SlideShare a Scribd company logo

ISO 37301 Compliance Management Systems

Nimonik
Nimonik

The document summarizes a webinar on ISO 37301:2022 Compliance Management Systems. It begins with introductions and explains the webinar format. It then provides an overview of key topics to be covered, including what ISO 37301 is, why organizations should use it, where it fits in relation to other standards, how a compliance management system works according to the standard, key definitions, and key elements.

Presentations & Public Speaking
1 of 82
Download to read offline
ISO 37301:2022 Compliance Management Systems Webinar
Your presenter Jonathan Brun President and founder of Nimonik inc., an engineer by training with a passion building world class compliance management systems. Based in Montreal, Canada
Webinar Etiquette Webinar Video OFF Mic OFF Raise Hand Type in Chat
Who we are and what we do Webinar
Poll: Have you heard of the ISO 37301 standard?
Why are we talking about ISO 37301:2022 and why now? Webinar Obligations and risk have increased significantly Need a robust system to handle all of this • ESG • Sustainability • Environmental / Climate Change • Cybersecurity • Artificial Intelligence • Others
Topics: 1. What is ISO 37301:2022? 2. Why should you use it? 3. Where does it fit in? 4. How does it work? 5. Key definitions 6. Key elements 7. Key implementation steps 8. Q&A
1. What is ISO 37301:2022?
Introduction • ISO 37301 is an international standard introduced in 2022 that provides guidance on establishing, implementing, maintaining, reviewing, and improving an effective compliance management system. • This standard helps organizations ensure they comply with legal and ethical requirements, reduce the risk of non-compliance, and improve their overall performance. • ISO 37301 provides a framework for organizations to integrate compliance into their business operations and to demonstrate their commitment to ethical behavior and social responsibility. • ISO 37301 replaces ISO 19600 1. WHAT IS ISO 37301:2022
Introduction ISO 37301 builds on and replaces ISO 19600 (guidelines) with the following differences: • ISO 37301 is now a Type A management standard that is certifiable compatible with other Type A Management System standards such as ISO 9001, 45001, 14001, etc. • replaces should with shall statements (but not for everything) • adds whistleblowing and expands culture and governance • adds requirements for hiring or promoting staff to critical positions. • adds assessment of staff in matters of regulatory compliance. • provides description of what is considered a regulatory compliance culture. • highlights the issues of independence, staffing and skills of Regulatory Compliance to operate without interventions and with appropriate staff. • identifies Code of Ethics and Conduct as a key element in determining and controlling compliance. 1. WHAT IS ISO 37301:2022
2. Why should you use it?
You have these needs ISO 37001 is applicable for organizations that: • want to modernized their corporate compliance efforts with industry best practices. • need a compliance management system for specific risk domains not currently covered by a standard. • need to better address obligations contained within existing management systems. • need an overarching assurance framework across existing compliance management systems (e.g., safety, security, environmental, EHS, ESG, etc.) 2. WHY SHOULD YOU USE IT?
You want these benefits ISO outlines the following benefits for this standard: • improving business opportunities and sustainability. • protecting and enhancing an organization’s reputation and credibility. • considering expectations of interested parties. • demonstrating an organization’s commitment to managing its compliance risks effectively and efficiently. • increasing the confidence of third parties in the organization’s capacity to achieve sustained success. • minimizing the risk of a contravention occurring with the attendant costs and reputational damage. 2. WHY SHOULD YOU USE IT? TRUST “Organizations want to work and collaborate with companies they can trust,” “And trust is built on a company culture of doing the right thing, where every employee contributes because they understand and believe in the importance of it. Central to this is good leadership and clear values, which have to come from the top.”
Poll: Does your organization have a compliance policy?
2. Why should you use it?
Where does it fit in with other standards 3. WHERE DOES IT FIT IN? ISO 37301 is intended to work as a stand-alone system or in conjunction with others ISO 37000 ISO 37301 Governance Guidelines Compliance Management Systems ISO 31000 Risk Management Guidelines ISO 19011 Audit Management Guidelines Topic Specific Standards
How is it the same as other ISO standards? 3. WHERE DOES IT FIT IN? • follows Annex SL structure • follows Type A MSS with respect to management system requirements. • is harmonized with other standards • is voluntary ISO 37301:
How is it different from other ISO standards? 3. WHERE DOES IT FIT IN? Certifiable with Guidelines for Use ISO 37301 is certifiable using accredited auditors. Integration with Other Standards ISO 37301 is designed to be used with other management systems Risk Based Approach ISO 37301 emphasizes a risk-based approach to compliance management. Focus on Compliance ISO 37301 is specifically designed to manage compliance risks.
Includes both requirements and recommendations 3. WHERE DOES IT FIT IN? SHALL Requirements SHOULD Recommendations Recommendations are found in ANNEX A (Information) Requirements are found in the body of the standard
7. How does it work?
Outcome Objectives These are measures of effectiveness that need to be specified in units meaningful to the stakeholders. • Integrity • Culture • Conformity • Reputation • Value • Ethics Capabilities for the CMS to provide depend on what is specified. 4. HOW DOES IT WORK?
Essential Behaviors These principles define essential behaviors for achieving compliance outcomes: • Integrity • Good Governance • Proportionality • Transparency • Accountability • Sustainability These behaviors need to be present within the CMS and reinforced by the organizational culture. 4. HOW DOES IT WORK?
Essential Processes The CMS implements essential processes to achieve compliance and risk objectives: • PLAN: Commitment , Scope, Policy, Roles and responsibilities, Obligations and Risks • DO: Support, Competence and awareness, Communication and training, Operations, Controls and procedures, Documentation • CHECK: Internal audit, Management review, Monitoring and measurement, Raising concerns, Investigation process • ACT: Managing non-compliance, Continual improvement PDCA demonstrates how these processes interact with each other. However, they may not happen in sequence. For example, operating controls happen at the same time that conformance is verified. 4. HOW DOES IT WORK?
Context These define internal and external environmental factors that need to be considered: • Legal • Social • Cultural • Digitalization • Finance • Structure • Environment • Interested parties These factors are inputs into the planning process and define the climate the CMS operates within. 4. HOW DOES IT WORK?
5. Key Definitions
Contains Requirements and Recommendations • Shall are mandatory requirements needed for certification • Should are recommendations derived from ISO 19600 and placed in Annex A 5. KEY DEFINITIONS
Effectiveness and Compliance Compliance is the outcome of an effective CMS 5. KEY DEFINITIONS
Management System ISO 37301 is a management system standard to achieve objectives resulting in compliance. 5. KEY DEFINITIONS
Culture and Policy Compliance involves establishing the behaviors that align with organizational policy 5. KEY DEFINITIONS
Obligations and Requirements Obligations are compliance requirements 5. KEY DEFINITIONS
Objectives Objectives are the compliance commitments 5. KEY DEFINITIONS
Uncertainty and Risk Compliance needs to contend with uncertainty to ensure obligations are met 5. KEY DEFINITIONS
How these concepts relate to each other 5. KEY DEFINITIONS Policy Objectives Obligations Risk Culture Uncertainty COMPLIANCE CONTEXT Everything happens in the presence of uncertainty and culture
Poll: Which application of ISO 37301 best suits your situation?
6. Key Elements
4. Context of the organization • This element emphasizes the importance of engaging with stakeholders and understanding their needs and expectations. • This includes identifying the compliance obligations and expectations that are relevant to the organization's activities, products, and services along with the internal and external factors that may impact its ability to meet its compliance obligations. • Key obligations include understanding the organization and its context, the needs and expectations of interest parties, and determining the scope of the compliance management system. 6. KEY ELEMENTS
4. Context of the organization 6. KEY ELEMENTS 4.6 Compliance risk assessment 4.5 Compliance obligations 4.4 Compliance management system 4.3 Determining the scope of compliance management system 4.2 Understanding the needs and expectations of interested parties 4.1 Understanding the organization and its context
4. Context of the organization 6. KEY ELEMENTS 4.6 Compliance risk assessment 4.5 Compliance obligations 4.4 Compliance management system 4.3 Determining the scope of compliance management system 4.2 Understanding the needs and expectations of interested parties 4.1 Understanding the organization and its context
4. Context of the organization 6. KEY ELEMENTS 4.6 Compliance risk assessment 4.5 Compliance obligations 4.4 Compliance management system 4.3 Determining the scope of compliance management system 4.2 Understanding the needs and expectations of interested parties 4.1 Understanding the organization and its context
4. Context of the organization 6. KEY ELEMENTS 4.6 Compliance risk assessment 4.5 Compliance obligations 4.4 Compliance management system 4.3 Determining the scope of compliance management system 4.2 Understanding the needs and expectations of interested parties 4.1 Understanding the organization and its context
4. Context of the organization 6. KEY ELEMENTS 4.6 Compliance risk assessment 4.5 Compliance obligations 4.4 Compliance management system 4.3 Determining the scope of compliance management system 4.2 Understanding the needs and expectations of interested parties 4.1 Understanding the organization and its context
4. Context of the organization 6. KEY ELEMENTS 4.6 Compliance risk assessment 4.5 Compliance obligations 4.4 Compliance management system 4.3 Determining the scope of compliance management system 4.2 Understanding the needs and expectations of interested parties 4.1 Understanding the organization and its context
5. Leadership • Leadership and commitment are critical for the success of the compliance management system. • This element involves establishing a compliance culture within the organization, defining a compliance policy, assigning roles and responsibilities for compliance, and providing the necessary resources and support. • Key obligations include demonstrating visible leadership and commitment to compliance, establishing clear lines of communication and reporting, and promoting a culture of ethical behavior. 6. KEY ELEMENTS
5. Leadership 6. KEY ELEMENTS 5.3 Roles, responsibilities and authorities 5.3.1 Governing body and top management 5.3.2 Compliance function 5.3.3 Management 5.3.4 Personnel 5.2 Compliance Policy 5.1 Leadership and Commitment 5.1.1 Governing body and top management 5.1.2 Compliance culture 5.1.3 Compliance governance
5. Leadership 6. KEY ELEMENTS 5.3 Roles, responsibilities and authorities 5.3.1 Governing body and top management 5.3.2 Compliance function 5.3.3 Management 5.3.4 Personnel 5.2 Compliance Policy 5.1 Leadership and Commitment 5.1.1 Governing body and top management 5.1.2 Compliance culture 5.1.3 Compliance governance
5. Leadership 6. KEY ELEMENTS 5.3 Roles, responsibilities and authorities 5.3.1 Governing body and top management 5.3.2 Compliance function 5.3.3 Management 5.3.4 Personnel 5.2 Compliance Policy 5.1 Leadership and Commitment 5.1.1 Governing body and top management 5.1.2 Compliance culture 5.1.3 Compliance governance
5. Leadership 6. KEY ELEMENTS 5.3 Roles, responsibilities and authorities 5.3.1 Governing body and top management 5.3.2 Compliance function 5.3.3 Management 5.3.4 Personnel 5.2 Compliance Policy 5.1 Leadership and Commitment 5.1.1 Governing body and top management 5.1.2 Compliance culture 5.1.3 Compliance governance
5. Leadership 6. KEY ELEMENTS 5.3 Roles, responsibilities and authorities 5.3.1 Governing body and top management 5.3.2 Compliance function 5.3.3 Management 5.3.4 Personnel 5.2 Compliance Policy 5.1 Leadership and Commitment 5.1.1 Governing body and top management 5.1.2 Compliance culture 5.1.3 Compliance governance
5. Leadership 6. KEY ELEMENTS 5.3 Roles, responsibilities and authorities 5.3.1 Governing body and top management 5.3.2 Compliance function 5.3.3 Management 5.3.4 Personnel 5.2 Compliance Policy 5.1 Leadership and Commitment 5.1.1 Governing body and top management 5.1.2 Compliance culture 5.1.3 Compliance governance
6. Planning • It is important to develop a comprehensive plan that integrates compliance into all areas of the organization and that takes into account the organization's values and culture. • This elements involves planning for compliance by conducting risk assessments, establishing objectives and targets, and developing action plans to address identified risks and opportunities. • Key obligations include identifying legal and ethical requirements that are applicable to the organization, assessing the risks and impacts of non-compliance, and establishing objectives and targets that are measurable and achievable. 6. KEY ELEMENTS
6. Planning 6. KEY ELEMENTS 6.3 Planning of changes 6.2 Compliance objectives and planning to achieve them 6.1 Actions to address risks and opportunities
6. Planning 6. KEY ELEMENTS 6.3 Planning of changes 6.2 Compliance objectives and planning to achieve them 6.1 Actions to address risks and opportunities
6. Planning 6. KEY ELEMENTS 6.3 Planning of changes 6.2 Compliance objectives and planning to achieve them 6.1 Actions to address risks and opportunities
7. Support • The support requirements emphasize the importance of providing the necessary resources and support to meet compliance obligations effectively and efficiently. • The element involves determining and providing the resources and support needed to establish, implement, maintain, and continually improve the CMS. • Key obligations include establishing leadership and commitment to compliance, adequate staffing, training and awareness programs, communication channels, access to compliance information, documentation and record-keeping processes. 6. KEY ELEMENTS
7. Support 6. KEY ELEMENTS 7.5 Documented information 7.5.1 General 7.5.2 Creating and updating documented information 7.5.3 Control of documented information 7.4 Communication 7.3 Awareness 7.2 Competence 7.2.1 General 7.2.2 Employment process 7.2.3 Training 7.1 Resources
7. Support 6. KEY ELEMENTS 7.5 Documented information 7.5.1 General 7.5.2 Creating and updating documented information 7.5.3 Control of documented information 7.4 Communication 7.3 Awareness 7.2 Competence 7.2.1 General 7.2.2 Employment process 7.2.3 Training 7.1 Resources
7. Support 6. KEY ELEMENTS 7.5 Documented information 7.5.1 General 7.5.2 Creating and updating documented information 7.5.3 Control of documented information 7.4 Communication 7.3 Awareness 7.2 Competence 7.2.1 General 7.2.2 Employment process 7.2.3 Training 7.1 Resources
7. Support 6. KEY ELEMENTS 7.5 Documented information 7.5.1 General 7.5.2 Creating and updating documented information 7.5.3 Control of documented information 7.4 Communication 7.3 Awareness 7.2 Competence 7.2.1 General 7.2.2 Employment process 7.2.3 Training 7.1 Resources
7. Support 6. KEY ELEMENTS 7.5 Documented information 7.5.1 General 7.5.2 Creating and updating documented information 7.5.3 Control of documented information 7.4 Communication 7.3 Awareness 7.2 Competence 7.2.1 General 7.2.2 Employment process 7.2.3 Training 7.1 Resources
7. Support 6. KEY ELEMENTS 7.5 Documented information 7.5.1 General 7.5.2 Creating and updating documented information 7.5.3 Control of documented information 7.4 Communication 7.3 Awareness 7.2 Competence 7.2.1 General 7.2.2 Employment process 7.2.3 Training 7.1 Resources
8. Operation • It is important to involve all stakeholders in the implementation process and to ensure that the compliance management system is integrated into all business processes. • This element involves establishing controls, communicating requirements, and providing training and awareness to ensure compliance is embedded in the organization's daily activities. • Key obligations include establishing and communicating policies and procedures, providing training and awareness programs, and implementing controls to ensure compliance. 6. KEY ELEMENTS
8. Operation 6. KEY ELEMENTS 8.4 Investigation processes 8.3 Raising concerns 8.2 Establishing controls and procedures 8.1 Operational planning and control
8. Operation 6. KEY ELEMENTS 8.4 Investigation processes 8.3 Raising concerns 8.2 Establishing controls and procedures 8.1 Operational planning and control
9. Performance evaluation • It is important to ensure that the evaluation process is objective, independent, and based on reliable data. • The evaluation element involves monitoring performance, conducting audits and reviews, and analyzing data to ensure the compliance management system remains effective. • Key obligations include establishing performance indicators, monitoring compliance performance, conducting audits and reviews, and analyzing data to identify areas for improvement. 6. KEY ELEMENTS
9. Performance evaluation 6. KEY ELEMENTS 9.3 Management review 9.3.1 General 9.3.2 Management review inputs 9.3.3 Management review results 9.2 Internal audit 9.2.1 General 9.2.2 Internal audit programme 9.1 Monitoring, measurement, analysis and evaluation 9.1.1 General 9.1.2 Sources of feedback on compliance performance 9.1.3 Development of indicators 9.1.4 Compliance reporting 9.1.5 Record- keeping
9. Performance evaluation 6. KEY ELEMENTS 9.3 Management review 9.3.1 General 9.3.2 Management review inputs 9.3.3 Management review results 9.2 Internal audit 9.2.1 General 9.2.2 Internal audit programme 9.1 Monitoring, measurement, analysis and evaluation 9.1.1 General 9.1.2 Sources of feedback on compliance performance 9.1.3 Development of indicators 9.1.4 Compliance reporting 9.1.5 Record- keeping
9. Performance evaluation 6. KEY ELEMENTS 9.3 Management review 9.3.1 General 9.3.2 Management review inputs 9.3.3 Management review results 9.2 Internal audit 9.2.1 General 9.2.2 Internal audit programme 9.1 Monitoring, measurement, analysis and evaluation 9.1.1 General 9.1.2 Sources of feedback on compliance performance 9.1.3 Development of indicators 9.1.4 Compliance reporting 9.1.5 Record- keeping
9. Performance evaluation 6. KEY ELEMENTS 9.3 Management review 9.3.1 General 9.3.2 Management review inputs 9.3.3 Management review results 9.2 Internal audit 9.2.1 General 9.2.2 Internal audit programme 9.1 Monitoring, measurement, analysis and evaluation 9.1.1 General 9.1.2 Sources of feedback on compliance performance 9.1.3 Development of indicators 9.1.4 Compliance reporting 9.1.5 Record- keeping
10. Improvement • It is important to establish a culture of continual improvement and to ensure that the compliance management system is adapted to changing circumstances. • This element involves implementing corrective and preventive actions, identifying opportunities for improvement, and continuously improving the compliance management system. • Key obligations include establishing a process for reporting and investigating non-compliance, identifying opportunities for improvement, and implementing corrective and preventive actions. 6. KEY ELEMENTS
10. Improvement 6. KEY ELEMENTS 10.2 Nonconformity and corrective action 10.1 Continual improvement
10. Improvement 6. KEY ELEMENTS 10.2 Nonconformity and corrective action 10.1 Continual improvement
Poll: Do you see many barriers to implementing ISO 37301 at your organization?
7. Key implementation steps
What to avoid 1. Lack of leadership commitment: Without leadership commitment, the compliance management system is likely to fail. The leaders of the organization need to be fully committed to the implementation of the standard, provide the necessary resources and support, and ensure that everyone in the organization understands the importance of compliance. 2. Overcomplicating the system: A compliance management system that is overly complex can be difficult to implement and maintain. It's important to keep the system simple and focus on the key compliance risks facing the organization. 3. Failure to involve stakeholders: The compliance management system should involve all relevant stakeholders, including employees, suppliers, customers, and regulators. Failure to involve these stakeholders can lead to resistance to the system and a lack of buy-in. 4. Lack of communication: Communication is critical to the success of the compliance management system. It's important to communicate the system's purpose, goals, and benefits to all stakeholders, and to keep them informed of progress and changes. 5. Insufficient training: Employees need to be trained on the compliance management system, including their roles and responsibilities, how to identify compliance risks, and how to report compliance violations. Without proper training, employees may not understand the system, which can lead to non-compliance. 6. Failure to adapt to changing circumstances: The compliance management system should be flexible and able to adapt to changing circumstances, such as changes in regulations or business operations. Failure to adapt the system can result in non-compliance. 7. Treating compliance as a one-time event: Compliance management is an ongoing process that requires continuous improvement. Treating compliance as a one-time event can lead to complacency and non-compliance. 7. KEY IMPLEMENTATION STEPS
What is critical to success 1. Top Management Support: Having strong support from top management is essential for the successful implementation of ISO 37301. Leaders should communicate their commitment to the CMS to ensure its effective implementation and continued success. 2. Obligation Identification: Knowing your obligations is critical for effective compliance. Lack of knowledge will contribute to gaps in compliance, excessive risk, and failure to provide stakeholder assurance. This identification should include legal, regulator, and stakeholder obligations. 3. Risk Assessment: The CMS should be built around an assessment of the organization's compliance risks. This assessment should identify the risks that the organization faces and prioritize them based on their severity and likelihood of occurrence. 4. Policies and Procedures: Policies and procedures that are aligned with the organization's goals, risk profile, and compliance requirements should be developed. These policies and procedures should be communicated effectively to ensure that everyone understands their roles and responsibilities in achieving compliance. 5. Training and Awareness: All employees should receive training and awareness programs to ensure they understand their roles and responsibilities in complying with the CMS. Regular training and awareness programs should be conducted to ensure that employees remain up-to-date on changes to the CMS and the organization's compliance requirements. 6. Monitoring and Measurement: The CMS should include mechanisms for monitoring and measuring its effectiveness. This includes regular compliance audits, reviews, and assessments to ensure that the CMS is functioning effectively and meeting its objectives. 7. Continuous Improvement: The organization should continually evaluate and improve its CMS to ensure its ongoing effectiveness. The CMS should be flexible enough to adapt to changes in the organization's compliance risks, regulatory requirements, and business objectives. 7. KEY IMPLEMENTATION STEPS
Steps to follow 7. KEY IMPLEMENTATION STEPS UNDERSTAND THE STANDARD: Read and understand the requirements of ISO 37301, and how it applies to your organization. This includes the principles, objectives, and requirements of the standard. CONDUCT A GAP ANALYSIS: Assess your organization's current compliance management system against the requirements of ISO 37301. Identify the gaps and areas for improvement. DEFINE SCOPE: Define the scope of your compliance management system. Determine which activities, processes, and functions will be covered by the system. ESTABLISH A COMPLIANCE POLICY: Develop a compliance policy that sets out your organization's commitment to complying with applicable laws, regulations, and standards. The policy should be communicated to all relevant stakeholders. DEVELOP A COMPLIANCE MANAGEMENT FRAMEWORK: Establish a compliance management framework that includes processes, procedures, and controls for managing compliance risks. This includes identifying and assessing compliance risks, implementing controls to mitigate those risks, monitoring and reviewing the effectiveness of the controls, and reporting on compliance performance. Step 1 Step 2 Step 3 Step 4 Step 5
Steps to follow 7. KEY IMPLEMENTATION STEPS IMPLEMENT THE COMPLIANCE MANAGEMENT SYSTEM: Implement the compliance management system by providing the necessary resources, assigning roles and responsibilities, and training staff on the system. MONITOR AND MEASURE PERFORMANCE: Establish metrics and monitoring procedures to measure the effectiveness of the compliance management system. This includes regular reviews, audits, and assessments. CONTINUOUSLY IMPROVE: Continuously improve the compliance management system by analyzing performance data, identifying opportunities for improvement, and taking corrective action. GET CERTIFIED: Once your organization has implemented the compliance management system and it has been in operation for a sufficient period of time, you can seek certification to ISO 37301 from a recognized certification body. Step 6 Step 7 Step 8 Step 9
8. Q&A
Thank You!
0. Heading This and that and some more Sub-heading
Section Heading
Compliance Management System

Recommended

Hernan Huwyler SCCE New ISO 37301 Compliance Management Systems
Hernan Huwyler SCCE New ISO 37301 Compliance Management SystemsHernan Huwyler SCCE New ISO 37301 Compliance Management Systems
Hernan Huwyler SCCE New ISO 37301 Compliance Management Systems
Hernan Huwyler, MBA CPA
 
New ISO 37301:2021
New ISO 37301:2021New ISO 37301:2021
New ISO 37301:2021
Hernan Huwyler, MBA CPA
 
How to Fulfil Requirements of ISO 37001:2016 Documentation?
How to Fulfil Requirements of ISO 37001:2016 Documentation?How to Fulfil Requirements of ISO 37001:2016 Documentation?
How to Fulfil Requirements of ISO 37001:2016 Documentation?
Global Manager Group
 
New ISO 20000-1:2018 Changes, Implementation Steps
New ISO 20000-1:2018 Changes, Implementation StepsNew ISO 20000-1:2018 Changes, Implementation Steps
New ISO 20000-1:2018 Changes, Implementation Steps
Integration Technologies Group Inc
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSMISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
Global Manager Group
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 

Recommended

Hernan Huwyler SCCE New ISO 37301 Compliance Management Systems
Hernan Huwyler SCCE New ISO 37301 Compliance Management SystemsHernan Huwyler SCCE New ISO 37301 Compliance Management Systems
Hernan Huwyler SCCE New ISO 37301 Compliance Management Systems
Hernan Huwyler, MBA CPA
 
New ISO 37301:2021
New ISO 37301:2021New ISO 37301:2021
New ISO 37301:2021
Hernan Huwyler, MBA CPA
 
How to Fulfil Requirements of ISO 37001:2016 Documentation?
How to Fulfil Requirements of ISO 37001:2016 Documentation?How to Fulfil Requirements of ISO 37001:2016 Documentation?
How to Fulfil Requirements of ISO 37001:2016 Documentation?
Global Manager Group
 
New ISO 20000-1:2018 Changes, Implementation Steps
New ISO 20000-1:2018 Changes, Implementation StepsNew ISO 20000-1:2018 Changes, Implementation Steps
New ISO 20000-1:2018 Changes, Implementation Steps
Integration Technologies Group Inc
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSMISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
Global Manager Group
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Demo of ISO 37001:2016 documentation kit
Demo of ISO 37001:2016 documentation kitDemo of ISO 37001:2016 documentation kit
Demo of ISO 37001:2016 documentation kit
Global Manager Group
 
ISO 37001 Anti-Bribery Management System
ISO 37001 Anti-Bribery Management SystemISO 37001 Anti-Bribery Management System
ISO 37001 Anti-Bribery Management System
The Business Council of Mongolia
 
10 Mistakes in Implementing the ISO 37301
10 Mistakes in Implementing the ISO 3730110 Mistakes in Implementing the ISO 37301
10 Mistakes in Implementing the ISO 37301
Hernan Huwyler, MBA CPA
 
Integrated Management System training,awareness,safety
Integrated Management System training,awareness,safetyIntegrated Management System training,awareness,safety
Integrated Management System training,awareness,safety
G Rajan Kumar
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
ControlCase
 
AWARENESS ISO 37001-2016
AWARENESS ISO 37001-2016 AWARENESS ISO 37001-2016
AWARENESS ISO 37001-2016
WQA APAC
 
Anti bribery management system iso 37001 fauziah sulaiman lpktn 20022020 (1)
Anti bribery management system iso 37001 fauziah sulaiman lpktn 20022020 (1)Anti bribery management system iso 37001 fauziah sulaiman lpktn 20022020 (1)
Anti bribery management system iso 37001 fauziah sulaiman lpktn 20022020 (1)
italpktn
 
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
iFour Consultancy
 
An Integrated Management System Standard
An Integrated Management System StandardAn Integrated Management System Standard
An Integrated Management System Standard
Ralph Reid
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
Craig Willetts ISO Expert
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
Uppala Anand
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 
Overview of ISO 19011:2018 Guidelines for Auditing Management Systems
Overview of ISO 19011:2018 Guidelines for Auditing Management SystemsOverview of ISO 19011:2018 Guidelines for Auditing Management Systems
Overview of ISO 19011:2018 Guidelines for Auditing Management Systems
Seetharam Kandarpa ASQ CMQ/OE, CPGP, CQA
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
Ims (integrated Management system )
Ims (integrated Management system )Ims (integrated Management system )
Ims (integrated Management system )
Ascent World
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
Jeff B
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 
What do the changes to ISO14001 mean for business?
What do the changes to ISO14001 mean for business? What do the changes to ISO14001 mean for business?
What do the changes to ISO14001 mean for business?
Ardea International
 
To ISO or not to ISO?
To ISO or not to ISO?To ISO or not to ISO?
To ISO or not to ISO?
SIKM
 

More Related Content

What's hot

Demo of ISO 37001:2016 documentation kit
Demo of ISO 37001:2016 documentation kitDemo of ISO 37001:2016 documentation kit
Demo of ISO 37001:2016 documentation kit
Global Manager Group
 
ISO 37001 Anti-Bribery Management System
ISO 37001 Anti-Bribery Management SystemISO 37001 Anti-Bribery Management System
ISO 37001 Anti-Bribery Management System
The Business Council of Mongolia
 
10 Mistakes in Implementing the ISO 37301
10 Mistakes in Implementing the ISO 3730110 Mistakes in Implementing the ISO 37301
10 Mistakes in Implementing the ISO 37301
Hernan Huwyler, MBA CPA
 
Integrated Management System training,awareness,safety
Integrated Management System training,awareness,safetyIntegrated Management System training,awareness,safety
Integrated Management System training,awareness,safety
G Rajan Kumar
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
ControlCase
 
AWARENESS ISO 37001-2016
AWARENESS ISO 37001-2016 AWARENESS ISO 37001-2016
AWARENESS ISO 37001-2016
WQA APAC
 
Anti bribery management system iso 37001 fauziah sulaiman lpktn 20022020 (1)
Anti bribery management system iso 37001 fauziah sulaiman lpktn 20022020 (1)Anti bribery management system iso 37001 fauziah sulaiman lpktn 20022020 (1)
Anti bribery management system iso 37001 fauziah sulaiman lpktn 20022020 (1)
italpktn
 
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
iFour Consultancy
 
An Integrated Management System Standard
An Integrated Management System StandardAn Integrated Management System Standard
An Integrated Management System Standard
Ralph Reid
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
Craig Willetts ISO Expert
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
Uppala Anand
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 
Overview of ISO 19011:2018 Guidelines for Auditing Management Systems
Overview of ISO 19011:2018 Guidelines for Auditing Management SystemsOverview of ISO 19011:2018 Guidelines for Auditing Management Systems
Overview of ISO 19011:2018 Guidelines for Auditing Management Systems
Seetharam Kandarpa ASQ CMQ/OE, CPGP, CQA
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
Ims (integrated Management system )
Ims (integrated Management system )Ims (integrated Management system )
Ims (integrated Management system )
Ascent World
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
Jeff B
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 

What's hot (20)

Demo of ISO 37001:2016 documentation kit
Demo of ISO 37001:2016 documentation kitDemo of ISO 37001:2016 documentation kit
Demo of ISO 37001:2016 documentation kit
 
ISO 37001 Anti-Bribery Management System
ISO 37001 Anti-Bribery Management SystemISO 37001 Anti-Bribery Management System
ISO 37001 Anti-Bribery Management System
 
10 Mistakes in Implementing the ISO 37301
10 Mistakes in Implementing the ISO 3730110 Mistakes in Implementing the ISO 37301
10 Mistakes in Implementing the ISO 37301
 
Integrated Management System training,awareness,safety
Integrated Management System training,awareness,safetyIntegrated Management System training,awareness,safety
Integrated Management System training,awareness,safety
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
AWARENESS ISO 37001-2016
AWARENESS ISO 37001-2016 AWARENESS ISO 37001-2016
AWARENESS ISO 37001-2016
 
Anti bribery management system iso 37001 fauziah sulaiman lpktn 20022020 (1)
Anti bribery management system iso 37001 fauziah sulaiman lpktn 20022020 (1)Anti bribery management system iso 37001 fauziah sulaiman lpktn 20022020 (1)
Anti bribery management system iso 37001 fauziah sulaiman lpktn 20022020 (1)
 
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
 
An Integrated Management System Standard
An Integrated Management System StandardAn Integrated Management System Standard
An Integrated Management System Standard
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
 
Overview of ISO 19011:2018 Guidelines for Auditing Management Systems
Overview of ISO 19011:2018 Guidelines for Auditing Management SystemsOverview of ISO 19011:2018 Guidelines for Auditing Management Systems
Overview of ISO 19011:2018 Guidelines for Auditing Management Systems
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
Ims (integrated Management system )
Ims (integrated Management system )Ims (integrated Management system )
Ims (integrated Management system )
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 

Similar to ISO 37301 Compliance Management Systems

What do the changes to ISO14001 mean for business?
What do the changes to ISO14001 mean for business? What do the changes to ISO14001 mean for business?
What do the changes to ISO14001 mean for business?
Ardea International
 
To ISO or not to ISO?
To ISO or not to ISO?To ISO or not to ISO?
To ISO or not to ISO?
SIKM
 
Iso 9001 2015 iso geek
Iso 9001 2015 iso geekIso 9001 2015 iso geek
Iso 9001 2015 iso geek
Varinder Kumar
 
19600 compliance management system guidelines
19600 compliance management system guidelines19600 compliance management system guidelines
19600 compliance management system guidelines
Nimonik
 
19600 Compliance Management System Guidelines
19600 Compliance Management System Guidelines19600 Compliance Management System Guidelines
19600 Compliance Management System Guidelines
Nimonik
 
Why Audit? What Is the Difference Between Regulatory Auditing and ISO 14001 o...
Why Audit? What Is the Difference Between Regulatory Auditing and ISO 14001 o...Why Audit? What Is the Difference Between Regulatory Auditing and ISO 14001 o...
Why Audit? What Is the Difference Between Regulatory Auditing and ISO 14001 o...
Triumvirate Environmental
 
Key considerations for an appropriate scope for all management systems
Key considerations for an appropriate scope for all management systemsKey considerations for an appropriate scope for all management systems
Key considerations for an appropriate scope for all management systems
PECB
 
ISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptxISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptx
jojo82637
 
ISO14001: what do the key changes mean for business and how should organisati...
ISO14001: what do the key changes mean for business and how should organisati...ISO14001: what do the key changes mean for business and how should organisati...
ISO14001: what do the key changes mean for business and how should organisati...
Ardea International
 
Iso 14001
Iso 14001Iso 14001
Iso 14001
Mahendra G S
 
Internal auditor 9001 day 1
Internal auditor 9001 day 1Internal auditor 9001 day 1
Internal auditor 9001 day 1
Dr Madhu Aman Sharma
 
FunctionalOverview
FunctionalOverviewFunctionalOverview
FunctionalOverview
Allan Browning
 
Bmsqms revisedwithchevrons
Bmsqms revisedwithchevronsBmsqms revisedwithchevrons
Bmsqms revisedwithchevrons
MrsAlways RigHt
 
ISO 9001
ISO 9001ISO 9001
ISO 9001
Mohammed Ghorab
 
ISO 9001:2015 Requirements.pptx
ISO 9001:2015 Requirements.pptxISO 9001:2015 Requirements.pptx
ISO 9001:2015 Requirements.pptx
GelmelinaLeaLepitenH
 
ISO 45001 018 . 2018 م.71-مبادرة#تواصل_تطوير-د.محمد عبدالمجيد-التعريف بمتطلبا...
ISO 45001 018 . 2018 م.71-مبادرة#تواصل_تطوير-د.محمد عبدالمجيد-التعريف بمتطلبا...ISO 45001 018 . 2018 م.71-مبادرة#تواصل_تطوير-د.محمد عبدالمجيد-التعريف بمتطلبا...
ISO 45001 018 . 2018 م.71-مبادرة#تواصل_تطوير-د.محمد عبدالمجيد-التعريف بمتطلبا...
Egyptian Engineers Association
 
FINAL IMS PPT - Read-Only - Compatibility Mode.pdf
FINAL IMS PPT - Read-Only - Compatibility Mode.pdfFINAL IMS PPT - Read-Only - Compatibility Mode.pdf
FINAL IMS PPT - Read-Only - Compatibility Mode.pdf
KShah24
 
Intro to ISO
Intro to ISOIntro to ISO
Intro to ISO
Adrian Hall
 
A brief Introduction to ISO 9001 2015-Quality Management System
A brief Introduction to ISO 9001 2015-Quality Management SystemA brief Introduction to ISO 9001 2015-Quality Management System
A brief Introduction to ISO 9001 2015-Quality Management System
SARWAR SALAM
 
Risk elimination and safety committee
Risk elimination and safety committeeRisk elimination and safety committee
Risk elimination and safety committee
Hpm India
 

Similar to ISO 37301 Compliance Management Systems (20)

What do the changes to ISO14001 mean for business?
What do the changes to ISO14001 mean for business? What do the changes to ISO14001 mean for business?
What do the changes to ISO14001 mean for business?
 
To ISO or not to ISO?
To ISO or not to ISO?To ISO or not to ISO?
To ISO or not to ISO?
 
Iso 9001 2015 iso geek
Iso 9001 2015 iso geekIso 9001 2015 iso geek
Iso 9001 2015 iso geek
 
19600 compliance management system guidelines
19600 compliance management system guidelines19600 compliance management system guidelines
19600 compliance management system guidelines
 
19600 Compliance Management System Guidelines
19600 Compliance Management System Guidelines19600 Compliance Management System Guidelines
19600 Compliance Management System Guidelines
 
Why Audit? What Is the Difference Between Regulatory Auditing and ISO 14001 o...
Why Audit? What Is the Difference Between Regulatory Auditing and ISO 14001 o...Why Audit? What Is the Difference Between Regulatory Auditing and ISO 14001 o...
Why Audit? What Is the Difference Between Regulatory Auditing and ISO 14001 o...
 
Key considerations for an appropriate scope for all management systems
Key considerations for an appropriate scope for all management systemsKey considerations for an appropriate scope for all management systems
Key considerations for an appropriate scope for all management systems
 
ISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptxISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptx
 
ISO14001: what do the key changes mean for business and how should organisati...
ISO14001: what do the key changes mean for business and how should organisati...ISO14001: what do the key changes mean for business and how should organisati...
ISO14001: what do the key changes mean for business and how should organisati...
 
Iso 14001
Iso 14001Iso 14001
Iso 14001
 
Internal auditor 9001 day 1
Internal auditor 9001 day 1Internal auditor 9001 day 1
Internal auditor 9001 day 1
 
FunctionalOverview
FunctionalOverviewFunctionalOverview
FunctionalOverview
 
Bmsqms revisedwithchevrons
Bmsqms revisedwithchevronsBmsqms revisedwithchevrons
Bmsqms revisedwithchevrons
 
ISO 9001
ISO 9001ISO 9001
ISO 9001
 
ISO 9001:2015 Requirements.pptx
ISO 9001:2015 Requirements.pptxISO 9001:2015 Requirements.pptx
ISO 9001:2015 Requirements.pptx
 
ISO 45001 018 . 2018 م.71-مبادرة#تواصل_تطوير-د.محمد عبدالمجيد-التعريف بمتطلبا...
ISO 45001 018 . 2018 م.71-مبادرة#تواصل_تطوير-د.محمد عبدالمجيد-التعريف بمتطلبا...ISO 45001 018 . 2018 م.71-مبادرة#تواصل_تطوير-د.محمد عبدالمجيد-التعريف بمتطلبا...
ISO 45001 018 . 2018 م.71-مبادرة#تواصل_تطوير-د.محمد عبدالمجيد-التعريف بمتطلبا...
 
FINAL IMS PPT - Read-Only - Compatibility Mode.pdf
FINAL IMS PPT - Read-Only - Compatibility Mode.pdfFINAL IMS PPT - Read-Only - Compatibility Mode.pdf
FINAL IMS PPT - Read-Only - Compatibility Mode.pdf
 
Intro to ISO
Intro to ISOIntro to ISO
Intro to ISO
 
A brief Introduction to ISO 9001 2015-Quality Management System
A brief Introduction to ISO 9001 2015-Quality Management SystemA brief Introduction to ISO 9001 2015-Quality Management System
A brief Introduction to ISO 9001 2015-Quality Management System
 
Risk elimination and safety committee
Risk elimination and safety committeeRisk elimination and safety committee
Risk elimination and safety committee
 

More from Nimonik

Generative AI for Regulatory Analysis
Generative AI for Regulatory AnalysisGenerative AI for Regulatory Analysis
Generative AI for Regulatory Analysis
Nimonik
 
Nimonik Brochure
Nimonik BrochureNimonik Brochure
Nimonik Brochure
Nimonik
 
Calgary Oil & Gas Regulatory and Standards Day January 18th 2023
Calgary Oil & Gas Regulatory and Standards Day January 18th 2023Calgary Oil & Gas Regulatory and Standards Day January 18th 2023
Calgary Oil & Gas Regulatory and Standards Day January 18th 2023
Nimonik
 
Best Practices for Regulatory Change Management
Best Practices for Regulatory Change ManagementBest Practices for Regulatory Change Management
Best Practices for Regulatory Change Management
Nimonik
 
Build a business case for compliance March 2022
Build a business case for compliance March 2022Build a business case for compliance March 2022
Build a business case for compliance March 2022
Nimonik
 
ESG and Compliance: Where do we go from here?
ESG and Compliance: Where do we go from here?ESG and Compliance: Where do we go from here?
ESG and Compliance: Where do we go from here?
Nimonik
 
State of Compliance 2021 at Mid-Market Firms - Nimonik
State of Compliance 2021 at Mid-Market Firms - NimonikState of Compliance 2021 at Mid-Market Firms - Nimonik
State of Compliance 2021 at Mid-Market Firms - Nimonik
Nimonik
 
ISO 19600 Section 4.5 - Know your Obligations
ISO 19600 Section 4.5 - Know your ObligationsISO 19600 Section 4.5 - Know your Obligations
ISO 19600 Section 4.5 - Know your Obligations
Nimonik
 
COVID-19 Biological Risk Assessment Webinar
COVID-19 Biological Risk Assessment WebinarCOVID-19 Biological Risk Assessment Webinar
COVID-19 Biological Risk Assessment Webinar
Nimonik
 
Preparing for a Post Covid World
Preparing for a Post Covid WorldPreparing for a Post Covid World
Preparing for a Post Covid World
Nimonik
 
Identify Applicable EHS Regulatory Documents
Identify Applicable EHS Regulatory DocumentsIdentify Applicable EHS Regulatory Documents
Identify Applicable EHS Regulatory Documents
Nimonik
 
Survey results - Centrally vs Locally managed compliance
Survey results - Centrally vs Locally managed complianceSurvey results - Centrally vs Locally managed compliance
Survey results - Centrally vs Locally managed compliance
Nimonik
 
Continous compliance october 2019 webinar (2)
Continous compliance october 2019 webinar (2)Continous compliance october 2019 webinar (2)
Continous compliance october 2019 webinar (2)
Nimonik
 
The not so hidden costs of non-compliance
The not so hidden costs of non-complianceThe not so hidden costs of non-compliance
The not so hidden costs of non-compliance
Nimonik
 
The 4 key types of regulations and how to comply (3)
The 4 key types of regulations and how to comply (3)The 4 key types of regulations and how to comply (3)
The 4 key types of regulations and how to comply (3)
Nimonik
 
Comprehensive Compliance for Environmental, Safety, Quality Requirements in C...
Comprehensive Compliance for Environmental, Safety, Quality Requirements in C...Comprehensive Compliance for Environmental, Safety, Quality Requirements in C...
Comprehensive Compliance for Environmental, Safety, Quality Requirements in C...
Nimonik
 
Process Area Site Assessments techniques for the Management
Process Area Site Assessments techniques for the ManagementProcess Area Site Assessments techniques for the Management
Process Area Site Assessments techniques for the Management
Nimonik
 
Air monitoring presentation
Air monitoring presentationAir monitoring presentation
Air monitoring presentation
Nimonik
 
Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001
Nimonik
 
Electronics recycling webinar final presentation
Electronics recycling webinar final presentationElectronics recycling webinar final presentation
Electronics recycling webinar final presentation
Nimonik
 

More from Nimonik (20)

Generative AI for Regulatory Analysis
Generative AI for Regulatory AnalysisGenerative AI for Regulatory Analysis
Generative AI for Regulatory Analysis
 
Nimonik Brochure
Nimonik BrochureNimonik Brochure
Nimonik Brochure
 
Calgary Oil & Gas Regulatory and Standards Day January 18th 2023
Calgary Oil & Gas Regulatory and Standards Day January 18th 2023Calgary Oil & Gas Regulatory and Standards Day January 18th 2023
Calgary Oil & Gas Regulatory and Standards Day January 18th 2023
 
Best Practices for Regulatory Change Management
Best Practices for Regulatory Change ManagementBest Practices for Regulatory Change Management
Best Practices for Regulatory Change Management
 
Build a business case for compliance March 2022
Build a business case for compliance March 2022Build a business case for compliance March 2022
Build a business case for compliance March 2022
 
ESG and Compliance: Where do we go from here?
ESG and Compliance: Where do we go from here?ESG and Compliance: Where do we go from here?
ESG and Compliance: Where do we go from here?
 
State of Compliance 2021 at Mid-Market Firms - Nimonik
State of Compliance 2021 at Mid-Market Firms - NimonikState of Compliance 2021 at Mid-Market Firms - Nimonik
State of Compliance 2021 at Mid-Market Firms - Nimonik
 
ISO 19600 Section 4.5 - Know your Obligations
ISO 19600 Section 4.5 - Know your ObligationsISO 19600 Section 4.5 - Know your Obligations
ISO 19600 Section 4.5 - Know your Obligations
 
COVID-19 Biological Risk Assessment Webinar
COVID-19 Biological Risk Assessment WebinarCOVID-19 Biological Risk Assessment Webinar
COVID-19 Biological Risk Assessment Webinar
 
Preparing for a Post Covid World
Preparing for a Post Covid WorldPreparing for a Post Covid World
Preparing for a Post Covid World
 
Identify Applicable EHS Regulatory Documents
Identify Applicable EHS Regulatory DocumentsIdentify Applicable EHS Regulatory Documents
Identify Applicable EHS Regulatory Documents
 
Survey results - Centrally vs Locally managed compliance
Survey results - Centrally vs Locally managed complianceSurvey results - Centrally vs Locally managed compliance
Survey results - Centrally vs Locally managed compliance
 
Continous compliance october 2019 webinar (2)
Continous compliance october 2019 webinar (2)Continous compliance october 2019 webinar (2)
Continous compliance october 2019 webinar (2)
 
The not so hidden costs of non-compliance
The not so hidden costs of non-complianceThe not so hidden costs of non-compliance
The not so hidden costs of non-compliance
 
The 4 key types of regulations and how to comply (3)
The 4 key types of regulations and how to comply (3)The 4 key types of regulations and how to comply (3)
The 4 key types of regulations and how to comply (3)
 
Comprehensive Compliance for Environmental, Safety, Quality Requirements in C...
Comprehensive Compliance for Environmental, Safety, Quality Requirements in C...Comprehensive Compliance for Environmental, Safety, Quality Requirements in C...
Comprehensive Compliance for Environmental, Safety, Quality Requirements in C...
 
Process Area Site Assessments techniques for the Management
Process Area Site Assessments techniques for the ManagementProcess Area Site Assessments techniques for the Management
Process Area Site Assessments techniques for the Management
 
Air monitoring presentation
Air monitoring presentationAir monitoring presentation
Air monitoring presentation
 
Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001
 
Electronics recycling webinar final presentation
Electronics recycling webinar final presentationElectronics recycling webinar final presentation
Electronics recycling webinar final presentation
 

Recently uploaded

原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
gpww3sf4
 
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...
Suzanne Lagerweij
 
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussionArtificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
Mastering the Concepts Tested in the Databricks Certified Data Engineer Assoc...
Mastering the Concepts Tested in the Databricks Certified Data Engineer Assoc...Mastering the Concepts Tested in the Databricks Certified Data Engineer Assoc...
Mastering the Concepts Tested in the Databricks Certified Data Engineer Assoc...
SkillCertProExams
 
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussionArtificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
Collapsing Narratives: Exploring Non-Linearity • a micro report by Rosie Wells
Collapsing Narratives: Exploring Non-Linearity • a micro report by Rosie WellsCollapsing Narratives: Exploring Non-Linearity • a micro report by Rosie Wells
Collapsing Narratives: Exploring Non-Linearity • a micro report by Rosie Wells
Rosie Wells
 
Burning Issue Presentation By Kenmaryon.pdf
Burning Issue Presentation By Kenmaryon.pdfBurning Issue Presentation By Kenmaryon.pdf
Burning Issue Presentation By Kenmaryon.pdf
kkirkland2
 
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussionPro-competitive Industrial Policy – OECD – June 2024 OECD discussion
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
Presentatie 8. Joost van der Linde & Daniel Anderton - Eliq 28 mei 2024
Presentatie 8. Joost van der Linde & Daniel Anderton - Eliq 28 mei 2024Presentatie 8. Joost van der Linde & Daniel Anderton - Eliq 28 mei 2024
Presentatie 8. Joost van der Linde & Daniel Anderton - Eliq 28 mei 2024
Dutch Power
 
XP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to LeadershipXP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to Leadership
samililja
 
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussionPro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
Mẫu PPT kế hoạch làm việc sáng tạo cho nửa cuối năm PowerPoint
Mẫu PPT kế hoạch làm việc sáng tạo cho nửa cuối năm PowerPointMẫu PPT kế hoạch làm việc sáng tạo cho nửa cuối năm PowerPoint
Mẫu PPT kế hoạch làm việc sáng tạo cho nửa cuối năm PowerPoint
1990 Media
 
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
OECD Directorate for Financial and Enterprise Affairs
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
OECD Directorate for Financial and Enterprise Affairs
 
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
OECD Directorate for Financial and Enterprise Affairs
 
Carrer goals.pptx and their importance in real life
Carrer goals.pptx and their importance in real lifeCarrer goals.pptx and their importance in real life
Carrer goals.pptx and their importance in real life
artemacademy2
 
ASONAM2023_presection_slide_track-recommendation.pdf
ASONAM2023_presection_slide_track-recommendation.pdfASONAM2023_presection_slide_track-recommendation.pdf
ASONAM2023_presection_slide_track-recommendation.pdf
ToshihiroIto4
 
Tom tresser burning issue.pptx My Burning issue
Tom tresser burning issue.pptx My Burning issueTom tresser burning issue.pptx My Burning issue
Tom tresser burning issue.pptx My Burning issue
amekonnen
 
2024-05-30_meetup_devops_aix-marseille.pdf
2024-05-30_meetup_devops_aix-marseille.pdf2024-05-30_meetup_devops_aix-marseille.pdf
2024-05-30_meetup_devops_aix-marseille.pdf
Frederic Leger
 
Presentatie 4. Jochen Cremer - TU Delft 28 mei 2024
Presentatie 4. Jochen Cremer - TU Delft 28 mei 2024Presentatie 4. Jochen Cremer - TU Delft 28 mei 2024
Presentatie 4. Jochen Cremer - TU Delft 28 mei 2024
Dutch Power
 

Recently uploaded (20)

原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
 
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...
 
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussionArtificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
 
Mastering the Concepts Tested in the Databricks Certified Data Engineer Assoc...
Mastering the Concepts Tested in the Databricks Certified Data Engineer Assoc...Mastering the Concepts Tested in the Databricks Certified Data Engineer Assoc...
Mastering the Concepts Tested in the Databricks Certified Data Engineer Assoc...
 
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussionArtificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
 
Collapsing Narratives: Exploring Non-Linearity • a micro report by Rosie Wells
Collapsing Narratives: Exploring Non-Linearity • a micro report by Rosie WellsCollapsing Narratives: Exploring Non-Linearity • a micro report by Rosie Wells
Collapsing Narratives: Exploring Non-Linearity • a micro report by Rosie Wells
 
Burning Issue Presentation By Kenmaryon.pdf
Burning Issue Presentation By Kenmaryon.pdfBurning Issue Presentation By Kenmaryon.pdf
Burning Issue Presentation By Kenmaryon.pdf
 
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussionPro-competitive Industrial Policy – OECD – June 2024 OECD discussion
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion
 
Presentatie 8. Joost van der Linde & Daniel Anderton - Eliq 28 mei 2024
Presentatie 8. Joost van der Linde & Daniel Anderton - Eliq 28 mei 2024Presentatie 8. Joost van der Linde & Daniel Anderton - Eliq 28 mei 2024
Presentatie 8. Joost van der Linde & Daniel Anderton - Eliq 28 mei 2024
 
XP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to LeadershipXP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to Leadership
 
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussionPro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
 
Mẫu PPT kế hoạch làm việc sáng tạo cho nửa cuối năm PowerPoint
Mẫu PPT kế hoạch làm việc sáng tạo cho nửa cuối năm PowerPointMẫu PPT kế hoạch làm việc sáng tạo cho nửa cuối năm PowerPoint
Mẫu PPT kế hoạch làm việc sáng tạo cho nửa cuối năm PowerPoint
 
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
 
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
 
Carrer goals.pptx and their importance in real life
Carrer goals.pptx and their importance in real lifeCarrer goals.pptx and their importance in real life
Carrer goals.pptx and their importance in real life
 
ASONAM2023_presection_slide_track-recommendation.pdf
ASONAM2023_presection_slide_track-recommendation.pdfASONAM2023_presection_slide_track-recommendation.pdf
ASONAM2023_presection_slide_track-recommendation.pdf
 
Tom tresser burning issue.pptx My Burning issue
Tom tresser burning issue.pptx My Burning issueTom tresser burning issue.pptx My Burning issue
Tom tresser burning issue.pptx My Burning issue
 
2024-05-30_meetup_devops_aix-marseille.pdf
2024-05-30_meetup_devops_aix-marseille.pdf2024-05-30_meetup_devops_aix-marseille.pdf
2024-05-30_meetup_devops_aix-marseille.pdf
 
Presentatie 4. Jochen Cremer - TU Delft 28 mei 2024
Presentatie 4. Jochen Cremer - TU Delft 28 mei 2024Presentatie 4. Jochen Cremer - TU Delft 28 mei 2024
Presentatie 4. Jochen Cremer - TU Delft 28 mei 2024
 

ISO 37301 Compliance Management Systems

  • 2. Your presenter Jonathan Brun President and founder of Nimonik inc., an engineer by training with a passion building world class compliance management systems. Based in Montreal, Canada
  • 3. Webinar Etiquette Webinar Video OFF Mic OFF Raise Hand Type in Chat
  • 4. Who we are and what we do Webinar
  • 5. Poll: Have you heard of the ISO 37301 standard?
  • 6. Why are we talking about ISO 37301:2022 and why now? Webinar Obligations and risk have increased significantly Need a robust system to handle all of this • ESG • Sustainability • Environmental / Climate Change • Cybersecurity • Artificial Intelligence • Others
  • 7. Topics: 1. What is ISO 37301:2022? 2. Why should you use it? 3. Where does it fit in? 4. How does it work? 5. Key definitions 6. Key elements 7. Key implementation steps 8. Q&A
  • 8. 1. What is ISO 37301:2022?
  • 9. Introduction • ISO 37301 is an international standard introduced in 2022 that provides guidance on establishing, implementing, maintaining, reviewing, and improving an effective compliance management system. • This standard helps organizations ensure they comply with legal and ethical requirements, reduce the risk of non-compliance, and improve their overall performance. • ISO 37301 provides a framework for organizations to integrate compliance into their business operations and to demonstrate their commitment to ethical behavior and social responsibility. • ISO 37301 replaces ISO 19600 1. WHAT IS ISO 37301:2022
  • 10. Introduction ISO 37301 builds on and replaces ISO 19600 (guidelines) with the following differences: • ISO 37301 is now a Type A management standard that is certifiable compatible with other Type A Management System standards such as ISO 9001, 45001, 14001, etc. • replaces should with shall statements (but not for everything) • adds whistleblowing and expands culture and governance • adds requirements for hiring or promoting staff to critical positions. • adds assessment of staff in matters of regulatory compliance. • provides description of what is considered a regulatory compliance culture. • highlights the issues of independence, staffing and skills of Regulatory Compliance to operate without interventions and with appropriate staff. • identifies Code of Ethics and Conduct as a key element in determining and controlling compliance. 1. WHAT IS ISO 37301:2022
  • 11. 2. Why should you use it?
  • 12. You have these needs ISO 37001 is applicable for organizations that: • want to modernized their corporate compliance efforts with industry best practices. • need a compliance management system for specific risk domains not currently covered by a standard. • need to better address obligations contained within existing management systems. • need an overarching assurance framework across existing compliance management systems (e.g., safety, security, environmental, EHS, ESG, etc.) 2. WHY SHOULD YOU USE IT?
  • 13. You want these benefits ISO outlines the following benefits for this standard: • improving business opportunities and sustainability. • protecting and enhancing an organization’s reputation and credibility. • considering expectations of interested parties. • demonstrating an organization’s commitment to managing its compliance risks effectively and efficiently. • increasing the confidence of third parties in the organization’s capacity to achieve sustained success. • minimizing the risk of a contravention occurring with the attendant costs and reputational damage. 2. WHY SHOULD YOU USE IT? TRUST “Organizations want to work and collaborate with companies they can trust,” “And trust is built on a company culture of doing the right thing, where every employee contributes because they understand and believe in the importance of it. Central to this is good leadership and clear values, which have to come from the top.”
  • 14. Poll: Does your organization have a compliance policy?
  • 15. 2. Why should you use it?
  • 16. Where does it fit in with other standards 3. WHERE DOES IT FIT IN? ISO 37301 is intended to work as a stand-alone system or in conjunction with others ISO 37000 ISO 37301 Governance Guidelines Compliance Management Systems ISO 31000 Risk Management Guidelines ISO 19011 Audit Management Guidelines Topic Specific Standards
  • 17. How is it the same as other ISO standards? 3. WHERE DOES IT FIT IN? • follows Annex SL structure • follows Type A MSS with respect to management system requirements. • is harmonized with other standards • is voluntary ISO 37301:
  • 18. How is it different from other ISO standards? 3. WHERE DOES IT FIT IN? Certifiable with Guidelines for Use ISO 37301 is certifiable using accredited auditors. Integration with Other Standards ISO 37301 is designed to be used with other management systems Risk Based Approach ISO 37301 emphasizes a risk-based approach to compliance management. Focus on Compliance ISO 37301 is specifically designed to manage compliance risks.
  • 19. Includes both requirements and recommendations 3. WHERE DOES IT FIT IN? SHALL Requirements SHOULD Recommendations Recommendations are found in ANNEX A (Information) Requirements are found in the body of the standard
  • 20. 7. How does it work?
  • 21. Outcome Objectives These are measures of effectiveness that need to be specified in units meaningful to the stakeholders. • Integrity • Culture • Conformity • Reputation • Value • Ethics Capabilities for the CMS to provide depend on what is specified. 4. HOW DOES IT WORK?
  • 22. Essential Behaviors These principles define essential behaviors for achieving compliance outcomes: • Integrity • Good Governance • Proportionality • Transparency • Accountability • Sustainability These behaviors need to be present within the CMS and reinforced by the organizational culture. 4. HOW DOES IT WORK?
  • 23. Essential Processes The CMS implements essential processes to achieve compliance and risk objectives: • PLAN: Commitment , Scope, Policy, Roles and responsibilities, Obligations and Risks • DO: Support, Competence and awareness, Communication and training, Operations, Controls and procedures, Documentation • CHECK: Internal audit, Management review, Monitoring and measurement, Raising concerns, Investigation process • ACT: Managing non-compliance, Continual improvement PDCA demonstrates how these processes interact with each other. However, they may not happen in sequence. For example, operating controls happen at the same time that conformance is verified. 4. HOW DOES IT WORK?
  • 24. Context These define internal and external environmental factors that need to be considered: • Legal • Social • Cultural • Digitalization • Finance • Structure • Environment • Interested parties These factors are inputs into the planning process and define the climate the CMS operates within. 4. HOW DOES IT WORK?
  • 26. Contains Requirements and Recommendations • Shall are mandatory requirements needed for certification • Should are recommendations derived from ISO 19600 and placed in Annex A 5. KEY DEFINITIONS
  • 27. Effectiveness and Compliance Compliance is the outcome of an effective CMS 5. KEY DEFINITIONS
  • 28. Management System ISO 37301 is a management system standard to achieve objectives resulting in compliance. 5. KEY DEFINITIONS
  • 29. Culture and Policy Compliance involves establishing the behaviors that align with organizational policy 5. KEY DEFINITIONS
  • 30. Obligations and Requirements Obligations are compliance requirements 5. KEY DEFINITIONS
  • 31. Objectives Objectives are the compliance commitments 5. KEY DEFINITIONS
  • 32. Uncertainty and Risk Compliance needs to contend with uncertainty to ensure obligations are met 5. KEY DEFINITIONS
  • 33. How these concepts relate to each other 5. KEY DEFINITIONS Policy Objectives Obligations Risk Culture Uncertainty COMPLIANCE CONTEXT Everything happens in the presence of uncertainty and culture
  • 34. Poll: Which application of ISO 37301 best suits your situation?
  • 36. 4. Context of the organization • This element emphasizes the importance of engaging with stakeholders and understanding their needs and expectations. • This includes identifying the compliance obligations and expectations that are relevant to the organization's activities, products, and services along with the internal and external factors that may impact its ability to meet its compliance obligations. • Key obligations include understanding the organization and its context, the needs and expectations of interest parties, and determining the scope of the compliance management system. 6. KEY ELEMENTS
  • 37. 4. Context of the organization 6. KEY ELEMENTS 4.6 Compliance risk assessment 4.5 Compliance obligations 4.4 Compliance management system 4.3 Determining the scope of compliance management system 4.2 Understanding the needs and expectations of interested parties 4.1 Understanding the organization and its context
  • 38. 4. Context of the organization 6. KEY ELEMENTS 4.6 Compliance risk assessment 4.5 Compliance obligations 4.4 Compliance management system 4.3 Determining the scope of compliance management system 4.2 Understanding the needs and expectations of interested parties 4.1 Understanding the organization and its context
  • 39. 4. Context of the organization 6. KEY ELEMENTS 4.6 Compliance risk assessment 4.5 Compliance obligations 4.4 Compliance management system 4.3 Determining the scope of compliance management system 4.2 Understanding the needs and expectations of interested parties 4.1 Understanding the organization and its context
  • 40. 4. Context of the organization 6. KEY ELEMENTS 4.6 Compliance risk assessment 4.5 Compliance obligations 4.4 Compliance management system 4.3 Determining the scope of compliance management system 4.2 Understanding the needs and expectations of interested parties 4.1 Understanding the organization and its context
  • 41. 4. Context of the organization 6. KEY ELEMENTS 4.6 Compliance risk assessment 4.5 Compliance obligations 4.4 Compliance management system 4.3 Determining the scope of compliance management system 4.2 Understanding the needs and expectations of interested parties 4.1 Understanding the organization and its context
  • 42. 4. Context of the organization 6. KEY ELEMENTS 4.6 Compliance risk assessment 4.5 Compliance obligations 4.4 Compliance management system 4.3 Determining the scope of compliance management system 4.2 Understanding the needs and expectations of interested parties 4.1 Understanding the organization and its context
  • 43. 5. Leadership • Leadership and commitment are critical for the success of the compliance management system. • This element involves establishing a compliance culture within the organization, defining a compliance policy, assigning roles and responsibilities for compliance, and providing the necessary resources and support. • Key obligations include demonstrating visible leadership and commitment to compliance, establishing clear lines of communication and reporting, and promoting a culture of ethical behavior. 6. KEY ELEMENTS
  • 44. 5. Leadership 6. KEY ELEMENTS 5.3 Roles, responsibilities and authorities 5.3.1 Governing body and top management 5.3.2 Compliance function 5.3.3 Management 5.3.4 Personnel 5.2 Compliance Policy 5.1 Leadership and Commitment 5.1.1 Governing body and top management 5.1.2 Compliance culture 5.1.3 Compliance governance
  • 45. 5. Leadership 6. KEY ELEMENTS 5.3 Roles, responsibilities and authorities 5.3.1 Governing body and top management 5.3.2 Compliance function 5.3.3 Management 5.3.4 Personnel 5.2 Compliance Policy 5.1 Leadership and Commitment 5.1.1 Governing body and top management 5.1.2 Compliance culture 5.1.3 Compliance governance
  • 46. 5. Leadership 6. KEY ELEMENTS 5.3 Roles, responsibilities and authorities 5.3.1 Governing body and top management 5.3.2 Compliance function 5.3.3 Management 5.3.4 Personnel 5.2 Compliance Policy 5.1 Leadership and Commitment 5.1.1 Governing body and top management 5.1.2 Compliance culture 5.1.3 Compliance governance
  • 47. 5. Leadership 6. KEY ELEMENTS 5.3 Roles, responsibilities and authorities 5.3.1 Governing body and top management 5.3.2 Compliance function 5.3.3 Management 5.3.4 Personnel 5.2 Compliance Policy 5.1 Leadership and Commitment 5.1.1 Governing body and top management 5.1.2 Compliance culture 5.1.3 Compliance governance
  • 48. 5. Leadership 6. KEY ELEMENTS 5.3 Roles, responsibilities and authorities 5.3.1 Governing body and top management 5.3.2 Compliance function 5.3.3 Management 5.3.4 Personnel 5.2 Compliance Policy 5.1 Leadership and Commitment 5.1.1 Governing body and top management 5.1.2 Compliance culture 5.1.3 Compliance governance
  • 49. 5. Leadership 6. KEY ELEMENTS 5.3 Roles, responsibilities and authorities 5.3.1 Governing body and top management 5.3.2 Compliance function 5.3.3 Management 5.3.4 Personnel 5.2 Compliance Policy 5.1 Leadership and Commitment 5.1.1 Governing body and top management 5.1.2 Compliance culture 5.1.3 Compliance governance
  • 50. 6. Planning • It is important to develop a comprehensive plan that integrates compliance into all areas of the organization and that takes into account the organization's values and culture. • This elements involves planning for compliance by conducting risk assessments, establishing objectives and targets, and developing action plans to address identified risks and opportunities. • Key obligations include identifying legal and ethical requirements that are applicable to the organization, assessing the risks and impacts of non-compliance, and establishing objectives and targets that are measurable and achievable. 6. KEY ELEMENTS
  • 51. 6. Planning 6. KEY ELEMENTS 6.3 Planning of changes 6.2 Compliance objectives and planning to achieve them 6.1 Actions to address risks and opportunities
  • 52. 6. Planning 6. KEY ELEMENTS 6.3 Planning of changes 6.2 Compliance objectives and planning to achieve them 6.1 Actions to address risks and opportunities
  • 53. 6. Planning 6. KEY ELEMENTS 6.3 Planning of changes 6.2 Compliance objectives and planning to achieve them 6.1 Actions to address risks and opportunities
  • 54. 7. Support • The support requirements emphasize the importance of providing the necessary resources and support to meet compliance obligations effectively and efficiently. • The element involves determining and providing the resources and support needed to establish, implement, maintain, and continually improve the CMS. • Key obligations include establishing leadership and commitment to compliance, adequate staffing, training and awareness programs, communication channels, access to compliance information, documentation and record-keeping processes. 6. KEY ELEMENTS
  • 55. 7. Support 6. KEY ELEMENTS 7.5 Documented information 7.5.1 General 7.5.2 Creating and updating documented information 7.5.3 Control of documented information 7.4 Communication 7.3 Awareness 7.2 Competence 7.2.1 General 7.2.2 Employment process 7.2.3 Training 7.1 Resources
  • 56. 7. Support 6. KEY ELEMENTS 7.5 Documented information 7.5.1 General 7.5.2 Creating and updating documented information 7.5.3 Control of documented information 7.4 Communication 7.3 Awareness 7.2 Competence 7.2.1 General 7.2.2 Employment process 7.2.3 Training 7.1 Resources
  • 57. 7. Support 6. KEY ELEMENTS 7.5 Documented information 7.5.1 General 7.5.2 Creating and updating documented information 7.5.3 Control of documented information 7.4 Communication 7.3 Awareness 7.2 Competence 7.2.1 General 7.2.2 Employment process 7.2.3 Training 7.1 Resources
  • 58. 7. Support 6. KEY ELEMENTS 7.5 Documented information 7.5.1 General 7.5.2 Creating and updating documented information 7.5.3 Control of documented information 7.4 Communication 7.3 Awareness 7.2 Competence 7.2.1 General 7.2.2 Employment process 7.2.3 Training 7.1 Resources
  • 59. 7. Support 6. KEY ELEMENTS 7.5 Documented information 7.5.1 General 7.5.2 Creating and updating documented information 7.5.3 Control of documented information 7.4 Communication 7.3 Awareness 7.2 Competence 7.2.1 General 7.2.2 Employment process 7.2.3 Training 7.1 Resources
  • 60. 7. Support 6. KEY ELEMENTS 7.5 Documented information 7.5.1 General 7.5.2 Creating and updating documented information 7.5.3 Control of documented information 7.4 Communication 7.3 Awareness 7.2 Competence 7.2.1 General 7.2.2 Employment process 7.2.3 Training 7.1 Resources
  • 61. 8. Operation • It is important to involve all stakeholders in the implementation process and to ensure that the compliance management system is integrated into all business processes. • This element involves establishing controls, communicating requirements, and providing training and awareness to ensure compliance is embedded in the organization's daily activities. • Key obligations include establishing and communicating policies and procedures, providing training and awareness programs, and implementing controls to ensure compliance. 6. KEY ELEMENTS
  • 62. 8. Operation 6. KEY ELEMENTS 8.4 Investigation processes 8.3 Raising concerns 8.2 Establishing controls and procedures 8.1 Operational planning and control
  • 63. 8. Operation 6. KEY ELEMENTS 8.4 Investigation processes 8.3 Raising concerns 8.2 Establishing controls and procedures 8.1 Operational planning and control
  • 64. 9. Performance evaluation • It is important to ensure that the evaluation process is objective, independent, and based on reliable data. • The evaluation element involves monitoring performance, conducting audits and reviews, and analyzing data to ensure the compliance management system remains effective. • Key obligations include establishing performance indicators, monitoring compliance performance, conducting audits and reviews, and analyzing data to identify areas for improvement. 6. KEY ELEMENTS
  • 65. 9. Performance evaluation 6. KEY ELEMENTS 9.3 Management review 9.3.1 General 9.3.2 Management review inputs 9.3.3 Management review results 9.2 Internal audit 9.2.1 General 9.2.2 Internal audit programme 9.1 Monitoring, measurement, analysis and evaluation 9.1.1 General 9.1.2 Sources of feedback on compliance performance 9.1.3 Development of indicators 9.1.4 Compliance reporting 9.1.5 Record- keeping
  • 66. 9. Performance evaluation 6. KEY ELEMENTS 9.3 Management review 9.3.1 General 9.3.2 Management review inputs 9.3.3 Management review results 9.2 Internal audit 9.2.1 General 9.2.2 Internal audit programme 9.1 Monitoring, measurement, analysis and evaluation 9.1.1 General 9.1.2 Sources of feedback on compliance performance 9.1.3 Development of indicators 9.1.4 Compliance reporting 9.1.5 Record- keeping
  • 67. 9. Performance evaluation 6. KEY ELEMENTS 9.3 Management review 9.3.1 General 9.3.2 Management review inputs 9.3.3 Management review results 9.2 Internal audit 9.2.1 General 9.2.2 Internal audit programme 9.1 Monitoring, measurement, analysis and evaluation 9.1.1 General 9.1.2 Sources of feedback on compliance performance 9.1.3 Development of indicators 9.1.4 Compliance reporting 9.1.5 Record- keeping
  • 68. 9. Performance evaluation 6. KEY ELEMENTS 9.3 Management review 9.3.1 General 9.3.2 Management review inputs 9.3.3 Management review results 9.2 Internal audit 9.2.1 General 9.2.2 Internal audit programme 9.1 Monitoring, measurement, analysis and evaluation 9.1.1 General 9.1.2 Sources of feedback on compliance performance 9.1.3 Development of indicators 9.1.4 Compliance reporting 9.1.5 Record- keeping
  • 69. 10. Improvement • It is important to establish a culture of continual improvement and to ensure that the compliance management system is adapted to changing circumstances. • This element involves implementing corrective and preventive actions, identifying opportunities for improvement, and continuously improving the compliance management system. • Key obligations include establishing a process for reporting and investigating non-compliance, identifying opportunities for improvement, and implementing corrective and preventive actions. 6. KEY ELEMENTS
  • 70. 10. Improvement 6. KEY ELEMENTS 10.2 Nonconformity and corrective action 10.1 Continual improvement
  • 71. 10. Improvement 6. KEY ELEMENTS 10.2 Nonconformity and corrective action 10.1 Continual improvement
  • 72. Poll: Do you see many barriers to implementing ISO 37301 at your organization?
  • 74. What to avoid 1. Lack of leadership commitment: Without leadership commitment, the compliance management system is likely to fail. The leaders of the organization need to be fully committed to the implementation of the standard, provide the necessary resources and support, and ensure that everyone in the organization understands the importance of compliance. 2. Overcomplicating the system: A compliance management system that is overly complex can be difficult to implement and maintain. It's important to keep the system simple and focus on the key compliance risks facing the organization. 3. Failure to involve stakeholders: The compliance management system should involve all relevant stakeholders, including employees, suppliers, customers, and regulators. Failure to involve these stakeholders can lead to resistance to the system and a lack of buy-in. 4. Lack of communication: Communication is critical to the success of the compliance management system. It's important to communicate the system's purpose, goals, and benefits to all stakeholders, and to keep them informed of progress and changes. 5. Insufficient training: Employees need to be trained on the compliance management system, including their roles and responsibilities, how to identify compliance risks, and how to report compliance violations. Without proper training, employees may not understand the system, which can lead to non-compliance. 6. Failure to adapt to changing circumstances: The compliance management system should be flexible and able to adapt to changing circumstances, such as changes in regulations or business operations. Failure to adapt the system can result in non-compliance. 7. Treating compliance as a one-time event: Compliance management is an ongoing process that requires continuous improvement. Treating compliance as a one-time event can lead to complacency and non-compliance. 7. KEY IMPLEMENTATION STEPS
  • 75. What is critical to success 1. Top Management Support: Having strong support from top management is essential for the successful implementation of ISO 37301. Leaders should communicate their commitment to the CMS to ensure its effective implementation and continued success. 2. Obligation Identification: Knowing your obligations is critical for effective compliance. Lack of knowledge will contribute to gaps in compliance, excessive risk, and failure to provide stakeholder assurance. This identification should include legal, regulator, and stakeholder obligations. 3. Risk Assessment: The CMS should be built around an assessment of the organization's compliance risks. This assessment should identify the risks that the organization faces and prioritize them based on their severity and likelihood of occurrence. 4. Policies and Procedures: Policies and procedures that are aligned with the organization's goals, risk profile, and compliance requirements should be developed. These policies and procedures should be communicated effectively to ensure that everyone understands their roles and responsibilities in achieving compliance. 5. Training and Awareness: All employees should receive training and awareness programs to ensure they understand their roles and responsibilities in complying with the CMS. Regular training and awareness programs should be conducted to ensure that employees remain up-to-date on changes to the CMS and the organization's compliance requirements. 6. Monitoring and Measurement: The CMS should include mechanisms for monitoring and measuring its effectiveness. This includes regular compliance audits, reviews, and assessments to ensure that the CMS is functioning effectively and meeting its objectives. 7. Continuous Improvement: The organization should continually evaluate and improve its CMS to ensure its ongoing effectiveness. The CMS should be flexible enough to adapt to changes in the organization's compliance risks, regulatory requirements, and business objectives. 7. KEY IMPLEMENTATION STEPS
  • 76. Steps to follow 7. KEY IMPLEMENTATION STEPS UNDERSTAND THE STANDARD: Read and understand the requirements of ISO 37301, and how it applies to your organization. This includes the principles, objectives, and requirements of the standard. CONDUCT A GAP ANALYSIS: Assess your organization's current compliance management system against the requirements of ISO 37301. Identify the gaps and areas for improvement. DEFINE SCOPE: Define the scope of your compliance management system. Determine which activities, processes, and functions will be covered by the system. ESTABLISH A COMPLIANCE POLICY: Develop a compliance policy that sets out your organization's commitment to complying with applicable laws, regulations, and standards. The policy should be communicated to all relevant stakeholders. DEVELOP A COMPLIANCE MANAGEMENT FRAMEWORK: Establish a compliance management framework that includes processes, procedures, and controls for managing compliance risks. This includes identifying and assessing compliance risks, implementing controls to mitigate those risks, monitoring and reviewing the effectiveness of the controls, and reporting on compliance performance. Step 1 Step 2 Step 3 Step 4 Step 5
  • 77. Steps to follow 7. KEY IMPLEMENTATION STEPS IMPLEMENT THE COMPLIANCE MANAGEMENT SYSTEM: Implement the compliance management system by providing the necessary resources, assigning roles and responsibilities, and training staff on the system. MONITOR AND MEASURE PERFORMANCE: Establish metrics and monitoring procedures to measure the effectiveness of the compliance management system. This includes regular reviews, audits, and assessments. CONTINUOUSLY IMPROVE: Continuously improve the compliance management system by analyzing performance data, identifying opportunities for improvement, and taking corrective action. GET CERTIFIED: Once your organization has implemented the compliance management system and it has been in operation for a sufficient period of time, you can seek certification to ISO 37301 from a recognized certification body. Step 6 Step 7 Step 8 Step 9
  • 80. 0. Heading This and that and some more Sub-heading