ISO 19600 Compliance Management
ISO 19600 helps establish, develop, evaluate, and maintain a compliance management system. It brings together separate strands of compliance management and risk management, and its processes align very closely with ISO 31000, another risk management standard.
The guidelines on compliance management systems are applicable to all types of organizations. The extent of the application of these guidelines depends on the size, structure, nature and complexity of the organization. ISO 19600:2014 is based on the principles of good governance, proportionality, transparency and sustainability.
What is meant by Compliance Management?
Simply put, Compliance Management refers to a company obeying applicable laws, relevant industry standards and internal policies (e.g. codes of conduct) it has decided to implement because they impact upon its business, its staff and its treatment of consumers.
Amongst many other things, the new standard “recommends” that organisations: “adopt a risk-based approach to compliance” and “develop a risk appetite for compliance risks”. The standard gives comprehensive guidance with helpful and easy-to-follow examples for users wanting to implement a compliance management system or benchmark their framework against a standard.
ARE YOU READY FOR COMPLIANCE MANAGEMENT?
What does Compliance Management cover?
Who can apply ISO 19600?
The standard provides a valuable improvement in that it can be applied to organisations. It is not exclusively designed for large companies; instead it defines recommendations for a compliance management system that can be used by many different types of organisations. This includes companies of all sizes, foundations, associations, authorities and other organisations, both private and public. It is not necessary to register on a corresponding registry. This way, ISO 19600 covers industries and types of companies for which there were previously no recommendations.
How adaptable is the standard?
ISO 19600 is highly adaptable, as it has been designed as a guideline and can be applied to many different types of organisations. This is why there are annotations in numerous places, noting that measures must be adapted to the size and risks of the individual organisation, whether it be a large company or an association, and should always be proportionate.
How does ISO 19600 benefit SMEs?
SMEs can be sure that their interests are strongly represented in the working committees for ISO 19600 and by digital spirit, among others. This is reflected in the standard’s recommendations that give SMEs a greater degree of freedom to ensure compliance using their own appropriate methods.
That is why the standard expressly states that the size, structure, nature and complexity of the organisation must be taken into account. This is particularly relevant when it comes to defining compliance programs, allocating roles and resources, the scope of documentation and information procurement, for example, by using a risk management system. Otherwise, SMEs can benefit from the fact that the standard is based on the principle of proportionality and it should be possible to apply it flexibly.
In addition, ISO 19600 places particular emphasis on the role of management in establishing a compliance culture, which is crucial for the success of an effective compliance management system. There is often a strong culture of integrity and leadership in owner-run SMEs. This can be further developed, making it unnecessary to establish excessive control systems as in large anonymous companies.
Which models is the standard based on?
The standard is based on three fundamental models, which have been compiled into one compliance management system model. This includes the ‘Risk Management System’, making ISO 19600 a risk-based standard. In line with the ‘High Level Structure’ model, the new standard complies with the structure of other management systems and can be integrated into or combined with existing management systems without any problems. The PDCA cycle is the third model that the standard is based on. PDCA stands for ‘Plan, Do, Check, Act’ and aims to establish a continuous improvement process.
Top management buy-in and support is fundamental to implementing a Quality Management System…
Ensure you understand all of your internal and external requirements and have considered these in the development…
Implement the System
There is no golden rule to how to implement the system and every organisation’s requirements and circumstances will vary. But we have some key principles ….
Don’t wait until you believe your system is bullet proof or gold plated before engaging Compass Assurance Services to certify your system. …
Not all auditors and not all certification bodies are the same. We do things differently. We explain the process, we keep it simple, we only use the most skilled & experienced auditors who can communicate at all levels in your organisation and who will partner with you over the journey. Our auditors know their stuff but don’t pretend to know everything. We will share our experience and help you value add to your safety system at the same time as determining compliance.
We adapt based on your circumstances and objectives. We understand that organisations operating in high risk industries such as construction and mining require different outcomes from certification to an office based business that is just starting out on their safety journey.
We understand you want highly skilled safety auditors with experience in your industry, who understands your risks and hazards and your compliance issues.