ISO 19600 Compliance Assurance

Facilitating effective compliance & risk management.

ISO 19600 helps establish, develop, evaluate, and maintain a compliance management system. It brings together separate strands of compliance management and risk management, and its processes align very closely with ISO 31000, another risk management standard.

ISO 19600:2014 is based on the principles of;

  • good governance,
  • proportionality,
  • transparency and;
  • sustainability.

Simply put, Compliance Management refers to a company obeying applicable laws, relevant industry standards and internal policies (e.g. codes of conduct) it has decided to implement because they impact upon its business, its staff and its treatment of consumers.

Get our checklists

Request a quick quote

Contact Us

What is ISO 19600 Compliance Management?

The guidelines on compliance management systems are applicable to all types of organizations. The extent of the application of these guidelines depends on the size, structure, nature and complexity of the organization.

Why do I need ISO 19600 Compliance Assurance?

Amongst many other things, the new standard “recommends” that organisations: “adopt a risk-based approach to compliance” and “develop a risk appetite for compliance risks”

Have you looked at our self assessment checklist yet?

We worked hard so you don’t have to: our checklists break down the standard in plain English so you can understand the requirements and what your business needs to do to get certified.

Want to speak to someone?

Contact Us

If you need more information and want answers to your questions call us, our friendly team will help.

Request a Quote

Get an obligation free quote tailored specifically to your business’s size and industry.

Learn more

Who can apply ISO 19600?

The standard provides a valuable improvement in that it can be applied to organisations. It is not exclusively designed for large companies; instead, it defines recommendations for a compliance management system that can be used by many different types of organisations. This includes companies of all sizes, foundations, associations, authorities and other organisations, both private and public. It is not necessary to register on a corresponding registry. This way, ISO 19600 covers industries and types of companies for which there were previously no recommendations.

How adaptable is the standard?

ISO 19600 is highly adaptable, as it has been designed as a guideline and can be applied to many different types of organisations. This is why there are annotations in numerous places, noting that measures must be adapted to the size and risks of the individual organisation, whether it be a large company or an association, and should always be proportionate.

Which models is the standard based on?

The standard is based on three fundamental models, which have been compiled into one compliance management system model. This includes the ‘Risk Management System’, making ISO 19600 a risk-based standard. In line with the ‘High-Level Structure’ model, the new standard complies with the structure of other management systems and can be integrated into or combined with existing management systems without any problems. The PDCA cycle is the third model that the standard is based on. PDCA stands for ‘Plan, Do, Check, Act’ and aims to establish a continuous improvement process.

Spark Solutions & Compass Assurance Services compliance impact ladder

In conjunction with the team from Spark Solutions, Compass Assurance has developed the compliance risk impact ladder.

This management system tool has been designed to assist organisations both large and small to understand how to structure compliance into their management systems.