Establish, implement, and maintain a compliance policy.
CONTROL ID 14807
CONTROL TYPE Establish/Maintain Documentation
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain a Governance, Risk, and Compliance framework., CC ID: 01406
This Control has the following implementation support Control(s):
Include the standard of conduct and accountability in the compliance policy., CC ID: 14813
Include the scope in the compliance policy., CC ID: 14812
Include roles and responsibilities in the compliance policy., CC ID: 14811
Include a commitment to continual improvement in the compliance policy., CC ID: 14810
Disseminate and communicate the compliance policy to interested personnel and affected parties., CC ID: 14809
Include management commitment in the compliance policy., CC ID: 14808
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
The governing body and top management, preferably in consultation with employees, should establish a compliance policy that (§ 5.2.1 ¶ 1, ISO 19600:2014, Compliance Management Systems - Guidelines, 2014-12-15, Reviewed and confirmed in 2018)
be updated, as required, to ensure it remains relevant. (§ 5.2.1 ¶ 3 Bullet 6, ISO 19600:2014, Compliance Management Systems - Guidelines, 2014-12-15, Reviewed and confirmed in 2018)
ensuring that the compliance policy and compliance objectives are established and are consistent with the values, objectives and strategic direction of the organization (see 6.2); (§ 5.1 ¶ 1 b), ISO 19600:2014, Compliance Management Systems - Guidelines, 2014-12-15, Reviewed and confirmed in 2018)
establish a compliance policy in accordance with 5.2.2; (§ 5.3.3 ¶ 1 a), ISO 19600:2014, Compliance Management Systems - Guidelines, 2014-12-15, Reviewed and confirmed in 2018)
be appropriately implemented and enforced; (§ 5.2 ¶ 2 bullet 8, ISO 37301:2021 Compliance management systems â Requirements with guidance for use, First Edition, Edition 1)