ISO 37304 Compliance Management Systems — Requirements for Bodies Providing Audit and Certification of Compliance Management Systems is currently under development, and in the Draft International Standard (DIS) stage. This standard will still have to pass through the Final Draft International Standard stage before it can be officially published, which is expected in 2026.

When published, ISO certification bodies can gain authorization to formally certify an organization’s Compliance Management System (CMS). ISO 37304 is an extension to the ISO 17021, Part 1: Requirements. This means that companies will be able to formally apply for and receive a formal ISO 37301 certificate, and gain recognition for their CMS programs.

ISO Technical Committee 309 (TC 309) is responsible for the governance and compliance standards for organizations published by ISO. A listing of the relevant standards can be found here. Important publications include:

• ISO 37300 Governance of Organizations - Guidelines

• ISO 37301 Anti-Bribery Management Systems — Requirements with Guidance for Use

• ISO 37302 Whistleblowing Management Systems — Guidelines

• ISO 37308 Internal Investigations of Organizations — Guidance

• ISO 37309 Conflict of Interest in Organizations — Guidance

The ISO standards specific to a compliance management system (CMS) include the following:

• ISO 37301 Compliance Management Systems — Requirements with Guidance for Use

  Amd 1:2024 Climate Action Changes

• ISO 37302 Compliance Management Systems — Guidance for the Evaluation of Effectiveness

• ISO 37303 Compliance Management Systems — Guidance for Competence Management

NOTE: ISO 37304 Compliance Management Systems — Requirements for Bodies Providing Audit and Certification of Compliance Management Systems is currently under development, and in the Draft International Standard (DIS) stage. ISO 37304 is an extension to the ISO 17021, Part 1: Requirements. This standard is the foundation for the audit and certification of all ISO management systems.

NOTE: The ISO 38500-series of ISO standards are maintained by ISO Steering Committee 40 (SC 40), which includes the standards on IT governance (ISO 38501), data governance (ISO 38505-series), and AI governance (ISO 38507) . Those standards can be found here.