ISO 19600 (Compliance Management)

To understand ISO 19600:2014, one needs to understand compliance. When an organisation is compliant, it means that it conforms to a rule, such as a specification, policy, standard or law. A company can be ISO certified when it follows the guidelines issued by the International Organisation for Standardisation. Compliance offers many benefits for businesses, including reduced legal problems, improved operations and safety, better public relations and higher employee retention.

With the new laws and regulations coming into play almost every week and the high cost of non-compliance, compliance management standard ISO 19600:2014 offers organisations a workable and worthwhile business solution. ISO 19600:2014 is based on the principles of good governance, proportionality, transparency and sustainability. This standard integrates risk assessments, the risk management process and compliance management in order to embed compliance within the risk-based processes of companies.  ISO 19600:2014 provides organisations with guidance on developing, establishing, evaluating, maintaining and improving a capable and responsive compliance system.

All organisations must attempt to comply with the regulatory and statutory requirements that apply to them. Despite their best efforts to align with the requirements, this may often prove difficult and can potentially lead to fiscal, legal or even criminal penalties. ISO 19600 provides comprehensive guidance with easy-to-follow examples for users wanting to implement a compliance management system to benchmark their framework against a standard.

ISO 19600 offers a risk-based approach to compliance management. By following and cooperating with ISO risk management practices, companies embed compliance within the risk-based process and ensures that the system is in alignment with the organisation’s objectives. This also establishes the basis for the implementation of a compliance management system.  ISO does not specify requirements but provides guidance on compliance management systems.

ISO 19600 follows the common high-level structure for ISO management system standards. All the standard components of a management system are adapted and supplemented to integrate compliance requirements. The processes of ISO 19600:2014 align closely with those of ISO 31000, another risk management standard. The guidance of ISO 19600 has been written in such a way that it is adaptable, and the usage of this guidance can differ based on the size and maturity level of an organisation’s compliance management system, as well as the nature, content and complexity of the organisation’s activities. This standard emphasises the use of a Plan, Do, Check, Act cycle and can be combined with any existing management system standards that the organisation may have already implemented.

ISO 19600 is a highly valuable standard, which sets up the prerequisites needed for companies to meet their various obligations. This standard offers many benefits for organisations of all sizes.

Certifications Process

The process starts with the client’s needs and expectations. DQS wants to learn about the client’s organization, its management system, size and types of operation. Together both parties will define objectives for the assessment and/or certification, including applicable standards and specifications.

DQS will provide a detailed offer for assessment and certification services, tailored to individual client needs, based on the information provided initially. A written contract will specify all relevant deliverables as well as applicable assessment and certification criteria.

A pre-audit can serve as initial performance or gap analysis, identifying strengths and areas for improvement. For larger assessment and certification projects a project planning meeting provides a valuable opportunity for the client to meet the lead assessor and develop a customized assessment plan for all functions and locations involved. Both services are optional.

The assessment procedure itself begins with review and evaluation of system documentation, goals, results of management review and internal audits. During this process, it will be determined whether the client’s management system is sufficiently developed and ready for certification. The assessor will explain findings and coordinate any required activities to prepare for the on-site system assessment.

The assigned auditor team will audit the client’s management system at the place of production or service delivery. Applying defined management system standards and specifications, the assessment team will evaluate the effectiveness of all functional areas as well as all management system processes, based upon observations, inspections, interviews, review of pertinent records, and other assessment techniques. The audit result, including all findings will be presented to the client during the closing meeting. Required action plans will be agreed upon as necessary.

The independent certification function of DQS will evaluate the audit process and its results, and decide independently about issuance of the certificate. The client receives an audit report, documenting the audit results. When all applicable requirements are fulfilled the client also receives the certificate.

Either semi-annually or at least once per year, there will be an on-site audit of the critical components of the management system. Improvement potential will be identified, with a focus on continual improvement and sustained effectiveness.

A management system certificate is valid for a limited period of time, frequently for a maximum of three years. At the end of this cycle, a re-audit will be carried out to ensure the ongoing fulfillment of all applicable requirements. Subject to this fulfillment, a new certificate will be issued.

Why DQS?

DQS is one of the leading Management System Certification, Audits, Assessment & Training organization globally. 


Truly Global Brand


Expert Auditors with High Emotional Intelligence


Local Capabilities & Delivery


Industry Leaders


Customized, Comprehensive & Actionable Insights


Pioneering Innovative Solutions


Passion for Quality & Excellence


Integrity & Trust

Want to Know more?

Ph: (080) 6661-6565 | +91 924 320 3043 | E: