By CAS

ISO 37301:2021 — Compliance Management

The international standard for compliance management systems — audited and certified by CAS per ISO/IEC TS 17021-13:2021. Demonstrating systematic compliance governance across legal, regulatory, and contractual obligations.

By CAS ISO 37301:2021

Apply for Certification Talk to Our Team

ISO 37301:2021

CMS

What is Compliance Management Systems?

ISO 37301:2021 specifies requirements and provides guidelines for establishing, developing, implementing, evaluating, maintaining, and improving an effective compliance management system (CMS) within an organisation. It replaced ISO 19600:2014 (Compliance management systems — Guidelines) with a fully certifiable requirements-based standard. ISO 37301:2021 is audited and certified per ISO/IEC TS 17021-13:2021, which specifies competence requirements for auditing and certification of compliance management systems. The standard covers all types of compliance obligations — legal, regulatory, industry codes, contractual commitments, and ethical standards — providing a systematic framework for compliance risk identification, assessment, and control.

Who Is This For?

Financial institutions, banks, and regulated financial services; pharmaceutical and healthcare companies; public sector organisations and government entities; multinational corporations with complex regulatory environments; any organisation seeking to demonstrate systematic compliance governance to regulators, investors, and customers.

Key Benefits

Internationally recognised compliance management system certification
Audited and certified per ISO/IEC TS 17021-13:2021 — the dedicated CMS audit standard
Demonstrates systematic compliance governance to regulators and investors
Covers all compliance obligation types: legal, regulatory, contractual, ethical
Reduces risk of regulatory violations, fines, and reputational damage
Replaces ISO 19600:2014 — now a fully certifiable requirements-based standard
Integrates with ISO 37001 (anti-bribery), ISO 9001, and other management systems
ISO Harmonized Structure enables easy integration with other ISO MSS

Certification Process

Application & Review

Submit your application. CAS reviews your organisation's scope, personnel, sites, and activities to prepare a detailed audit time calculation and formal commercial proposal.

Stage 1 — Document Review

On-site or remote review of your management system documentation, readiness assessment, and confirmation of Stage 2 audit scope and plan.

Stage 2 — On-site Audit

Full on-site audit of the implemented management system against the standard's requirements. Findings are reported; nonconformities must be closed before certification.

Certification Decision

CAS's independent certification committee reviews the audit findings and issues the certificate. The certificate is valid for 3 years.

Surveillance & Recertification

Annual surveillance audits (~1/3 of initial audit time) maintain certification. Recertification audit (~2/3 of initial time) is conducted before certificate expiry to renew for a further 3 years.

Frequently Asked Questions

What is the difference between ISO 37301 and ISO 37001?

ISO 37001 addresses specifically anti-bribery management systems. ISO 37301 is broader — it covers all types of compliance obligations including legal, regulatory, contractual, and ethical requirements across the whole organisation. The two standards are designed to be complementary and can be implemented together as an integrated compliance and anti-bribery system.

What replaced ISO 19600?

ISO 37301:2021 replaced ISO 19600:2014. The key change is that ISO 37301 is a requirements-based standard (using "shall") making it certifiable, whereas ISO 19600 was a guidelines-based standard (using "should") and was not certifiable. ISO 19600 was withdrawn upon publication of ISO 37301.

What audit standard applies to ISO 37301 certification?

ISO/IEC TS 17021-13:2021 specifies the competence requirements for auditing and certification of compliance management systems per ISO 37301. CAS applies this technical specification for all ISO 37301 certification audits.

Who benefits most from ISO 37301 certification?

Organisations in heavily regulated industries — banking, financial services, pharmaceuticals, healthcare, and public sector — gain the most direct value. However, any organisation wishing to demonstrate systematic compliance governance and reduce regulatory risk can benefit from ISO 37301 certification.

Related Services