Definition

ISO 37301

ISO 37301 is the international standard establishing requirements for a compliance management system within an organization.

ISO 37301:2021 replaced ISO 19600 and establishes certifiable requirements for a compliance management system. It covers identification of legal, regulatory and voluntary obligations, non-compliance risk assessment and implementation of controls to ensure sustained compliance.

Key aspects

Compliance obligations

Requires identifying and maintaining an updated register of all applicable legal, regulatory, contractual and voluntary obligations.

Compliance culture

Top management must demonstrate active leadership and foster an organizational culture where compliance is a shared value.

Compliance function

Requires establishing a compliance function with adequate authority, independence and resources to oversee the system.

Frequently asked questions

ISO 37301 addresses comprehensive regulatory compliance (all obligations). ISO 37001 focuses exclusively on anti-bribery. They are complementary and share the Annex SL structure.

Yes. Unlike its predecessor ISO 19600 (which was guidance only), ISO 37301 contains certifiable requirements by accredited bodies.

Comparison

Ready to act on these findings?

Need an assessment in this area?

Request diagnosis→View research→

Loading content…

ISO 37301

Key aspects

Compliance obligations

Compliance culture

Compliance function

Frequently asked questions

ISO 37001 vs ISO 37301: anti-bribery vs compliance management

ISO 37001 vs FCPA: anti-bribery standard vs US anti-corruption law

How to implement ISO 37001 in your organization

How to implement an integrated GRC program

Supplier due diligence: second-party audit and third-party risk assessment

Multinational corporation: 23 risk vectors identified and mitigated

Ready to act on these findings?

ISO 37301

Key aspects

Compliance obligations

Compliance culture

Compliance function

Frequently asked questions

ISO 37001 vs ISO 37301: anti-bribery vs compliance management

ISO 37001 vs FCPA: anti-bribery standard vs US anti-corruption law

How to implement ISO 37001 in your organization

How to implement an integrated GRC program

Supplier due diligence: second-party audit and third-party risk assessment

Multinational corporation: 23 risk vectors identified and mitigated

Ready to act on these findings?

ISO 37301

Key aspects

Compliance obligations

Compliance culture

Compliance function

Frequently asked questions

Related content

ISO 37001 vs ISO 37301: anti-bribery vs compliance management

ISO 37001 vs FCPA: anti-bribery standard vs US anti-corruption law

How to implement ISO 37001 in your organization

How to implement an integrated GRC program

Supplier due diligence: second-party audit and third-party risk assessment

Multinational corporation: 23 risk vectors identified and mitigated

Ready to act on these findings?

ISO 37301

Key aspects

Compliance obligations

Compliance culture

Compliance function

Frequently asked questions

Related content

ISO 37001 vs ISO 37301: anti-bribery vs compliance management

ISO 37001 vs FCPA: anti-bribery standard vs US anti-corruption law

How to implement ISO 37001 in your organization

How to implement an integrated GRC program

Supplier due diligence: second-party audit and third-party risk assessment

Multinational corporation: 23 risk vectors identified and mitigated

Ready to act on these findings?