The English word compliance has Latin roots. In the context of business law, it means something like "adherence to rules" or "conformity to rules".

In relation to management system standards, compliance plays a central role. In this context, compliance can also be seen as the action of a company or organization to achieve conformity with a specification or a commitment entered into voluntarily, for example in relation to standards, laws or agreements. Non-conformity with such commitments is sometimes also referred to as "non-compliance" (a term from ISO 19011).

When the word compliance is used in other languages, however, care must be taken. For example, the internationally recognized ISO 9000 standard for principles and terms in quality management clarifies that the French word "compliance" cannot be used as a synonym for "conformity" (meeting a requirement).

Compliance in ISO management system standards

The word compliance is not used consistently in the well-known ISO standards for management systems or is translated quite differently.

In the ISO 9001 standard for quality management systems, compliance appears neither in the English nor in the German text. The standard is dominated by phrases such as "... conformity to customer and applicable statutory and regulatory requirements".

In ISO 14001, the standard for an environmental management system, it is "compliance obligations", which are subdivided into "legal requirements" and "other requierements". If "compliance" stands without an addition, it means "compliance with obligations" in the environmental standard.

ISO 45001, on the other hand, focuses on "compliance with legal and other requirements", as well as its evaluation. The same is true for ISO 50001, the standard for an energy management system.

The well-known ISO 27001 standard for an information security management system, refers to "compliance with legal and contractual requirements" in Annex A.

Some technical rules, for example ISO/IEC 27008, also speak of "technical compliance", which must then be understood as "technical conformity".

ISO 37301 - New test bench for compliance management

Since its publication in April 2021, ISO 37301 has been a separate standard for compliance management systems. The new certifiable standard has emerged from the systematic review of the ISO 19600 guidelines (Compliance management systems - Rquirements with Guidance for Use, 2021).

Exciting topic? Read more now.

ISO 37301:2021-04 Compliance management systems - Requirements with guidance for use.

Ute Droege

DQS expert for quality management systems, long-time auditor and experienced trainer for ISO 9001.