By implementing a CMS based on ISO 37301, organizations will be able to:

The role of compliance in organizations

In the current context of increasing emphasis on an evolving and increasingly complex regulatory system, both nationally and internationally, the emergence of new responsibilities and reputational risk have led organizations to be increasingly attentive to compliance issues.

Compliance is not only the foundation, but also an opportunity for an organization to achieve sustainable success; it is an ongoing process and the result of an organization meeting its obligations.

Compliance becomes sustainable by embedding it in the culture of the organization and in the behavior and attitude of the people who work for it. While preserving its independence, it is preferable that compliance management is integrated with the organization’s other management processes and its operational requirements and procedures.

An effective organization-wide compliance management system enables the organization to demonstrate its commitment to comply with relevant laws, regulatory requirements, industry codes and organizational standards, as well as good governance standards, generally accepted best practices, ethics and community expectations.

Given the ever-changing nature of laws and regulations in different countries and regions, it is imperative for an organization to keep abreast of applicable regulations at all times. An effective compliance management system (CMS) allows for the identification of relevant requirements, ensuring compliance throughout the organization, as well as monitoring and optimizing compliance.

About the ISO 37301 reference standard

ISO 37301 can be applied to all organizations, regardless of the size, nature or complexity of their activities. CMS is based on the principles of integrity, good governance, proportionality, transparency, sustainability and legal accountability.
As with most management system standards, ISO 37301 also follows the high-level structure (Annex SL) developed by ISO.
The high-level structure (Annex SL) allows organizations to integrate different management systems, which means that organizations can either adopt a CMS as a stand-alone management system or integrate it with other existing management systems, taking into account that ISO 37301 adopts a holistic approach to compliance management.

Why is compliance management important?

For organizations seeking long-term growth and success, consistent compliance is a necessity, not an option. A CMS based on ISO 37301 requirements and guidance creates a set of tools (policies, processes and controls) within organizations that enable them to establish and maintain a culture of compliance.
Organizations with a CMS based on ISO 37301 are committed to sound standards of corporate governance, best practice and ethical conduct. However, CMS cannot completely eliminate the risk of non-compliance. In this regard, the ISO 37301 requirements and guidance improve the organization’s ability to identify and respond to non-compliance.
A CMS provides organizations with a structured approach to meeting their compliance obligations, i.e. the requirements that they must comply with on a mandatory basis, such as laws, regulations, court rulings, permits, licenses, as well as those that they voluntarily choose to comply with, such as internal policies and procedures, codes of conduct, standards and agreements with communities or NGOs.
ISO 37301 emphasizes the natural desire for compliance, which starts with setting the tone at the top of the organization. The commitment to a good compliance culture needs to be demonstrated by the organization’s governing body and top management through a compliance policy and the setting of compliance targets at different levels. In addition, the governing body and top management are also obliged to demonstrate leadership and commitment by providing the necessary resources, establishing a compliance function, defining roles and responsibilities and so on. Above all, the governing body and senior management must actively and visibly demonstrate their commitment to CMS through their actions and decisions.

Why SRAC?

• minimizing the risk of compliance breaches and, consequently, the related costs and reputational damage;
• improving business opportunities and sustainability by helping to address compliance obligations in a systematic, structured and proactive manner;
• increasing efficiency and optimizing processes relevant for compliance;
• provide reasonable assurance to stakeholders of the organization’s commitment and efforts to manage compliance risks effectively and efficiently;
• increasing the confidence of third parties in the organization’s ability to achieve sustainable success;
• increasing confidence in the organization on the international market and in the public sphere;
• provides evidence to law enforcement and prosecution authorities while increasing safety for management, employees and stakeholders;
• creates advantages in tenders and in the selection as supplier;
• association of the organization’s image with the image of the leader in Romanian certification.

Note: ISO 37301:2021 „Compliance management systems – Requirements with guidance for use” has superseded and replaced ISO 19600:2014.