ISO 37301 Checklist

Use the ISO 37301 Checklist for assessing compliance with ISO 37301 standards to ensure the effective implementation of a compliance management system.

ISO 37301 Checklist



4.1 Resources

1. Has the organization determined and provided the resources needed to establish, implement, maintain, and continually improve the compliance management system?


Photo Comment
4.2.1 Competence - General

1. Has the organization determined the necessary competence of the person(s) doing work under its control that affects its compliance performance?


Photo Comment

2. Has the organization ensured that these persons are competent based on appropriate education, training, or experience?


Photo Comment

3. Has the organization where applicable, taken actions to acquire the necessary competence and evaluate the actions' effectiveness?


Photo Comment

4. Is appropriate documented information available as evidence of competence?


Photo Comment
4.2.2 Employment Process

1. To all its personnel, has the organization developed, established, implemented, and maintained processes such that : conditions of employment require personnel to comply with the organization's compliance obligations, policies, processes, and procedures


Photo Comment

2. To all its personnel, has the organization developed, established, implemented, and maintained processes such that :within a reasonable period of their employment commencing, personnel receive a copy of, or are provided with access to, the compliance policy and training about that policy


Photo Comment

3. To all its personnel, has the organization developed, established, implemented, and maintained processes such that : appropriate disciplinary action taken against personnel who violate the organization's compliance obligations, policies, processes, and procedures


Photo Comment

4. As part of the employment process, has the organization considered the compliance risks posed by roles and personnel and applied due diligence procedures as required before hiring, transferring, and promotion?


Photo Comment

5. Has the organization implemented a process that provides for a periodic review of performance targets, performance bonuses, and other incentives to verify that appropriate measures are in place to prevent encouraging noncompliance?


Photo Comment
4.2.3 Training

1. Has the organization provided relevant personnel with training regularly from the commencement of employment and at planned intervals determined by the organization?


Photo Comment

2. Is training: appropriate to the roles of personnel and the compliance risks to which personnel are exposed


Photo Comment

3. Is training :assessed for effectiveness


Photo Comment

4. Is training:reviewed regularly


Photo Comment

5. Considering the compliance risks identified, has the organization ensured procedures are implemented to address compliance awareness and training for third parties acting on its behalf?


Photo Comment

6. Are training records retained as documented information?


Photo Comment
4.3 Awareness

1. Are persons doing work under the organization's control aware of the compliance policy?


Photo Comment

2. Are persons doing work under the organization's control aware of their contribution to the effectiveness of the compliance management system, including the benefits of improved compliance performance?


Photo Comment

3. Are persons doing work under the organization's control aware of the implications of not conforming with the compliance management system requirements?


Photo Comment

4. Are persons doing work under the organization's control aware of the means and procedures for raising compliance concerns (see 5.3)?


Photo Comment

5. Are persons doing work under the organization's control aware of the relation of the compliance policy and the compliance obligations relevant to their role?


Photo Comment

6. Are persons doing work under the organization's control aware of the importance of supporting compliance culture?


Photo Comment
4.4 Communication

1. Has the organization determined the internal and external communications relevant to the compliance management system, including: on what it will communicate


Photo Comment

2. Has the organization determined the internal and external communications relevant to the compliance management system, including:when to communicate


Photo Comment

3. Has the organization determined the internal and external communications relevant to the compliance management system, including:with whom to communicate


Photo Comment

4. Has the organization determined the internal and external communications relevant to the compliance management system, including:how to communicate


Photo Comment

5. Has the organization considered aspects of diversity and potential barriers when considering its communication needs?


Photo Comment

6. Has the organization ensured that the views of interested parties are considered in establishing its communication process(es)?


Photo Comment

7. Has the organization included communication on its compliance culture, compliance objectives, and obligations?


Photo Comment

8. Has the organization ensured that compliance information to be communicated is consistent with information generated within the compliance management system and is reliable?


Photo Comment

9. Has the organization responded to relevant communications on its compliance management system?


Photo Comment

10. Has the organization retained documented information as evidence of its communications, as appropriate?


Photo Comment

11. Has the organization internally communicated information relevant to the compliance management system among the various levels and functions of the organization, including changes to the compliance management system, as appropriate?


Photo Comment

12. Has the organization ensured its communication process(es) enables personnel to contribute to continual improvement of the compliance management system?


Photo Comment

13. Has the organization ensured its communication process(es) enables personnel to raise concerns (see 5.3)?


Photo Comment

14. Has the organization externally communicated information relevant to the compliance management system, as established by the organization's communication process(es), and included communication on its compliance culture, objectives, and obligations?


Photo Comment
4.5.1 Documented Information - General

1. Does the organization's compliance management system include the following: documented information required by this document


Photo Comment

2. Does the organization's compliance management system include the following: documented information determined by the organization as being necessary for the effectiveness of the compliance management system.


Photo Comment

3. Is the organization aware that the documented information for a compliance management system can differ from one organization to another due to the following: the size of the organization and its type of activities, processes, products, and services;


Photo Comment

4. Is the organization aware that the documented information for a compliance management system can differ from one organization to another due to the following: the complexity of processes and their interactions;


Photo Comment

5. Is the organization aware that the documented information for a compliance management system can differ from one organization to another due to the following: the competence of persons.


Photo Comment
4.5.2 Creating And Updating Documented Information

1. When creating and updating documented information, does the organization ensure appropriate:identification and description (e.g., a title, date, author, or reference number)


Photo Comment

2. When creating and updating documented information, does the organization ensure appropriate:format (e.g., language, software version, graphics) and media (e.g., paper, electronic)


Photo Comment

3. When creating and updating documented information, does the organization ensure appropriate:review and approval for suitability and adequacy


Photo Comment
4.5.3 Control Of Documented Information

1. Is documented information required by the compliance management system and is this document controlled to ensure: it is available and suitable for use where and when it is needed;


Photo Comment

2. Is documented information required by the compliance management system and is this document controlled to ensure:it is adequately protected (e.g., from loss of confidentiality, improper use, or loss of integrity).


Photo Comment

3. For the control of documented information, has the organization addressed the following activities, as applicable: distribution, access, retrieval, and use


Photo Comment

4. For the control of documented information, has the organization addressed the following activities, as applicable:storage and preservation, including preservation of legibility


Photo Comment

5. For the control of documented information, has the organization addressed the following activities, as applicable:control of changes (e.g., version control)


Photo Comment

6. For the control of documented information, has the organization addressed the following activities, as applicable:retention and disposition


Photo Comment

7. Is documented information of external origin determined by the organization to be necessary for the planning and operation of the compliance management system identified as appropriate and controlled?


Photo Comment
5.1 Operational Planning And Control

1. Has the organization planned, implemented, and controlled the processes needed to meet requirements and to implement the actions determined in Clause 3 by:establishing criteria for the processes


Photo Comment

2. Has the organization planned, implemented, and controlled the processes needed to meet requirements and to implement the actions determined in Clause 3 by:implementing control of the processes by the criteria


Photo Comment

3. Is documented information available to the extent necessary to have confidence that the processes have been carried out as planned?


Photo Comment

4. Does the organization control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects as necessary?


Photo Comment

5. Does the organization control externally provided processes, products, or services relevant to the compliance management system?


Photo Comment

6. Does the organization ensure that third-party processes are controlled and monitored?


Photo Comment
5.2 Establishing Controls And Procedures

1. Does the organization implement controls to manage its compliance obligations and associated compliance risks?


Photo Comment

2. Are these controls maintained, periodically reviewed, and tested to ensure their continuing effectiveness?


Photo Comment
5.3 Raising Concerns

1. Has the organization established, implemented, and maintained a process to encourage and enable the reporting of (in cases of reasonable grounds to believe that the information is accurate) attempted, suspected, or actual violations of the compliance policy or compliance obligations?


Photo Comment

2. Is this process: be visible and accessible throughout the organization


Photo Comment

3. Is this process:treat reports confidentially


Photo Comment

4. Is this process: accept anonymous reports


Photo Comment

5. Is this process: protect those making reports from retaliation


Photo Comment

6. Is this process: enable personnel to receive advice


Photo Comment

7. Does the organization ensure that all personnel know the reporting procedures, their rights, and protections and can use them?


Photo Comment
5.4 Investigation Processes

1. Does the organization develop, establish, implement, and maintain processes to assess, evaluate, investigate, and close reports on suspected or actual instances of noncompliance? Do these processes ensure fair and impartial decision-making?


Photo Comment

2. Do competent personnel carry out the investigation processes independently and without conflict of interest?


Photo Comment

3. Does the organization use the outcome of investigations to improve the compliance management system as appropriate (see Clause 7)?


Photo Comment

4. Does the organization regularly report on the numbers and outcomes of investigations to the governing body or top management?


Photo Comment

5. Does the organization retain documented information on the investigation?


Photo Comment
6.1.1 Monitoring, Measurement, Analysis, And Evaluation - General

1. Does the organization monitor the compliance management system to ensure compliance objectives are achieved?


Photo Comment

2. Does the organization determine the following:what needs to be monitored and measured


Photo Comment

3. Does the organization determine the following: the methods for monitoring, measurement, analysis, and evaluation, as applicable, to ensure valid results


Photo Comment

4. Does the organization determine the following:when the monitoring and measuring shall be performed


Photo Comment

5. Does the organization determine the following: when the results from monitoring and measurement shall be analyzed and evaluated


Photo Comment

6. Is documented information available as evidence of the results?


Photo Comment

7. Does the organization evaluate the compliance performance and the effectiveness of the compliance management system?


Photo Comment
6.1.2 Sources Of Feedback On Compliance Performance

1. Does the organization establish, implement, evaluate, and maintain processes for seeking and receiving feedback on its compliance performance from various sources?


Photo Comment

2. Is the information analyzed and critically assessed to identify root causes for noncompliance, ensure appropriate actions are taken, and reflect this information in the periodic risk assessment required in 1.5?


Photo Comment
6.1.3 Development Of Indicators

1. Does the organization develop, implement, and maintain a set of appropriate indicators that will assist the organization in evaluating the achievement of its compliance objectives and assessing its compliance performance?


Photo Comment
6.1.4 Compliance Reporting

1. Does the organization establish, implement, and maintain processes for compliance reporting to ensure that : appropriate criteria for reporting are defined


Photo Comment

2. Does the organization establish, implement, and maintain processes for compliance reporting to ensure that : timelines for regular reporting are established


Photo Comment

3. Does the organization establish, implement, and maintain processes for compliance reporting to ensure that : an exception reporting system is implemented that facilitates ad hoc reporting


Photo Comment

4. Does the organization establish, implement, and maintain processes for compliance reporting to ensure that : systems and processes are implemented to ensure the accuracy and completeness of information


Photo Comment

5. Does the organization establish, implement, and maintain processes for compliance reporting to ensure that : accurate and complete information is provided to the correct functions or areas of the organization to enable preventive, corrective, and remedial action to be taken on time


Photo Comment

6. Are any reports issued by the compliance function to the governing body or top management adequately protected from alteration?


Photo Comment
6.1.5 Record-Keeping

1. Are accurate, up­to­date records of the organization's compliance activities retained to assist in the monitoring and review process and demonstrate conformity with the compliance management system?


Photo Comment
6.2.1 Internal Audit - General

1. Does the organization conduct internal audits at planned intervals to provide information on whether the compliance management system conforms to: the organization's requirements for its compliance management system


Photo Comment

2. Does the organization conduct internal audits at planned intervals to provide information on whether the compliance management system conforms to:the requirements of this document


Photo Comment

3. Does the organization conduct internal audits at planned intervals to provide information on whether the compliance management system is effectively implemented and maintained?


Photo Comment
6.2.2 Internal Audit Program

1. Does the organization plan, establish, implement, and maintain an audit program(s), including the frequency, methods, responsibilities, planning requirements, and reporting?


Photo Comment

2. When establishing the internal audit program(s), does the organization consider the importance of the processes and previous audits' results?


Photo Comment

3. Does the organization: define the audit objectives, criteria, and scope for each audit


Photo Comment

4. Does the organization: select auditors and conduct audits to ensure objectivity and impartiality of the audit process


Photo Comment

5. Does the organization: ensure that the results of the audits are reported to relevant managers and management


Photo Comment

6. Is documented information available as evidence of the audit program(s) implementation and the audit results?


Photo Comment
6.3.1 Management Review - General

1. Does the governing body and top management review the organization's compliance management system at planned intervals to ensure its suitability, adequacy, and effectiveness?


Photo Comment
6.3.2 Management Review Inputs

1. Does the management review include the following: the status of actions from previous management reviews


Photo Comment

2. Does the management review include the following: changes in external and internal issues that are relevant to the compliance management system


Photo Comment

3. Does the management review include the following: changes in needs and expectations of interested parties that are relevant to the compliance management system


Photo Comment

4. Does the management review include the following:information on the compliance performance, including trends in: nonconformities, noncompliances, and corrective actions


Photo Comment

5. Does the management review include the following: information on the compliance performance, including trends in: monitoring and measurement results


Photo Comment

6. Does the management review include the following: information on the compliance performance, including trends in:audit results


Photo Comment

7. Does the management review include the following: opportunities for continual improvement


Photo Comment

8. Does the management review take into account the adequacy of the compliance policy


Photo Comment

9. Does the management review take into account the independence of the compliance function


Photo Comment

10. Does the management review take into account the extent to which the compliance objectives have been met


Photo Comment

11. Does the management review take into account the adequacy of resources


Photo Comment

12. Does the management review take into account the adequacy of the compliance risks assessment


Photo Comment

13. Does the management review take into account the effectiveness of existing controls and performance indicators


Photo Comment

14. Does the management review take into account the communication from persons raising concerns, and interested parties, including feedback (see 6.1.2) and complaints


Photo Comment

15. Does the management review take into account the investigations (see 5.4)


Photo Comment

16. Does the management review take into account the effectiveness of the reporting system


Photo Comment
6.3.3 Management Review Results

1. Do the results of the management review include decisions related to continual improvement opportunities and any need for changes to the compliance management system?


Photo Comment

2. Is documented information available as evidence of the results of management reviews?


Photo Comment
7.1 Continual Improvement

1. Does the organization continually improve the compliance management system's suitability, adequacy, and effectiveness?


Photo Comment

2. When the organization determines the need for changes to the compliance management system, are the changes planned?


Photo Comment

3. Does the organization consider: the purpose of the changes and their potential consequences


Photo Comment

4. Does the organization consider: the design and operational effectiveness of the compliance management system


Photo Comment

5. Does the organization consider: the availability of adequate resources


Photo Comment

6. Does the organization consider: the allocation or reallocation of responsibilities and authorities


Photo Comment
7.2 Nonconformity And Corrective Action

1. When a nonconformity or noncompliance occurs, does the organization: react to the nonconformity or noncompliance and, as applicable: take action to control and correct it


Photo Comment

2. When a nonconformity or noncompliance occurs, does the organization: react to the nonconformity or noncompliance and, as applicable: deal with the consequences


Photo Comment

3. When a nonconformity or noncompliance occurs, does the organization evaluate the need for action to eliminate the cause(s) of the nonconformity or noncompliance or both so that it does not recur or occur elsewhere by: reviewing the nonconformity and or noncompliance, or both


Photo Comment

4. When a nonconformity or noncompliance occurs, does the organization evaluate the need for action to eliminate the cause(s) of the nonconformity or noncompliance or both so that it does not recur or occur elsewhere by: determining the causes of the nonconformity or noncompliance, or both


Photo Comment

5. When a nonconformity or noncompliance occurs, does the organization evaluate the need for action to eliminate the cause(s) of the nonconformity or noncompliance or both so that it does not recur or occur elsewhere by: determining if similar nonconformities or noncompliances, or both, exist or can potentially occur


Photo Comment

6. When a nonconformity or noncompliance occurs, does the organization: implement any action needed


Photo Comment

7. When a nonconformity or noncompliance occurs, does the organization: review the effectiveness of any corrective action taken


Photo Comment

8. When a nonconformity or noncompliance occurs, does the organization: make changes to the compliance management system, if necessary


Photo Comment

9. Are corrective actions appropriate to the effects of the nonconformities, noncompliance, or both, encountered?


Photo Comment

10. Is documented information available as evidence of the following: the nature of the nonconformities or noncompliances, or both, and any subsequent actions taken


Photo Comment

11. Is documented information available as evidence of the following: the results of any corrective action


Photo Comment
1.1 Understanding The Organization And Its Context

1. Has the organization determined external and internal issues that are relevant to its purpose and affect its ability to achieve its compliance management system's intended result(s)?


Photo Comment

2. Has the organization considered a broad range of issues, but not limited to the following: the business model, including strategy, nature, size and scale complexity, and sustainability of the organization's activities and operations


Photo Comment

3. Has the organization considered a broad range of issues, but not limited to the following: the nature and scope of business relations with third parties


Photo Comment

4. Has the organization considered a broad range of issues, but not limited to the following: the legal and regulatory context


Photo Comment

5. Has the organization considered a broad range of issues, but not limited to the following: the economic situation


Photo Comment

6. Has the organization considered a broad range of issues, but not limited to the following:social, cultural, and environmental contexts


Photo Comment

7. Has the organization considered a broad range of issues, but not limited to the following: internal structures, policies, processes, procedures, and resources, including technology


Photo Comment

8. Has the organization considered a broad range of issues, but not limited to the following:compliance culture


Photo Comment
1.2 Understanding The Needs And Expectations Of Interested Parties

1. Has the organization determined the interested parties that are relevant to the compliance management system?


Photo Comment

2. Has the organization determined the relevant requirements of these interested parties?


Photo Comment

3. Has the organization determined which of these requirements will be addressed through the compliance management system?


Photo Comment
1.3 Determining The Scope Of The Compliance Management System

1. Has the organization determined the boundaries and applicability of the compliance management system to establish its content?


Photo Comment

2. Has the organization considered the external and internal issues referred to in 1.1?


Photo Comment

3. Has the organization considered the requirements referred to in 1.2, 1.4, and 1.5?


Photo Comment
1.4 Compliance Management System

1. Has the organization established, implemented, maintained, and continually improved a compliance management system, including the processes needed and their interactions, by the requirements of this document?


Photo Comment

2. Does the compliance management system reflect the organization's values, objectives, strategy, and compliance risks, considering the organization's context (see 1.1)?


Photo Comment
1.5 Compliance Obligations

1. Has the organization systematically identified its compliance obligations resulting from its activities, products, and services and assessed their impact on its operations?


Photo Comment

2. Does the organization have processes in place to : identify new and changed compliance obligations to ensure ongoing compliance


Photo Comment

3. Does the organization have processes in place to : evaluate the impact of the identified changes and implement any necessary changes in managing the compliance obligations


Photo Comment

4. Does the organization maintain documented information on its compliance obligations?


Photo Comment
1.6 Compliance Risk Assessment

1. Has the organization identified, analyzed, and evaluated its compliance risks based on a compliance risk assessment?


Photo Comment

2. Has the organization identified compliance risks by relating its obligations to its activities, products, services, and operations?


Photo Comment

3. Has the organization assessed compliance risks related to outsourced and third-party processes?


Photo Comment

4. Are the compliance risks assessed periodically and whenever material changes occur in circumstances or organizational contexts?


Photo Comment

5. Has the organization retained documented information on the compliance risk assessment and actions to address its compliance risks?


Photo Comment
2.1.1 Governing Body And Top Management

1. Has the governing body and top management demonstrated leadership and commitment concerning the compliance management system by ensuring that the compliance policy and compliance objectives are established and are compatible with the strategic direction of the organization?


Photo Comment

2. Has the governing body and top management demonstrated leadership and commitment concerning the compliance management system by ensuring the integration of the compliance management system requirements into the organization's business processes?


Photo Comment

3. Has the governing body and top management demonstrated leadership and commitment concerning the compliance management system by ensuring that the resources needed for the compliance management system are available?


Photo Comment

4. Has the governing body and top management demonstrated leadership and commitment concerning the compliance management system by communicating the importance of effective compliance management and conforming to the compliance management system requirements?


Photo Comment

5. Has the governing body and top management demonstrated leadership and commitment concerning the compliance management system by ensuring that the compliance management system achieves its intended result(s)?


Photo Comment

6. Has the governing body and top management demonstrated leadership and commitment concerning the compliance management system by directing and supporting persons to contribute to the effectiveness of the compliance management system?


Photo Comment

7. Has the governing body and top management demonstrated leadership and commitment concerning the compliance management system by promoting continual improvement?


Photo Comment

8. Has the governing body and top management demonstrated leadership and commitment concerning the compliance management system by supporting other relevant roles to demonstrate their leadership as it applies to their areas of responsibility?


Photo Comment

9. Do the governing body and top management establish and uphold the values of the organization?


Photo Comment

10. Do the governing body and top management ensure that policies, processes, and procedures are developed and implemented to achieve compliance objectives?


Photo Comment

11. Do the governing body and top management ensure that they are informed promptly on compliance matters, including on instances of noncompliance, and ensure that appropriate action is taken?


Photo Comment

12. Do the governing body and top management ensure that the commitment to compliance is maintained and that noncompliance and noncompliant behavior are dealt with appropriately?


Photo Comment

13. Do the governing body and top management ensure that compliance responsibilities are included in job descriptions as appropriate;?


Photo Comment

14. Do the governing body and top management appoint or nominate a compliance function (see 2.3.2)?


Photo Comment

15. Do the governing body and top management ensure that a system for raising and addressing concerns by 5.3 is established?


Photo Comment
2.1.2 Compliance Culture

1. Has the organization developed, maintained, and promoted a compliance culture at all levels?


Photo Comment

2. Has the governing body, top management, and management demonstrated an active, visible, consistent, and sustained commitment toward a common standard of behavior and conduct that is required throughout the organization?


Photo Comment

3. Does top management encourage behavior that creates and supports compliance?


Photo Comment

4. Does it prevent and not tolerate behavior that compromises compliance?


Photo Comment
2.1.3 Compliance Governance

1. Has the governing body and top management ensured direct access to the compliance function of the governing body?


Photo Comment

2. Has the governing body and top management ensured the independence of the compliance function?


Photo Comment

3. Has the governing body and top management ensured the appropriate authority and competence of the compliance function?


Photo Comment
2.2 Compliance Policy

1. Has the governing body and top management established a compliance policy that is appropriate to the purpose of the organization?


Photo Comment

2. Has the governing body and top management established a compliance policy that provides a framework for setting compliance objectives?


Photo Comment

3. Has the governing body and top management established a compliance policy that includes a commitment to meet applicable requirements?


Photo Comment

4. Has the governing body and top management established a compliance policy that includes a commitment to continual improvement of the compliance management system?


Photo Comment

5. Is the compliance policy aligned with the organization's values, objectives, and strategy?


Photo Comment

6. Does the compliance policy require compliance with the organization's compliance obligations?


Photo Comment

7. Does the compliance policy support the compliance governance principles by 2.1.3?


Photo Comment

8. Does the compliance policy refer to and describe the compliance function?


Photo Comment

9. Does the compliance policy outline the consequences of not complying with the organization's compliance obligations, policies, processes, and procedures?


Photo Comment

10. Does the compliance policy encourage the raising of concerns and prohibit any form of retaliation?


Photo Comment

11. Is the compliance policy written in plain language so that all personnel can easily understand the principles and intent?


Photo Comment

12. Is the compliance policy appropriately implemented and enforced?


Photo Comment

13. Is the compliance policy available as documented information?


Photo Comment

14. Is the compliance policy communicated within the organization?


Photo Comment

15. Is the compliance policy available to interested parties, as appropriate?


Photo Comment
2.3.1 Governing Body And Top Management

1. Does the governing body and top management ensure that the responsibilities and authorities for relevant roles are assigned and communicated within the organization?


Photo Comment

2. Does the governing body and top management assign the responsibility and authority for ensuring that the compliance management system conforms to the requirements of this document?


Photo Comment

3. Does the governing body and top management assign the reporting on the performance of the compliance management system to the governing body and top management?


Photo Comment

4. Does the governing body ensure that the top management is measured against the achievement of compliance objectives?


Photo Comment

5. Does the governing body exercise oversight over top management regarding the operation of the compliance management system?


Photo Comment

6. Does top management allocate adequate and appropriate resources to establish, develop, implement, evaluate, maintain, and improve the compliance management system?


Photo Comment

7. Does top management ensure that adequate systems of timely reporting on compliance performance are in place?


Photo Comment

8. Does top management ensure alignment between strategic and operational targets and compliance obligations?


Photo Comment

9. Does top management establish and maintain accountability mechanisms, including disciplinary actions and consequences?


Photo Comment

10. Does top management ensure the integration of compliance performance into performance appraisals of personnel?


Photo Comment
2.3.2 Compliance Function

1. Is the compliance function responsible for the operation of the compliance management system, including facilitating the identification of compliance obligations?


Photo Comment

2. Is the compliance function responsible for the operation of the compliance management system, including documenting the compliance risk assessment (see 2.6)?


Photo Comment

3. Is the compliance function responsible for the operation of the compliance management system, including aligning the compliance management system with the compliance objectives?


Photo Comment

4. Is the compliance function responsible for the operation of the compliance management system, including monitoring and measuring compliance performance?


Photo Comment

5. Is the compliance function responsible for the operation of the compliance management system, including analyzing and evaluating the performance of the compliance management system to identify any need for corrective action?


Photo Comment

6. Is the compliance function responsible for the operation of the compliance management system, including establishing a compliance reporting and documenting system?


Photo Comment

7. Is the compliance function responsible for the operation of the compliance management system, including ensuring the compliance management system is reviewed at planned intervals (see 6.2 and 6.3)?


Photo Comment

8. Is the compliance function responsible for the operation of the compliance management system, including establishing a system for raising concerns and ensuring that concerns are addressed?


Photo Comment

9. Does the compliance function exercise oversight that the responsibilities to achieve identified compliance obligations are appropriately allocated throughout the organization?


Photo Comment

10. Does the compliance function exercise oversight that the compliance obligations are integrated into policies, processes, and procedures?


Photo Comment

11. Does the compliance function exercise oversight that all the relevant personnel are trained as required?


Photo Comment

12. Does the compliance function exercise oversight that the compliance performance indicators are established?


Photo Comment

13. Does the compliance function provide personnel with access to resources on compliance policies, processes, and procedures?


Photo Comment

14. Does the compliance function provide advice to the organization on compliance-related matters?


Photo Comment
2.3.3 Management

1. Is management responsible for compliance within its area of responsibility by cooperating with and supporting the compliance function and encouraging personnel to do the same?


Photo Comment

2. Is management responsible for compliance within its area of responsibility by ensuring that all personnel within their control are complying with the organization's compliance obligations, policies, processes, and procedures?


Photo Comment

3. Is management responsible for compliance within its area of responsibility by identifying and communicating compliance risks in its operations?


Photo Comment

4. Is management responsible for compliance within its area of responsibility by integrating compliance obligations into existing business practices and procedures in their areas of responsibility?


Photo Comment

5. Is management responsible for compliance within its area of responsibility by attending and supporting compliance training activities?


Photo Comment

6. Is management responsible for compliance within its area of responsibility by developing personnel awareness of compliance obligations and directing them to meet training and competence requirements?


Photo Comment

7. Is management responsible for compliance within its area of responsibility by encouraging their personnel to raise compliance concerns supporting them, and precluding any form of retaliation?


Photo Comment

8. Is management responsible for compliance within its area of responsibility by actively participating in the management and resolution of compliance-related incidents and issues as required?


Photo Comment

9. Is management responsible for compliance within its area of responsibility by ensuring that, once the need for corrective action is identified, appropriate corrective action is recommended and implemented?


Photo Comment
2.3.4 Personnel

1. Do all personnel adhere to the organization's compliance obligations, policies, processes, and procedures?


Photo Comment

2. Do all personnel report compliance concerns, issues, and failures?


Photo Comment

3. Do all personnel participate in training as required?


Photo Comment
3.1 Actions To Address Risks And Opportunities

1. When planning for the compliance management system, does the organization consider the issues referred to in 1.1 and the requirements referred to in 1.2 and determine the risks and opportunities that need to be addressed: give assurance that the compliance management system can achieve its intended result(s)


Photo Comment

2. When planning for the compliance management system, does the organization consider the issues referred to in 1.1 and the requirements referred to in 1.2 and determine the risks and opportunities that need to be addressed: prevent or reduce undesired effects


Photo Comment

3. When planning for the compliance management system, does the organization consider the issues referred to in 1.1 and the requirements referred to in 1.2 and determine the risks and opportunities that need to be addressed:achieve continual improvement


Photo Comment

4. When planning for the compliance management system, does the organization consider the following: its compliance objectives (see 3.2)


Photo Comment

5. When planning for the compliance management system, does the organization consider the following: the compliance obligations identified (see 1.4)


Photo Comment

6. When planning for the compliance management system, does the organization consider the following: the results of the compliance risk assessment (see 1.5)


Photo Comment

7. Does the organization plan actions to address risks and opportunities?


Photo Comment

8. Does the organization plan how to: integrate and implement the actions into its compliance management system processes


Photo Comment

9. Does the organization plan how to: evaluate the effectiveness of these actions


Photo Comment
3.2 Compliance Objectives And Planning To Achieve Them

1. Does the organization establish compliance objectives at relevant functions and levels?


Photo Comment

2. Are the compliance objectives consistent with the compliance policy?


Photo Comment

3. Are the compliance objectives measurable (if practicable)?


Photo Comment

4. Are the compliance objectives taken into account applicable requirements?


Photo Comment

5. Are the compliance objectives monitored?


Photo Comment

6. Are the compliance objectives communicated?


Photo Comment

7. Are the compliance objectives updated as appropriate?


Photo Comment

8. Are the compliance objectives available as documented information?


Photo Comment

9. When planning how to achieve its compliance objectives, does the organization determine the following: what will be done


Photo Comment

10. When planning how to achieve its compliance objectives, does the organization determine the following: what resources will be required


Photo Comment

11. When planning how to achieve its compliance objectives, does the organization determine the following:who will be responsible


Photo Comment

12. When planning how to achieve its compliance objectives, does the organization determine the following: when it will be completed


Photo Comment

13. When planning how to achieve its compliance objectives, does the organization determine the following: how the results will be evaluated


Photo Comment
3.3 Planning Of Changes

1. Are the changes planned when the organization determines the need for changes to the compliance management system?


Photo Comment

Is this sample what you are looking for?
Sign up to use & customise this template, or create your own custom checklist:

Checklist by GoAudits.com – Please note that this checklist is intended as an example. We do not guarantee compliance with the laws applicable to your territory or industry. You should seek professional advice to determine how this checklist should be adapted to your workplace or jurisdiction.

Seeing is Believing

Get a live demo customized to your unique needs, or get started with a 14-day FREE trial.