‎ his document specifies requirements and provides guidelines for establishing, developing, implementing,

T
‎evaluating, maintaining and improving an effective compliance management system within an organization
‎Clear, practical and easy-to-follow documented operating
‎policies, processes, procedures and work instructions
‎ n effective, organization-wide compliance management system enables an organization
A
‎to demonstrate its commitment to comply with relevant laws, regulatory requirements,
‎Systems and exception reports ‎industry codes and organizational standards, as well as standards of good governance,
‎generally accepted best practices, ethics and community expectations.
‎Approvals
‎ eed or expectation that is stated, generally
n
‎The segregation of incompatible roles and responsibilities ‎Requirement
‎implied or obligatory

‎Automated processes r‎ equirements that an organization mandatorily

‎Compliance obligations ‎has to comply with as well as those that an
‎Annual compliance plans ‎Controls ‎organization voluntarily chooses to comply with
‎Intro ‎Terms
‎Personnel performance plans ‎ eeting all the organization’s compliance
m
‎Compliance
‎obligations
‎Compliance assessments and audits
s‎ et of interrelated or interacting elements of an
‎Demonstrated management commitment and exemplary ‎Management System ‎organization to establish policies and objectives
‎behaviour, and other measures to promote compliant behaviour ‎as well as processes to achieve those objectives

‎standards and values ‎Improving business opportunities and sustainability

‎Active, open and frequent communication
‎on the expected behaviour of employees
‎codes of conduct
‎Protecting and enhancing an organization’s reputation and credibility

‎The organization's compliance policy and procedures ‎Taking into account expectations of interested parties

‎The objectives, targets, structure and content of the compliance management system ‎ emonstrating an organization’s commitment to
D
‎managing its compliance risks effectively and efficiently
‎The allocation of roles and responsibilities for compliance ‎Benefits
I‎ ncreasing the confidence of third parties in the
‎A register of relevant compliance obligations ‎organization’s capacity to achieve sustained success

‎Compliance risk registers and prioritization of the treatment ‎ ocumented

D ‎ inimizing the risk of a contravention occurring with
M
‎based on the compliance risk assessment process ‎information ‎the attendant costs and reputational damage

‎A register of noncompliances, near misses and investigations

‎laws and regulations
‎Annual compliance plans
‎permits, licences or other forms of authorization
‎Personnel records, including, but not limited to, training records
‎Must comply with ‎orders, rules or guidance issued by regulatory agencies
‎The audit process, audit schedule and associated audit records
‎judgments of courts or administrative tribunals
‎The organization shall establish, implement and maintain a process to encourage and enable the
‎reporting of attempted, suspected or actual violations of the compliance policy or compliance obligations ‎treaties, conventions and protocols

‎be visible and accessible throughout the organization ‎ greements with community groups or
a
‎ aising
R ‎Requirements ‎non-governmental organizations
‎concerns
‎treat reports confidentially
‎agreements with public authorities and customers
‎accept anonymous reports ‎This process shall:
‎organizational requirements, such as policies and procedures
‎protect those making reports from retaliation ‎ oluntarily
V
‎chooses to ‎voluntary principles or codes of practice
‎comply with
‎enable personnel to receive advice
‎voluntary labelling or environmental commitments

‎A clear set of published values

‎ bligations arising under contractual
o
‎arrangements with the organization
‎Management actively and visibly implementing and abiding by the values

‎relevant organizational and industry standards

‎Consistency in the treatment of noncompliances, regardless of position

‎Mentoring, coaching and leading by example

‎the business model

‎An appropriate pre-employment assessment of potential
‎personnel for critical functions including due diligence
‎the nature and scope of business relations with third parties

‎An induction or orientation programme that emphasizes

‎the legal and regulatory context
‎compliance and the organization's values
‎ xternal and
E
‎ ngoing compliance training, including updates to the
O ‎Compliance ‎internal issues
‎the economic situation

‎training to all personnel and relevant interested parties ‎culture

‎social, cultural and environmental contexts

‎Ongoing communication on compliance issues

i‎nternal structures, policies, processes,
‎procedures and resources, including technology
‎ erformance appraisal systems that consider the assessment of
P
‎compliance behaviour and take into account performance pay to
‎its compliance culture
‎achieve compliance key performance measures and outcomes
‎ISO 37301:2021 ‎ Context of
4
‎4.1 Understanding the organization and its context
‎A visible recognition of achievements in compliance management and outcomes
‎ ompliance management
C ‎the organization
‎Prompt and proportionate disciplining in the case of wilful ‎4.2 Understanding the needs and expectations of interested parties
‎or negligent violations of compliance obligations ‎systems — Requirements
‎4.3 Determining the scope of the compliance management system
‎A clear link between the organization's strategy and individual roles, ‎with guidance for use ‎4.4 Compliance management system
‎emphasizing compliance as essential to achieving organizational outcomes
03.05.2023 www.patreon.com/AndreyProzorov
‎Open and appropriate communication about compliance, internally and externally ‎4.5 Compliance obligations

‎4.6 Compliance risk assessment

‎Facilitating the identification of compliance obligations

‎Documenting the compliance risk assessment

‎5.1.1 Governing body and top management
‎Aligning the compliance management system with the compliance objectives
‎5.1 Leadership and commitment ‎5.1.2 Compliance culture
‎Monitoring and measuring compliance performance
‎5.1.3 Compliance governance
‎Analysing and evaluating the performance of the compliance ‎Compliance
‎management system to identify any need for corrective action ‎function ‎5 Leadership ‎5.2 Compliance policy

‎Establishing a compliance reporting and documenting system ‎5.3.1 Governing body and top management

‎Ensuring the compliance management system is reviewed at planned intervals ‎5.3.2 Compliance function
‎ .3 Roles, responsibilities
5
‎and authorities
‎Establishing a system for raising concerns and ensuring that concerns are addressed ‎5.3.3 Management

‎5.3.4 Personnel
‎Integrity

‎Culture
‎6.1 Actions to address risks and opportunities
‎Conformity
‎Objectives ‎6 Planning ‎6.2 Compliance objectives and planning to achieve them
‎Reputation
‎6.3 Planning of changes

‎Value

‎Ethics ‎7.1 Resources

‎Integrity ‎7.2 Competence

‎Good Governance ‎7 Support ‎7.3 Awareness

‎7.4 Communication
‎Proportionality
‎Principles
‎7.5 Documented information
‎Transparency

‎Accountability
‎8.1 Operational planning and control
‎Sustainability
‎8.2 Establishing controls and procedures
‎Commitment at all levels ‎8 Operation
‎8.3 Raising concerns
‎Determining the scope
‎8.4 Investigation processes
‎Compliance policy ‎Plan

‎Roles and responsibilities ‎9.1 Monitoring, measurement, analysis and evaluation

‎General Model
‎Obligations and risks ‎9 Performance evaluation ‎9.2 Internal audit

‎Support ‎9.3 Management review

‎Competence and awareness

‎10.1 Continual improvement
‎Communication and training ‎10 Improvement
‎Do ‎10.2 Nonconformity and corrective action
‎Operation

‎Controls and procedures

‎PDCA
‎Annex A Guidance for the use of this document
‎Documentation

‎Internal audit

‎Management review

‎Monitoring and measurement ‎Check

‎Raising concerns

‎Investigation process

‎Managing noncompliance
‎Act
‎Continual improvement