as not to run into problems later on or be restricted in its ability to act.

A compliance management system is always at the heart of “lived” compliance (product compliance) and ISO 37301 (or its predecessor ISO 19600 Compliance Management) has provided a suitable framework for this for many years.

Objectives of a compliance management system in accordance with ISO 37301

The aim of the ISO 37301 standard is, of course, to provide a framework that can prevent irregular behaviour by employees and, in particular, managers. In addition to this preventative effect, however, the focus is also on a verifiable character. In case of doubt, a compliance management system in accordance with ISO 37301 should make it possible to provide confirmation of the correct behaviour of all those involved. The tasks and obligations of all those involved should be clearly traceable and comprehensible on the basis of specific requirements.

A compliance management system in accordance with ISO 37301 also provides tools for evaluating measures taken and their improvement. In contrast to many other quality management areas, the focus here is not only on the processes themselves but also on communication. As the topic of compliance is almost automatically emotionalised when problems arise (by the media, by consumers, by activists), this approach, which is not purely technical, is of course also extremely useful.

Requirements for a compliance management system in accordance with ISO 37301

Of course, defining the processes to be adhered to and checked is of paramount importance for the effectiveness of a compliance management system. It must be possible to reliably monitor the defined processes, and it must always be possible to measure and check the specified parameters. The underlying information and resources must be reliable and, above all, available at all times.

Training is one of the most important resources of a compliance culture, as compliance is difficult to enforce without the correct dissemination of defined requirements. The awareness and responsibility for the topic of compliance must also be present at all affected levels and must also be self-monitoring. The positions of senior executives that are most susceptible to breaches of the rules, such as corruption, must feel controlled by the system, but not controlled.

The management layers in the company are of course responsible for monitoring, evaluating and continuously improving a compliance management system in accordance with ISO 37301. In addition to regular external certification, the internal controls must also function properly. In particular, it is also the task of company management and leadership to take care of requirements that do not necessarily result directly from legal regulations. The moral and ethical obligations that are so important for success in today’s market must be carefully monitored, implemented where necessary and, of course, adapted to the company’s own economic possibilities.

Last but not least, the documentation of all compliance-relevant processes is one of the most important issues. In the global economic system, this requirement in particular can quickly cause problems in practice. Different languages, but also different cultural areas, can quickly lead to different interpretations of compliance. What may be obviously important and reprehensible here may first have to be argued in detail at the other end of the world. The “supposedly protected” status of Western laws and standards is not always immediately apparent. A functioning compliance management system must take this into account, even if it is of course primarily orientated towards the requirements of Western legislation and ethics.

What advantages can ISO 37301 certification generate?

  • Particularly in international business relationships, trust between business partners can be strengthened thanks to evidence of an appropriate compliance management system.
  • A demonstrably effective CMS can prevent reputational damage and ensures a sustainable relationship with customers and suppliers
  • The installation of an effective CMS ensures the implementation of all compliance requirements, which are mandatory according to the Supply Chain Act (LkSG).
  • A certified company can put itself in a better position when tendering for contracts. It can already be observed that proof of a CMS is definitely a tender criterion for larger tenders.
  • If the worst comes to the worst and proceedings are initiated against the company in accordance with Sections 30 and 130 of the German Administrative Offences Act (OWiG) due to a suspected lack of supervisory efforts, certification in accordance with ISO 37301 can clearly demonstrate that the company has fulfilled its corporate duty of care.
  • A proven compliance management system can also have a mitigating effect on possible sanctions.

ISO 37301 certification

As ISO 37301 is an internationally recognised standard, ISO 37301 certification is naturally also part of the programme of all major certification bodies. In addition to general certification in accordance with DIN ISO 37301, there is also the option of personal certification of the respective authorised function holder in the company. This compliance officer is then the main person responsible for internal compliance matters.

Software for compliance management systems

As with all tasks in quality management, software support plays an important role. Since a large part of the effort goes into process modelling, process control, but also pure documentation, this effort usually only remains manageable with suitable computer support.
Not least since the advent of corona, the topic of remote auditing has come to the fore, as there were suddenly only limited opportunities to check compliance requirements in person. The new Supply Chain Act is increasingly increasing this pressure, as responsibility for external entities is now also moving closer to you. Remote Audit, with its modern philosophy and high degree of automation, can be used to great effect here. We at PeRoBa GmbH Unternehmensberatung München reacted to these modern requirements at a very early stage and customised our own software platform iVision® accordingly. The integration of modern forms of communication such as data glasses and smart glasses enables the very effective implementation of requirements such as those arising from Norman 37301 and 37001. Inspections and audits can be carried out more efficiently and also unannounced. Different time zones become less relevant and language barriers are also broken down thanks to the visual orientation. Document management and automated documentation are further strengths of the iVision® software. Its modular structure and easy expandability make it an ideal platform for implementing ISO 37301-based compliance management systems or integrating them into existing system landscapes.
We would be happy to show you how you can optimise your compliance with proven tools. Just get in touch with us. PeRoBa – your compliance management consultancy.
Infografik: So korrupt ist die Welt | Statista Mehr Infografiken finden Sie bei Statista

About PeRoBa:

PeRoBa Unternehmensberatung GmbH is one of the world’s leading pacesetters in the field of quality management, with its origins dating back to 1991. The company has been based in Baldham since 2011 and has a representative office in Prinzregentenstraße in Munich. PeRoBa Unternehmensberatung provides high-quality advice, audits and assessments to support customers in the introduction and implementation of their management systems. It also offers audits, QM training, seminars and workshops.

Since January 2016, the in-house, innovative software iVision® – Smart Remote Audit Solution has been on the market and complements our consulting portfolio.

The founder and owner, Dr Roland Scherb MBA, is an auditor, consultant, trainer and author. He is the first board member of the German Association of Auditors and an active member of the DIN e.V. working group as well as a speaker at the TÜV Academy.


Interested in a compliance audit? Do you have any questions?

Arrange a non-binding initial consultation via online appointment,
or send us a message using the contact form.
You are also welcome to contact us by telephone.

Make an online appointment
Non-binding discussion