DIN ISO 37301

DIN ISO 37301
Urheber: filmfoto@123RF

For certifiable compliance management systems

DIN ISO 37301

With DIN ISO 37301, an international type A standard is currently being developed as a standard with which companies can have their compliance management system certified in the future. We expect ISO 37301 to have the same significance for companies as the EU General Data Protection Regulation that came into force in 2018. The practical relevance of the new standard is particularly important. ISO 37301 defines guidelines for compliance management systems and recommended practices in the future. It is intended to support an organization in improving the general management of its compliance obligations.

DIN ISO 37301 – certifiable and relevant to practice

DIN ISO 37301 describes the requirements for organizations of all sizes and industries for the installation of an effective compliance management system. Accordingly, an effective compliance management system must be feasible and viable at all levels of an organization. In the previous draft it says:

“Organizations that want long-term success need to establish and maintain a culture of integrity and compliance with the needs and expectations of interested parties. Integrity and compliance are therefore not only the basis, but also an opportunity for a successful and sustainable organization. […] An effective organization-wide compliance management system enables an organization to demonstrate its commitment to complying with relevant laws, including legislative requirements, industry regulations and organizational standards, as well as the norms of good corporate governance, best practices, ethical principles and expectations of society. ”

What are the benefits of the new Type A standard?

ISO 37301 will become a certifiable international type A standard. It pursues a holistic approach across all industries, company sizes and areas, with practical relevance and applicability for all testing organizations. The new standard will not only specify how a compliance management system is to be introduced. It also specifies the requirements when a CMS receives a certificate. This goes well beyond the previous “guidelines” of ISO 19600. In addition, an appendix to ISO 37301 will contain practical instructions on how the standard should be used.


There are already standards according to which a compliance management system can be introduced and its implementation assessed. The internationally recognized ISO 19600 is the best-known standard, as it can be used equally for all corporate sectors and sizes. But it cannot be certified.

With the PS 980, the Institute of Public Auditors in Germany, Incorporated Association (IDW) has developed a standard. It does not only describe the procedure for introducing a CMS, but also evaluates its effectiveness. The standard is certifiable. However, it was developed for public auditors, only they can certify. It focuses on business administrative aspects.

The TR CMS 101: 2011 from TÜV Rheinland can also be certified. This standard is only certified by TÜV Rheinland.