A man smiling at another man, with a woman in the background.

Compliance

Achieving compliance excellence with standards

What does compliance mean?

The term compliance comes from "to comply with" or in other words "to follow" or "to meet". In this sense, compliance generally stands for adhering to rules and laws. This specifically means that organisations and their employees adhere to applicable laws – for example competition law – as well as internal regulations regarding ethical standards (such as respectful conduct at the workplace). Using compliance management, companies can ensure that management and employees follow these rules.

What is a compliance management system?

A compliance management system (CMS) includes all aspects in a company which play a role in ensuring that rules and laws are adhered to.Structurally, a CMS is preceded by a risk analysis, which works out which legal guidelines are particularly relevant to the company.

Based on this analysis, guidelines and measures are formulated, e.g. compliance directives and training for employees. The criteria are regularly reviewed, optionally by means of external consultation, examination or internal revision, and, if necessary, modified.

Aspects of compliance management

A qualified compliance management system includes:

  • Compliance officer with clearly defined tasks
  • Involvement of stakeholders (stakeholder engagement)
  • Compliance directives as a guideline for employees
  • Regular, compulsory compliance training for employees
  • A whistleblowing system, as is defined in ISO 37002, for example
  • Improvements, monitoring and control

Course: Update Compliance

Staying up to date in the compliance area
A woman sits in the office and smiles at the camera.

What have standards got to do with compliance?

Standards provide the basis for how a compliance management system is implemented in the company. The following standards are relevant in this field:

  • ÖNORM ISO 37301 generally deals with compliance management systems.
  • ISO 37001 deals with setting up an anti-corruption management system in particular. It is particularly important for companies with increased contact with government agencies and public authorities, as the corruption risk here is classified as particularly high.
  • In addition, ISO 37002 should be taken into account for whistleblower management systems.

Compliance management standards

ÖNORM ISO 37301

Compliance management systems – Requirements with guidance for use (ISO 37301:2021)

ISO 37001

Anti-bribery management systems – Requirements with guidance for use

ISO 37002

Whistleblowing management systems – Guidelines

Helping to shape compliance

The topic of compliance is dealt with in Committee 265 "Governance and compliance" at Austrian Standards. The responsible committee manager is Joanna Gajdek.

Four people discussing a document in the office.

Five good reasons for a compliance management system

  • 1
    Offer a framework: Clear compliance guidelines and instructions help to identify and tackle risks such as corruption or data misuse at an early stage.
  • 2
    Increase awareness of risks: Employees are made aware of and can play a role in preventing claims for damages and further legal consequences.
  • 3
    Boost efficiency: Time and resources are saved and sources of errors are reduced with standardised processes.
  • 4
    Strengthen reputation: Lawful, ethical behaviour promotes trust in the company and strengths the reputation.
  • 5
    Achieve reduced penalties: Documented compliance measures reduce the risk of fines in the event of breaches and reduce penalties in the event of sanctions.

Becoming certified – create trust

A certificate according to ISO 37301 and/or ISO 37001 is independent evidence of the effectiveness of your compliance management system.

Four people with laptops at a meeting.

Legal basis for compliance

The laws and regulations which are used as the legal basis for compliance depend on the compliance risks identified in the relevant organisation. These are often anti-corruption, competition law, data protection, cybersecurity, money laundering, exceeding working time and occupational health & safety.

Compliance knowledge

Edeltraud Muckenhuber, Thomas Riesz, Thomas Baumgartner

Interne Kontrollsysteme und Compliance für Betriebe

Basics & Best Practices der Haftungsabsicherung in Unternehmen

Barbara Neiger

Erfolgreich mit Compliance

Zur effizienten Organisation mit ISO 37301:2021. Das Praxishandbuch

Alexander Petsche, Oliver Neuper, Armin Toifl

Compliance Management Standards

Praxiskommentar zur ONR 192050, ONR 192051, ISO 19600 und ISO 37001

A woman sits in the office and smiles at the camera.

More information on compliance