Lumiform Mobile audits & inspections
Get App Get App

ISO 19600 Checklist: How to Create an Effective CMS

The ISO 19600 Compliance Management Systems is a comprehensive guide for creating and developing effective compliance systems for every type of organization - preventing non-compliance and helping develop a competent work culture.

What Is an ISO 19600 Checklist?

The ISO 19600 is a document created by the International Organization for Standardization (ISO) that serves as a guide for organizations in creating a Compliance Management System. The norm’s processes align rather closely with those of the ISO 31000, a risk management standard.

A Compliance Management System (CMS) refers to the processes and structures of an organization that is responsible for maintaining compliance to various standards and government regulations. This is vitally important because standards and regulations are continuously changing due to how fast things are progressing on a global and national scale. Therefore

These swift changes of regulations and standards pose risks to the compliance of organizations. Due to this, the International Organization for Standardization (ISO) has created the ISO 19600 Compliance Management System to serve as a guide for any type of organization that wants to create, implement, and develop an effective compliance system.

With an ISO 19600 checklist you can identify if your organization follows the ISO recommendations and can also include propositions as to how to improve the organization according to the ISO 19600.

In this article, you will learn:

1. How To Follow the ISO 19600 in 4 Steps

2. Which 3 Key Areas You Should Improve According to the ISO 19600

3. How You Can Successfully Introduce a ISO 19600 Approved CMS With a Digital Checklist

CMS Management Strategy Discussion

Follow the ISO 19600 Compliance Management System in 4 Steps

There are many self-queries listed in the ISO 19600, and it is clearly divided into four core procedures that need to be checked-off:

1. Understand the Organization and ISO 19600 Core Principles

To be able to create a compliance management system the first step is to understand the current situation of the organization and its processes. And this means analyzing three important factors.

1. Consider the stakeholders who are or feel affected by establishing compliance management systems. This also involves knowing their requirements and addressing their concerns. And this is crucial because the support of these stakeholders is needed in order to establish the compliance system.

2. Consider the scope of the compliance management system and determine the specific boundaries such as their position in the current organizational structure as well as how large the applicability of the system may be.

3. It is also critical that you understand the three key principles of ISO 19600 Compliance Management Systems which are:

  1. The compliance system should always be accessible by the governing body (a group that directs the organization top management)
  2. The compliance system should be independent
  3. The compliance system should have sufficient authority and resources

2. Identify Compliance Obligations

The next step in an ISO 19600 checklist is to identify the compliance obligations of your organization when establishing, developing, and improving a compliance management system. Compliance obligations heavily depend on the type of your organization and its current goals but it is also important to consider the organization’s size, structure, and operations.

Below are examples of compliance obligations that an organization may have:

  • Laws
  • Permits and Licenses
  • Administrative Orders and Guidances
  • Treaties and Protocols
  • Agreements with Communities, Public Heads, and Customers
  • Codes of Practice
  • Contractual Obligations
  • Industry Standards

3. Monitor Updates on Compliance Obligations

As the world is ever-changing, swift developments may occur also on the front of compliance obligations. That is why the ISO 19600 checklist recommends creating various methods to constantly be updated on compliance obligations and then subsequently creating processes that enable being immediately able to react and introduce necessary changes accordingly. In that way, the ISO 19600 is not only a compliance management system but also functions as a preventive measure to ensure your company is always up to date.

Below are examples of methods that can be used to constantly be updated on compliance obligations:

  • Include your organization in the mailing list of regulators such as government agencies, international organizations, and professional associations
  • Register as a member of relevant international organizations and associations
  • Subscribe to services that constantly send updates
  • Regularly attend relevant seminars and forums
  • Hire informed legal advisors

4. Analyze and Evaluate Compliance Risks

After identifying possible compliance risks, the next step is to analyze each one and to subsequently create a compliance risk evaluation based on the risk’s probability and severity. You essentially ask yourself how likely the identified risk is to occur and how severe the consequences of it occurring would be for your organization.

During your compliance risk analysis, it is also recommended to assess the sources and the consequences of any non-compliance. This includes possible penalties, sanctions, liabilities, financial losses, and negative effects on life or the environment.

The evaluation process involves a comparison of each compliance risk and then separating which compliance risks are not acceptable and acceptable to the organization. This way, a priority list will be created and will serve as a guide for establishing and developing a compliance management system.

The 3 Key Areas to Improve According to the ISO 19600 Checklist

Aside from the aforementioned procedures of establishing and developing a compliance management system, there are three key areas that you should focus on which contribute greatly to the effectiveness of the ISO 19600. Below are brief details of each area as well as some recommendations on how to improve them:

1. Leadership

How do the governing body and top management show their commitment to upholding the organizations’ core values whilst establishing and developing a compliance management system? Leadership here not only refers to the qualities of its top management and governing body but also on how those in leading positions establish and develop the organization’s structure.

That is why the ISO 19600 checklist recommends the following commandments:

  • The compliance management system should be in accordance with the organization’s goals, direction, and values.
  • Leaders should communicate the value of a compliance management system to the members of the organization
  • Leaders should ensure that the planned outcome of the compliance management system is achieved.
  • Leaders should firmly establish accountability on the assigned responsibilities

2. Planning

Planning should include the actions to control the priority compliance risks that an organization faces. According to the ISO 19600, an effective plan will ensure that the intended outcome of the compliance management system will be achieved. Thus, a plan prevents any unwanted effects of non-compliance and creates room for improvement.

To effectively plan, the ISO 19600 checklist recommends aiming for the qualities:

  • Consistency
  • Measurability
  • Easily Monitored
  • Easily Communicated
  • Easily Revised

3. Support

Support refers to the resources allotted for establishing and developing a compliance management system. Allocated resources should be adequate to the organization’s size, objectives, values, and structure. Otherwise, the compliance system won’t be effective.

Aside from resources, the ISO 19600 also recommends conducting trainings, spreading awareness, communicating properly, and creating documentation which will aid in gaining support from organization members and stakeholders.

Female Manager Organising CMS

Successfully Introduce a CMS According to ISO 19600 Standards

With Lumiform’s mobile app and desktop software, it has never been easier to establish Compliance Management Systems according to ISO 19600 standards since our flexible checklist builder allows you to keep an eye on every area of your organization and conduct inspections anytime and anywhere.

Conduct audits according to the ISO 19600 standard via tablet or smartphone – online or offline, so there is no need for complicated ISO 19600 sheets or PDFs. With the desktop software, you create checkpoints for your ISO audit checklist and the app then guides you through the audit without a chance of you forgetting any important queries. This significantly reduces the risk of quality loss, documentation failures, or compliance errors.

Clean, transparent and flexible documentation helps you meet any requirements of the IS0 19600, no matter how often regulations change:

Try Lumiform for free

Digital CMS Audit App
Share this content:

Your contact for all questions concerning ISO 19600 Checklist

You have questions or would like to schedule a personal demo? We are happy to help you!