on January 09, 2024 Auditing and Assurance Regulatory

Elevate Your Compliance Journey with ISO 37301

Subscribe to Email Updates

ISO 14001, 9001 and 45001 are well known ISO standards in the compliance world, but what is ISO 37301? Join us while we explore the contents of the standards and who could benefit from applying the clauses to their organization. 

What is ISO 37301?

ISO 37301 Compliance management systems – Requirements with guidance for use, released in 2021, is an international standing providing guidance on establishing, implementing, maintaining, reviewing, and improving an effective compliance management system. In simpler terms, ISO 37301 serves as a compass, offering clear guidance on what good looks like as it relates to compliance management. The standard is the successor to ISO 19600, first published in 2014.

Who should use ISO 37301?

The standard is designed to generically apply to all industries and businesses of all sizes to understand and manage compliance risks and ensure they operate within legal and ethical boundaries. The core tenet of ISO 37301 is the Plan-Do-Check-Act continuous improvement cycle. Like other ISO standards, 37301 is voluntary, though organizations can choose to become certified. Ideally, ISO 37301 can be used to supplement any organizations’ management system, and to guide compliance management within the overall management system.

What is included in ISO 37301?

Interested in what is included in the criteria used to assess what good looks like in relation to compliance management? Let’s dig in using a gardening metaphor.

Context of the organization

The organization's context is like tending to the conditions for a thriving plant. Just as a gardener considers soil type, lighting, water, and potential pests to foster healthy growth, organizations must identify and analyze internal and external factors impacting compliance.


Leadership is not just about overseeing. It's about actively tending to the growth, development, and overall health of the organizational garden, creating an environment where success can bloom. Successful leadership knows the way, shows the way and goes the way.

Planning & Operation

In the garden of business, planning and operation are comparable to constant care. Gardeners start each year planning the year’s garden and deciding what seeds to sow that season. Business decisions, aligned with the compliance policy, are like tending to the needs of each plant in line with the goals of the overall garden. Monitoring and adjusting ensure the organization's growth remains healthy and compliant.


Resourcing and document management can be though of as gardening tools and record keeping. To support the organizational garden and individual plant growth, people need the proper tools and proper training on how to use the tools to be successful. To ensure plants aren’t over fertilized, documents outlining the process should be made available and applications should be noted. With more than one person tending to the garden, communication to ensure plants are not over or under handled is critical to their health.

Continuous Improvement

Continuous improvement is the ongoing cultivation of the organizational garden. Skilled gardeners maintain a journal of what they planted, seasonal conditions, growth outcomes and the harvest. The skilled gardener consistently tends to the soil and introduces new techniques for optimal growth based on the previous year’s outcomes. Continuous improvement ensures the organizations evolve, adapt, and flourish within the ever-changing landscape of compliance.


Do you wonder about the strength of your current compliance culture? Are you seeking ways to enhance your bottom line through optimized compliance management?

If you're curious or if you're seeking improvement, SPAN is here to guide you. Consider reaching out to us for an ISO 37301 assessment tailored to your unique organizational landscape.

SPAN Consulting

At SPAN Consulting, we help you find the most practical solutions to your biggest problems. Our consulting practice specializes in delivering simple, effective solutions for organizations seeking to improve regulatory compliance, reduce operational risk and increase organizational effectiveness. Our experience with management systems, program development and assurance has served many clients, ranging from high-risk organizations to industry associations to regulators. Our diverse background and experience help us bring unique perspective and insights to solving your specific challenges.