1 / 26

ISO 37301:2021 (Compliance Management Systems) Awareness Training

To download this ISO 37301:2021 (Compliance Management Systems) Awareness PPT training presentation, visit: <br>https://www.oeconsulting.com.sg/training-presentations

oeconsulting
Download Presentation

ISO 37301:2021 (Compliance Management Systems) Awareness Training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ISO 37301:2021 Compliance Management Systems © Operational Excellence Consulting. All rights reserved. © Operational Excellence Consulting. All rights reserved.

  2. NOTE: This is a PARTIAL PREVIEW. To download the complete presentation, please visit: https://www.oeconsulting.com.sg Learning Objectives Provide background knowledge of ISO 37301 Gain an overview of the ISO 37301 structure Understand the ISO 37301 certification process Describe the audit approach and learn useful tips on handling an audit session 2 2 © Operational Excellence Consulting. All rights reserved. © Operational Excellence Consulting. All rights reserved.

  3. Contents 1 Overview of ISO 37301 2 ISO 37301 Structure 3 ISO 37301 Certification 4 Handling an Audit Session 3 © Operational Excellence Consulting. All rights reserved.

  4. Introduction to Compliance Management § A Compliance Management System (CMS) is a set of processes to make sure that an organization operates in accordance with all applicable laws, regulations and codes of conduct § Due to the ever-changing nature of laws and regulations across countries and regions, keeping up to date with the applicable regulations is a never-ending task § An effective CMS enables you to determine the relevant documents, to ensure compliance across the organization and to track and improve compliance 4 © Operational Excellence Consulting. All rights reserved.

  5. What is Compliance? Meeting all the needs or expectations that are stated, generally implied or obligatory that an organization has to comply with or chooses to voluntarily comply with. 5 © Operational Excellence Consulting. All rights reserved.

  6. Compliance Management Why Compliance Management? 6 © Operational Excellence Consulting. All rights reserved.

  7. Real Life Cases of Non-compliances HSBC to pay a $1.9 billion fine to regulators for a lack of adequate control processes in compliance and anti-money laundering in 2012. Facebook to pay $650 million in 2021 to settle a class action lawsuit over the use of facial recognition software for its “tagging” feature involving photographs without consent, which was prohibited under Illinois privacy law. French regulatory body Commission Nationale de L’informatique et des Libertés (CNIL) imposed a GDPR fine of €50 million in 2019 against Google for lack of transparency and valid consent. Mattel to pay $2.3 million in civil penalties for violating a federal lead paint ban that resulted in the recall of millions of its Barbie, Dora and other popular-branded toys in 2007. 7 © Operational Excellence Consulting. All rights reserved.

  8. What is ISO 37301? § ISO 37301:2021 specifies requirements and provides guidelines for establishing, developing, implementing, evaluating, maintaining and improving an effective Compliance Management System (CMS) within an organization § Published in April 2021 § Replaced ISO 19600:2014 § A certification model 8 © Operational Excellence Consulting. All rights reserved.

  9. What is the Purpose of ISO 37301? § Provides a framework to assist in the implementation of specific compliance-related requirements in any management system § Defines requirements and provides guidance for establishing, developing, implementing, evaluating, maintaining and improving an effective compliance management system in organizations 9 © Operational Excellence Consulting. All rights reserved.

  10. Who is ISO 37301 For? § Applies to all types of organizations regardless of the type, size and nature of the activity § Covers any organization from the public, private or non-profit sector 10 © Operational Excellence Consulting. All rights reserved.

  11. What is the Difference Between ISO 37301 and ISO 19600? ISO 19600 ISO 37301 § Published in 2014 § Published in April 2021 § Type B Management System Standards § Type A Management System Standards § Only a set of guidelines § Specifies requirements and provides guidelines § Not for certification § A certification standard With the publication of ISO 37301 in April 2021, the ISO 19600 is withdrawn and becomes obsolete. 11 © Operational Excellence Consulting. All rights reserved.

  12. What Benefits Can ISO 37301 Provide? § Developing a culture of compliance § Addressing and overcoming compliance issues § Protecting the organization’s reputation § Preventing and detecting unethical conduct § Improving the organization’s sustainability § Building customer trust and loyalty 12 © Operational Excellence Consulting. All rights reserved.

  13. Overview of Annex L § Although Annex L is a framework for a generic management system, it requires the addition of discipline-specific requirements to make a fully functional standard Annex L High-level structure Identical core text Common definition 13 © Operational Excellence Consulting. All rights reserved.

  14. HLS: The Same Core Elements Environment ISO 14001 Quality Management ISO 9001 THE SAME CORE ELEMENTS Occupational Health & Safety ISO 45001 Food Safety ISO 22000 ISO 37301 can be combined with existing management system standards (e.g. ISO 9001) and generic guidelines (e.g. ISO 31000). 14 © Operational Excellence Consulting. All rights reserved.

  15. ISO 37301 is Based on the ISO High-Level Structure (HLS) for Management System Standards (MSS) 6. Planning 1. Scope 7. Support 2. Normative References 3. Terms & Definitions 8. Operation 4. Context of the Organization 9. Performance Evaluation 5. Leadership 10. Improvement 15 © Operational Excellence Consulting. All rights reserved.

  16. The Plan-Do-Check-Act (PDCA) Process Model Act Plan Take actions to continually improve the CMS performance to achieve the intended outcomes Establish objectives, programs and processes necessary to deliver results in accordance with the organization’s CMS policy Check Do Monitor and measure activities and processes with regard to the CMS policy and objectives, and report the results Implement the processes of the CMS 16 © Operational Excellence Consulting. All rights reserved.

  17. Elements of a Compliance Management System OBJECTIVES INTEGRITY | CULTURE | CONFORMITY | REPUTATION | VALUE | ETHICS PRINCIPLES INTEGRITY | GOOD GOVERNANCE | PROPORTIONALITY | TRANSPARENCY | ACCOUNTABILITY | SUSTAINABILITY COMMITMENT AT ALL LEVELS DETERMINING THE SCOPE COMPLIANCE POLICY ROLES & RESPONSIBILITIES OBLIGATIONS & RISKS MANAGING NONCOMPLIANCE CONTINUAL IMPROVEMENT ACT PLAN LEADERSHIP LEADERSHIP GOVERNANCE GOVERNANCE CULTURE CULTURE CHECK DO INTERNAL AUDIT MANAGEMENT REVIEW MONITORING & MEASUREMENT RAISING AWARENESS INVESTIGATION PROCESS SUPPORT COMPETENCE & AWARENESS COMMUNICATION & TRAINING OPERATION CONTROLS & PROCEDURES DOCUMENTATION ORGANIZATION & ITS CONTEXT LEGAL | SOCIAL | CULTURAL | DIGITALIZATION | FINANCE | STRUCTURE | ENVIRONMENT | INTERESTED PARTIES Source: Based on ISO 37301:2021 17 © Operational Excellence Consulting. All rights reserved.

  18. ISO 37301 Key Clause Structure (4-10) PLAN DO CHECK ACT 4. Context of the organization 5. Leadership 6. Planning 7. Support 8. Operation 9. Performance evaluation 10. Improvement 4.1 Understanding the organization and its context 5.1 Leadership and Commitment 6.1 Actions to address risks and opportunities 7.1 Resources 8.1 Operational planning and control 9.1 Monitoring, measurement, analysis and evaluation 10.1 Continual improvement 4.2 Understanding the needs and expectations of interested parties 5.2 Compliance policy 6.2 Compliance objectives and how to achieve them 7.2 Competence 8.2 Establishing controls and procedures 9.2 Internal audit 10.2 Nonconformity and corrective action 4.3 Determining the scope of the compliance management system 5.3 Roles, responsibilities and authorities 6.3 Planning of changes 7.3 Awareness 8.3 Raising concerns 9.3 Management review 4.4 Compliance management system (CMS) 7.4 Communication 8.4 Investigation processes 4.5 Compliance obligations 7.5 Documented information 4.6 Compliance risk assessment 18 © Operational Excellence Consulting. All rights reserved.

  19. Becoming ISO 37301 Certified § The certification body examines the CMS for conformity to the ISO 37301:2021 standard § The CMS audit is a compliance audit § Certification means the organization has a documented CMS that is fully implemented and meets ISO 37301:2021 requirements § After the successful completion of the certification audit, you will receive a certificate which is valid for three years § To maintain your certification, annual surveillance audits are required 19 © Operational Excellence Consulting. All rights reserved.

  20. ISO 37301 Certification Process Implementation of Compliance Management System Conduct Internal Audit and Review Result by Top Management Selection of a Certification Body Confirmation of Registration Stage 2 Audit Stage 1 Audit Continual Improvement and Surveillance Audits 20 © Operational Excellence Consulting. All rights reserved.

  21. Audit Findings Major Non-conformity Minor Non-conformity Observation 21 © Operational Excellence Consulting. All rights reserved.

  22. How to Handle the Audit Session? § Do not panic § Ask and clarify § Admit obvious non-conformities § Offer evidence and explain patiently § Take note of improvement areas highlighted by the auditor § Show internal audit report, when necessary 22 © Operational Excellence Consulting. All rights reserved.

  23. Auditee’s Conduct § Polite § Professional § Positive / Receptive § Sincere § Commitment § Formal but not overly serious 23 © Operational Excellence Consulting. All rights reserved.

  24. Interacting with Auditors § Be honest and open § Recognize they may be experts § Realize they may not be subject matter experts § Understand the purpose of the meeting and review related records prior to interviews § Turn mobile phones to silent mode 24 © Operational Excellence Consulting. All rights reserved.

  25. Interacting with Auditors § Assume auditors are familiar with your organization’s CMS § Challenge auditors § Show more competence in ISO 37301 § Argue internally § Express unfairness § Ask for solution § Fix non-conformities on the spot 25 © Operational Excellence Consulting. All rights reserved.

  26. Operational Excellence Consulting is a management training and consulting firm that assists organizations in improving business performance and effectiveness. Based in Singapore, the firm’s mission is to create business value for organizations through innovative design and operational excellence management training and consulting solutions. For more information, please visit www.oeconsulting.com.sg 26 © Operational Excellence Consulting. All rights reserved.

More Related