Solution: Compliance Management Certification | ISO 37301
Solution: Compliance Management Certification | ISO 37301
TÜV AUSTRIA CERT GMBH
TÜV AUSTRIA-Platz 1
2345 Brunn am Gebirge
Tel: +43 (0)504 54-6048
Fax: +43 (0)504 54-8145
E-Mail: cert@tuv.at
tuv.at/cert
TÜV AUSTRIA GMBH – Brunn/Gebirge
TÜV AUSTRIA CERT GMBH
TÜV AUSTRIA-Platz 1
2345 Brunn am Gebirge
Tel: +43 (0)504 54-6048
Fax: +43 (0)504 54-8145
E-Mail: cert@tuv.at
tuv.at/cert
Accreditation
TÜV AUSTRIA Compliance Management Certification according to ISO 37301
Information, Target Audience & Prerequisites
ISO 37301 governs the Compliance Management System (CMS) and replaces ISO 19600. It establishes requirements and provides guidance for the establishment, implementation, maintenance, review, and improvement of a Compliance Management System. The standard also mandates adherence to social and ethical values.
This standard is risk-based and, like the vast majority of well-known management system standards, is structured according to the “High Level Structure.” The process-oriented approach here is based on the well-known PDCA cycle.
These compliance management systems are designed for organizations ranging from medium-sized companies up to multinational corporations, from service providers to manufacturers— across all industries, including the public, private, and nonprofit sectors, and regardless of the organization’s legal form.
A prerequisite for certification is a documented compliance management system that is integrated into and actively practiced within the organization.
The certificate is valid for three years and may be used for promotional purposes in accordance with the certification regulations. The certification logo may be used, for example, on letterhead or the website (in connection with the organization). For legal reasons, the intended use must be approved or confirmed by the certification body.
Benefits of ISO 37301 Certification
- Competitive advantages in both private and public tenders
- Strengthening a corporate culture in which integrity, transparency, and compliance are put into practice
- Corporate risks can be minimized and corruption-related costs potentially reduced
- Ensures transparency and builds trust among customers, business partners, and the public
- In the event of a dispute, the certification can serve as proof of compliance with corporate due diligence
- The ISO 37301 standard follows the same structure as ISO 9001, ISO 14001, and ISO 45001. The requirements can therefore be integrated into the existing management system without significant additional effort
ISO 37301 Certification Process
The certification process typically takes between three and five weeks. We take your individual requirements and the urgency of your certification into account right from the planning stage. We work with you to determine the exact scope, duration, and costs before the certification process begins.
1. Informational Meeting
During a non-binding and free consultation, we will inform you about the procedure for obtaining your certificate. Additionally, the following points, among others, will be clarified:
- Basic requirements for certification
- Objectives and benefits of certification
- Verification of company data and definition of the scope of certification
- Discussion of your specific requirements and wishes
Determination of the next necessary steps toward certification
Based on this informational meeting, you will receive a customized offer tailored to your organization.
2. Engagement
If you are satisfied with the offer, the certification body is engaged. After you receive an order confirmation, the certification process begins with a joint scheduling of appointments with the responsible auditor.
3. Pre-audit (optional)
A pre-audit can be conducted upon request. Based on a jointly defined framework, either specific areas or processes, or the overall situation of your organization, will be audited. This process identifies any weaknesses in the documentation and implementation of the system. Upon request, a pre-audit can provide you with a status report regarding your basic eligibility for certification, a detailed assessment of individual processes, or compliance with specific requirements of the relevant standard. The audit methodology corresponds to that of the certification audit.
4. Stage 1 Certification Audit
The Stage 1 audit serves to determine your eligibility for certification. Site-specific conditions are assessed, and necessary information regarding the scope of application is gathered. The following main points are primarily addressed in Stage 1 of the audit:
- Review of documentation for compliance and completeness in comparison with the respective standard requirements.
- Status of the management system’s implementation within the company: Does the existing management structure and the degree of implementation of the management system in the organization generally allow for certification, or are critical details still missing?
Before conducting Stage 2 of the audit, an audit plan for the actual certification audit is developed based on the knowledge gained about your organization and the management system, and this plan is coordinated with you.
5. Stage 2 Certification Audit
During Stage 2, the effectiveness of the management system implemented in your organization is assessed. This involves conducting spot checks against all requirements across departments or organizational units and along the process chains.
The fundamentals of the audit are:
- Audit planning
- the respective certification standard or the individual standard requirements specified therein
- Organization-specific documents
- General and industry-specific principles (laws, additional industry-specific standards, etc.)
After the results have been analyzed and evaluated, the audit findings as well as any deficiencies or nonconformities will be communicated to you during the closing meeting. In the event of nonconformities, corrective actions will be defined.
6. TÜV AUSTRIA Certificate
Actual certification is granted by the TÜV AUSTRIA certification body following the completion and successful conclusion of the audit and reporting based on the audit report. The certificate is issued provided the following certification requirements are met:
- Documentation and implementation of the management system
- Certification agreement (confirmation of the certification offer, the certification regulations, and the General Terms and Conditions)
- Successful completion of the audit and a corresponding recommendation from your audit team to the certification body
A certificate is issued for a term of three years. To maintain the validity of the certificate throughout its entire term, an annual surveillance audit must be conducted and successfully completed (12 months and 24 months after the certificate is issued).
7. Surveillance Audits
During the annual surveillance audit, the effectiveness and further development of the management system are reviewed on a random basis. Surveillance audits are shorter in scope and cover topics specified by accrediting bodies, key areas outlined in the audit plan, and address deficiencies identified in the previous audit.
8. Recertification Audit
This must be conducted before the certificate expires (typically after three years). In a recertification audit (often also called a renewal audit), all requirements are reviewed on a random basis, just as in a certification audit. The time required for this recertification process is shorter than that of an initial certification process (approximately two-thirds of the audit time of an initial certification process).
Following a positive certification decision, a new certificate with a validity of three years is issued.
Transport & Traffic
Bank & Insurance
Energy
Health & Medicine
Science & Research
Sports & Fitness
Leisure & Entertainment
Electronics
Construction & Real Estate
IT & Security
Foodstuffs
Tourism
Agriculture
Trade & Commerce
Sustainability
Communications Technology
Machinery
Municipalities
Automotive
Check certificate
I am looking for a solution but do not know its title.
