Glossary
ISO 37301
The international standard for compliance management systems, published in 2021. ISO 37301 defines requirements for organisations to identify their compliance obligations, manage compliance risk, and maintain a culture that enables compliance. Whistleblowing channels are explicitly listed as a control. Organisations often pursue triple certification across ISO 37001 (anti-bribery), ISO 37002 (whistleblowing), and ISO 37301.
Full definition
ISO 37301:2021 is the umbrella standard for compliance management systems, replacing the older ISO 19600 guidance. It defines requirements for organizations to identify their compliance obligations, manage compliance risk, and maintain a culture that enables compliance. Whistleblowing channels are explicitly listed as a control under ISO 37301: they enable early detection of non-compliance and feed the management review cycle. Many organizations pursue triple certification: ISO 37001 (anti-bribery) plus ISO 37002 (whistleblowing) plus ISO 37301 (compliance).
Related terms
- ISO 37001 The international standard for anti-bribery management systems, published by ISO in 2016. ISO 37001 specifies requirements for an anti-bribery management system with a documented policy, due diligence on third parties, training, and a 'raise concerns' procedure that maps directly to a whistleblowing channel. An effective whistleblowing channel is widely treated as a prerequisite for certification.
- ISO 37002 The international standard for whistleblowing management systems, published by ISO in 2021. Unlike EU Directive 2019/1937, ISO 37002 is voluntary, but certification signals to regulators, customers, and investors that the organisation treats whistleblowing as a core compliance function. It is often combined with ISO 37001 (anti-bribery) and ISO 37301 (compliance management).