ISO 37301 set to replace ISO 19600

4 minutes07/13/2021

Companies are subject to increasingly dense and stringent regulations and must ensure they act in accordance with the relevant laws at all levels. As a result, compliance management systems (CMS) are becoming ever more important tools for companies. From public authorities, investors and customers to suppliers, NGOs and the media, stakeholders expect organizations to ensure full legal compliance throughout the entire value chain.

ISO 19600 was published in 2014 and provided compliance managers with the first single universal standard to guide their work, with backing from over 160 countries. The switch to ISO 37301 is another important milestone. However, companies need to recognize the differences between the two standards and incorporate these changes into their system and overall strategy.

What is a compliance management system?

A well-organized compliance management system functions as a control mechanism to prevent violations from occurring and, if they do occur, to uncover and put a stop to them as soon as possible. This involves documenting procedures in individual cases, reporting to supervisory bodies and training employees. In summary, a compliance management system comprises all measures, structures and processes that affect legal conformity in business. Its purpose is to help companies keep track of and observe all laws, regulations and standards at both national and international levels.

From ISO 19600 to ISO 37301

The international standard ISO 19600, which was originally published in 2014, was replaced by the new ISO 37301 standard in April 2021. The German standard DIN ISO 37301 is set to follow shortly. ISO 19600 was the first attempt to establish a consistent international regulation for compliance management systems. However, from the very outset, it was regarded as more of a recommendation for companies – a so-called Type B standard. By contrast, ISO 37301 is the first internationally recognized Type A standard for compliance management systems, though its content only differs slightly from that of its predecessor.

Conduct effective audits and get certified!

In our whitepaper, “ISO 37301 – Compliance management system (CMS) guide”, we show you how you can:

Take full advantage of the standard
Implement the standard
Train employees
Run audits effectively
Get certified

We created this guide in collaboration with our partner SAT GmbH und Co. KG. Its author, Stefan Pawils, has audited compliance management systems on behalf of TÜV Rheinland for many years and is a qualified Compliance Officer and IRCA ISMS Auditor in accordance with the ISO/IEC 27001 standard. 

Download the paper now

New content and reforms

Although ISO 37301 is primarily based on ISO 19600, some minor changes have been made to the content. On the one hand, certain aspects have been restructured: For example, chapters 4.5 “Compliance obligations” and 4.6 “Identification, analysis and evaluation of compliance risks” have been incorporated into the sixth chapter of the new ISO 37301 standard. On the other hand, the new content found in chapters 8.3 “Raising concerns” and 8.4 “Investigation processes” draw attention to the problems of modern compliance.

ISO 37301 certification

The most significant differences, however, relate to the adjustments to the standard and the binding specifications for ISO 37301 certification. It was not previously possible to obtain ISO 19600 certification, and although various inspection authorities used standards based on ISO 19600, there was no official certification in accordance with the standard. With the introduction of the new ISO standard, companies can now obtain certification that reflects their compliance with this standard.

ISO 19600 and 37301: An overview of the key differences

ISO 19600	ISO 37301
Validity: Introduced in 2014	Validity: Introduced in April 2021
Definition: International CMS standard	Definition: International CMS standard, replaces ISO 19600
Authoritativeness: Guidelines for implementation and use of a CMS	Authoritativeness: Largely incorporates the content of ISO 19600 Minor restructuring and additions; amendments reflecting modern use of CMS
Subject: Recommendation for organizations	Subject: Binding guideline
Certification: No (direct) certification available (Type B standard)	Certification: available (Type A standard)

Implementation of ISO 37301

Integrating ISO 37301 into a company’s system is relatively straightforward if standard compliance rules are followed. In order to get the full benefit from the standard and derive the full benefits of certainty and security, it is important to integrate the standard for the entire company and in all related procedures. This includes operational work processes as well as lived values, established structures and the actions of both management and employees.

Ongoing compliance training helps to establish new structures and behaviors and represents an effective addition to continuous employee education efforts.

ISO 37301 is easy to integrate into existing management systems such as ISO 45001 and ISO 14001 to form an integrated management system (IMS). The standard’s organization, which includes a high-level structure, makes it possible to use a range of existing resources in its integration and thereby generate synergies that further facilitate its implementation.

Using technology to achieve succes

Having suitable software solutions in place markedly simplifies labor-intensive processes like integrating a new ISO standard. Support by way of appropriate technology makes it possible to examine and visualize the processes in question in detail and in real time, such as in the form of compliance audits. Requirements and specifications can be consolidated into a legal register, making it easy for compliance managers to access applicable regulations at any time. This enables you to bring together legal requirements for compliance at local, national and international levels in one place and avoid any violations.

Your route to the right EHSQ software

From choosing the right questions for process analysis to determining key functional requirements and identifying criteria for selecting suitable EHSQ software – these are the issues you need to consider to find the right health and safety solution for your company!

View now

Acceptance for the future

The introduction of ISO 37301as a replacement of ISO 19600 and the associated changes it entails will make it easier for companies to conduct effective compliance activities and to visualize the success of their compliance measures. Particularly in times where a growing awareness of legal conformity is rising, it is important that companies redouble their efforts in this area and obtain independent certification. The new standard makes this possible and thus presents companies with a valuable opportunity to improve trust and acceptance in their efforts and in their work going forward. The new certifiable standard not only provides a basis for trust within companies, but also lays the foundation for high-quality collaborations with customers and business partners.

How ESG reporting facilitates the tracking of sustainability metrics

Regulatory pressure and mandatory ESG reporting are moving forward. Europe has made significant progress through the ESRS, the EU taxonomy and ESAP. These developments will require adjustments to reporting practices, …

Read article

Compliance, Hazardous Chemicals

The upcoming PFAS ban

Are you ready for a complete ban on 10,000 substances that fall under PFAS? What exactly does REACH say about PFAS? Learn what you should do and know right now.

Read article

Compliance, Environment & Sustainability

The Materiality Workbook

Learn how to prepare for your organization’s materiality assessment by working through these easy-to-follow exercises.

Download eBook

Prepare for CSRD

Compliance

ISO 37301 set to replace ISO 19600 for CMS