ISO 37301:2021 is the international standard that sets requirements for implementing, maintaining and improving a Compliance Management System (CMS). Published in April 2021 by ISO, it replaced the ISO 19600:2014 guidance document, elevating compliance from voluntary guidance to a certifiable standard with auditable requirements. Its structure follows the High Level Structure (HLS) shared by ISO 9001, ISO 14001 and ISO 45001, which makes integration into existing management systems straightforward without duplicating documentation.
The standard covers any type of compliance obligation: criminal and anti-corruption (linking to UNE 19601 and ISO 37001), tax and fiscal, environmental and waste (articulable with ISO 14001), personal data protection (GDPR, linking to ISO 27701), employment and equality, and sector-specific regulation. Its 'umbrella system' architecture allows each compliance vertical to have its own documented controls within a unified governance structure, with a compliance officer function, a compliance register, a risk assessment programme and a periodic internal audit cycle.
For a Spanish SME or mid-market company, ISO 37301 delivers three concrete benefits: first, it reduces the criminal exposure of the management body by demonstrating due diligence in the control system; second, it facilitates access to public tenders and corporate clients that require evidence of compliance as a supplier approval requirement; third, it consolidates in a single audited file all the regulatory traceability that today lives scattered across the tax adviser, the lawyer, the OHS manager and the DPO. Summum accompanies the entire process through to certification, which is issued by an ENAC-accredited certification body (such as AENOR, Bureau Veritas, SGS or DNV).