This ISO guidance document provides a framework for establishing a “compliance management process”. The standard was published April 2021 and replaces ISO 19600:2014. Basically, follows the same format as ISO 14001 and ISO 45001. This guidance document is not specific to EHS regulatory requirements; however, the process can be used to manage an EHS program.
Here is an overview of the ISO 37301:2021 standard:
ABSTRACT
This document specifies requirements and provides guidelines for establishing, developing, implementing, evaluating, maintaining and improving an effective compliance management system within an organization.
This document is applicable to all types of organizations regardless of the type, size and nature of the activity, as well as whether the organization is from the public, private or non-profit sector.
All requirements specified in this document that refer to a governing body apply to top management in cases where an organization does not have a governing body as a separate function.
ISO 37301:2021 – Compliance management systems — Requirements with guidance for use
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Context of the organization
4.1 Understanding the organization and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the compliance management system
4.4 Compliance management system
4.5 Compliance obligations
4.6 Compliance risk assessment
5 Leadership
5.1 Leadership and commitment
5.2 Compliance policy
5.3 Roles, responsibilities and authorities
6 Planning
6.1 Actions to address risks and opportunities
6.2 Compliance objectives and planning to achieve them
6.3 Planning of changes
7 Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.3 Awareness
7.4 Communication
7.5 Documented information
8 Operation
8.1 Operational planning and control
8.2 Establishing controls and procedures
8.3 Raising concerns
8.4 Investigation processes
9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review
10 Improvement
10.1 Continual improvement
10.2 Nonconformity and corrective action