What is ISO 37301?
ISO 37301:2021 is an international standard that specifies requirements and provides guidelines for establishing, developing, implementing, evaluating, maintaining, and improving an effective compliance management system within an organisation.
This standard replaces ISO 19600:2014 and is designed to be certifiable, enabling organisations to demonstrate their commitment to compliance through third-party verification.
In the UK, where regulatory frameworks like the FCA, Companies Act, and Bribery Act impose stringent compliance requirements, ISO 37301 provides a structured approach to meeting these obligations effectively.
Key Elements of Compliance Management
Compliance Obligations
Identify, analyse, and maintain a comprehensive register of all applicable compliance obligations including laws, regulations, codes, and internal policies.
Compliance Risk Management
Systematic identification, assessment, and treatment of compliance risks with appropriate controls and mitigation strategies.
Compliance Culture
Foster an organisational culture where compliance is embedded in decision-making at all levels through training, awareness, and leadership commitment.
Monitoring & Reporting
Establish robust monitoring mechanisms to track compliance performance, identify breaches, and report to relevant stakeholders and authorities.
Benefits of ISO 37301 Certification
✓ Reduced Legal & Financial Risk
Minimise exposure to fines, penalties, and litigation costs through systematic compliance management and early risk detection.
✓ Enhanced Reputation
Demonstrate ethical business practices to stakeholders, customers, and regulators through independently verified compliance systems.
✓ Regulatory Confidence
Build trust with regulators including FCA, CMA, and sector-specific bodies through demonstrated commitment to compliance excellence.
✓ Competitive Advantage
Win contracts and partnerships where compliance certification is a requirement or differentiator, particularly in regulated industries.
✓ Operational Efficiency
Streamline compliance activities, reduce duplication, and integrate compliance into business processes for greater efficiency.
✓ Stakeholder Assurance
Provide investors, board members, and business partners with confidence in your organisation's governance and ethical standards.
Who Should Pursue ISO 37301?
ISO 37301 is applicable to organisations of all sizes and sectors that want to establish, maintain, and improve a compliance management system.
Financial Services
Banks, insurers, asset managers facing FCA and PRA requirements
Healthcare & Pharma
NHS trusts, pharmaceutical companies, medical device manufacturers
Energy & Utilities
Power companies, water utilities subject to Ofgem and Ofwat regulations
Construction
Contractors and developers meeting health, safety, and environmental obligations
Public Sector
Local authorities, government agencies, and public bodies
International Trade
Exporters and importers managing customs and trade compliance
The Certification Journey
Gap Analysis
We assess your current compliance practices against ISO 37301 requirements to identify gaps and develop a tailored implementation roadmap.
System Design
Develop your compliance management system including governance structure, obligation registers, risk assessments, policies, and procedures.
Implementation & Training
Roll out the compliance management system across your organisation with comprehensive training for all relevant personnel and stakeholders.
Internal Audit
Conduct thorough internal audits to verify system effectiveness and identify any remaining non-conformities before external assessment.
Certification Audit
Support through accredited certification body assessment including Stage 1 documentation review and Stage 2 implementation audit.
UK Regulatory Landscape
UK Bribery Act 2010
One of the strictest anti-corruption laws globally. ISO 37301 provides the "adequate procedures" defence through systematic anti-bribery controls.
Companies Act 2006
Director duties including promoting company success and exercising reasonable care. A compliance system demonstrates due diligence.
Financial Services Regulations
FCA and PRA requirements for regulated firms align closely with ISO 37301 compliance management principles.
Modern Slavery Act 2015
Supply chain due diligence requirements can be systematically addressed through ISO 37301 compliance frameworks.
Frequently Asked Questions
What's the difference between ISO 37301 and ISO 19600?
ISO 37301 replaces ISO 19600. The key difference is that ISO 37301 is certifiable (using "shall" requirements) while ISO 19600 was guidance-only. ISO 37301 also has stronger emphasis on governance and anti-bribery controls.
How does ISO 37301 relate to ISO 37001 (Anti-Bribery)?
ISO 37301 provides a broader compliance management framework, while ISO 37001 focuses specifically on anti-bribery. Many organisations implement both, with ISO 37001 as a component of their overall ISO 37301 system.
Is ISO 37301 mandatory in the UK?
ISO 37301 certification is voluntary. However, having a certified compliance management system can demonstrate "adequate procedures" under the Bribery Act and show due diligence to regulators.
What resources are needed to implement ISO 37301?
Requirements vary by organisation size and complexity. Typically you'll need a compliance function, senior management commitment, documented procedures, training programmes, and monitoring systems.
How Much Does ISO 37301 Cost?
The cost of ISO 37301 certification varies based on several factors. Some auditors and certifiers adopt charging models based on the project's complexity, company size, and sometimes even the company's turnover.
At Certigence, our pricing is straightforward, calculated by multiplying an agreed day rate by the number of days work. This is based on the work to be done, mitigated by any the company has done already or will be doing internally. This ensures clarity and transparency, giving you a clear understanding of the commitment before the project commences.
We provide a free telephone or Zoom enquiry with one of our auditors to find out enough about your organisation to be able to make a formal proposal without charge or obligation. This allows you to research costs for free before making any commitments!
How Can Certigence Help?
Certigence's extensive auditor network spans the entire UK and has been operating ISO systems expertise combined with industry know-how for over 25 years. This dual proficiency enables them to comprehend your unique needs and translate them into certifier-accepted procedures that genuinely suit your organisation's operations.
Our services encompass full or partial ISO system development and implementation, including GAP analysis and customised internal training to support system functionality. We craft organisation-specific reports tailored to your activities.
Beyond initial implementation, we conduct internal audits, facilitate management review meetings, and offer ongoing maintenance for short, medium, or long terms. Our presence during certification stages, if desired, ensures assessors avoid unnecessary complexity. Furthermore, we offer pre- and post-certification review services to address certifier-raised concerns, reinforcing your ISO system's effectiveness.
Process Overview
Initiation and Assessment Discussion
We engage in a free, no-obligation discussion to understand your existing systems and operations, allowing us to generate a formal proposal.
Work Commencement and Collaborative Development
Upon acceptance, collaborative work commences to create and install systems, involving you and your team to ensure alignment with your needs, your understanding and acceptance of the results and compliance with ISO standards.
Initial Assessment (Stage 1): Ensuring Systems Meet Standard
The certifier reviews that systems cover all relevant parameters correctly. You may choose to have our auditor present during the initial assessment to assist with any questions the certifier may have.
Final Evaluation (Stage 2): Achieving Certification
The auditor ensures internal audit, management review, and training aspects are covered. The certifier conducts the conclusive Stage 2 assessment, verifying operational systems' alignment with Standard requirements. Upon successful completion, you attain Certification.
Why Should You Use a Certigence Auditor?
At Certigence, we match your requirements with suitable auditors based on their industry expertise, proximity, and compatibility. In the event of a auditor's unavailability, a substitute can step in promptly, avoiding project disruptions and re-hiring expenses. Our auditors have often previously worked with certifiers, learning that side of the procedure - facilitating a seamless Certification process.
This commitment reflects in our track record - a 100% first-time certification success rate spanning over 25 years.
Ready to Speak? What Happens Next?
After contacting Certigence, you'll receive an email or a call from the Director or a auditor. Discussions about needs, timelines, reasons, and costs occur. A auditor will directly engage with you to understand your requirements and system alignment. A formal proposal is then presented for your consideration. Charges apply only from that point if you proceed with the proposal.
Build Your Compliance Culture
Partner with our compliance experts to implement a robust ISO 37301 management system that protects your organisation and demonstrates your commitment to ethical business practices.