ISO 19600, Compliance management systems - Guidelines, is a compliance standard introduced by the International Organization for Standardisation (ISO) in April 2014. As its title suggests, it operates as an advisory standard and is not used for accreditation or certification.
This standard was developed by ISO Project Committee ISO/PC 271, which was chaired by Martin Tolar. In recent times technical committee ISO/TC 309 has been created and the maintenance and future development of ISO 19600 will be undertaken by members of this committee.
Currently, ISO/TC 309 is in the process of developing ISO/DIS 37301 , which is except to replace ISO 19600. The main difference between these two standards is that, when published, ISO 37301 will establish requirements for the implementation of a compliance management system, as opposed to USO 19600 which only provides recommendations. This means that in the future, organizations can have their compliance management system (CMS) verified through an independent third party 
Standards Australia proposed a new ISO standard, based on the existing Australian standard "AS 3806 - Compliance Programs", which was issued in 1998 and updated in 2006. This standard is more widely used in the financial industry, being endorsed by Australian Prudential Regulation Authority and the Australian Securities and Investment Commission. The published version of ISO 19600:2014 is similar to AS 3806:2006 standard, and will replace it.
The draft stage of ISO 19600 was completed in April 2014; the final version was published on 5 December 2014.
Main requirements of the standard
The ISO 19600:2014 adopts the "ISO High Level Structure (HSL)" in 10 main clauses in the following breakdown :
- 1 Scope
- 2 Normative references
- 3 Terms and definitions
- 4 Context of the organization
- 5 Leadership
- 6 Planning
- 7 Support
- 8 Operation
- 9 Performance Evaluation
- 10 Improvement
Structure of the standard
ISO 19600 helps organizations establish, develop, evaluate, and maintain a compliance management system. It brings together separate standards of compliance management and risk management, and its processes align very closely with ISO 31000, another risk management standard.
Many existing compliance standards focus on one specific regulatory requirement or topic area; ISO 19600 aims to unify these, so organizations can work within a single framework rather than several different ones focussing on different standards. Unlike PS 980, ISO does not mandate any specific auditing requirements. ISO 19600 is "based on the principles of good governance, proportionality, transparency and sustainability".
Like other related ISO standards, it emphasises the use of a Plan, Do, Check, Act (PDCA) cycle.
|2014||ISO 19600 (1st Edition)|
- "Austria: ISO 19600: compliance management systems — guidelines". TheLawyer.com. Retrieved 3 May 2015.
- Hortensius, Dick. "What Is The General Idea Behind The Proposed ISO 19600?". Ethic Intelligence. Retrieved 3 May 2015.
- "ISO 19600: Your questions, our answers". digital spirit. 2015. Retrieved 3 May 2015.
- "ISO 19600:2014: Compliance management systems -- Guidelines". ISO. Retrieved 3 May 2015.