ISO 19600

Definition:

Bei der im Dezember 2014 veröffentlichten ISO 19600:2014 handelt es sich um eine internationale Guideline zum Thema Compliancemanagement-System ("Compliance management systems — Guidelines"). Hierbei wird Compliance als die Erfüllung aller Compliance-Verpflichtungen eines Unternehmens verstanden. Compliance-Verpflichtungen sind gesetzliche verpflichtende oder freiwillige Verpflichtungen, also unternehmensspezifische sowie branchenspezifische Verpflichtungen, Codex-Verpflichtungen, Governance-Verpflichtungen und dergleichen.

("Compliance is an outcome of an organization meeting its obligations, and is made sustainable by embedding it in the culture of an organization and in the behaviour and attitude of people working for it. Policies and procedures to achieve compliance must be integrated into all aspects of how the organization operates. Compliance should not be seen as a stand‐alone activity, but should be part of the organization’s overall strategic objectives. An effective compliance management system will support these objectives. Compliance management should, while maintaining its independence, be integrated with the organization’s financial, risk, quality, environmental and health and safety management systems and its operational requirements and procedures.") [Quelle: ISO 19600]

Das dem ISO-Standard zugrunde liegende Modell enthält im Wesentlichen zwei Phasen: Die erste Phase, welche in der Einführung des Compliancemanagement-Systems besteht, und die zweite Phase, die im Betrieb des Systems besteht. In der ersten Phase müssen die Ziele und Anwendungsbereiche des Compliancemanagement-Systems definiert werden. Auf dieser Basis wird die Compliance-Strategie bzw. -Politik definiert. Die Schnittstelle zur zweiten Phase wird durch einen risikobasierten Ansatz hergestellt. In dieser Phase werden die Compliance-Risiken und -Anforderungen identifizieren und analysiert. In einem weiteren Schritt wird die Aufbauorganisation mit entsprechenden Verantwortlichkeiten definiert. Diese Elemente werden durch prozessuale Schritte begleitet: Entwicklung (development), Umsetzung (implementation), Evaluierung (evaluation) und Aufrechterhaltung (maintenance).

Die Guideline folgt der folgenden Struktur:

  • Foreword
  • Introduction
  • 1 Scope
  • 2 Normative references
  • 3 Terms and definition
  • 4 Context of the organization
  • 4.1 Understanding the organization and its context
  • 4.2 Understanding the needs and expectations of interested parties
  • 4.3 Determining the scope of the compliance management system
  • 4.4 Compliance management system and principles of good governance
  • 4.5 Compliance obligations
  • 4.5.1 Identification of compliance obligations
  • 4.5.2 Maintenance of compliance obligations
  • 4.6 Identification, analysis and evaluation of compliance risks
  • 5 Leadership
  • 5.1 Leadership and commitment
  • Examples of commitment
  • 5.2 Compliance policy
  • 5.2.1 General
  • 5.2.2 Development
  • 5.3 Organizational roles, responsibilities and authorities
  • 5.3.1 General
  • 5.3.2 Assigning responsibility in the organization
  • 5.3.3 Governing body and top management role and responsibility
  • 5.3.4 Compliance function
  • 5.3.5 Management responsibilities
  • 5.3.6 Employee responsibility
  • 6 Planning
  • 6.1 Actions to address compliance risks
  • 6.2 Compliance objectives and planning to achieve them
  • 7 Support
  • 7.1 Resources
  • 7.2 Competence and training
  • 7.2.1 Competence
  • 7.2.2 Training
  • 7.3 Awareness
  • 7.3.1 General
  • 7.3.2 Behaviours
  • 7.4 Communication
  • 7.4.1 General
  • 7.4.2 Internal communication
  • 7.4.3 External communication
  • 7.5 Documented information
  • 7.5.1 General
  • 7.5.2 Creating and updating
  • 7.5.3 Control of documented information
  • 8 Operation
  • 8.1 Operational planning and control
  • 8.2 Establishing controls and procedures
  • 8.3 Outsourced Processes
  • 9 Performance evaluation
  • 9.1 Monitoring, measurement, analysis and evaluation
  • 9.1.1 General
  • 9.1.2 Monitoring
  • 9.1.3 Sources of feedback on compliance performance
  • 9.1.4 Methods of information collection
  • 9.1.5 Information analysis and classification
  • 9.1.6 Development of indicators
  • 9.1.7 Compliance reporting
  • 9.1.8 Content of compliance reports
  • 9.1.9 Record‐keeping
  • 9.2 Audit
  • 9.3 Management review
  • 10 Improvement
  • 10.1 Nonconformity, noncompliance and corrective action
  • 10.1.1 General
  • 10.1.2 Escalation
  • 10.2 Continual improvement
  • Bibliography

RiskNET Intensiv-Seminare

Die Intensiv-Seminare der RiskAcademy® konzentrieren sich auf Methoden und Instrumente für evolutionäre und revolutionäre Wege im Risikomanagement. Die Seminare sind modular aufgebaut und bauen inhaltlich aufeinander auf (Basis, Fortgeschrittene, Vertiefung).

Neues aus der RiskNET Mediathek
By accessing the video, you agree that your data (e.g. your IP address) is transmitted to Vimeo. For more information, please see our privacy policy.Always load vimeo videos

Rückblick RiskNET Summit 2022

By accessing the video, you agree that your data (e.g. your IP address) is transmitted to Vimeo. For more information, please see our privacy policy.Always load vimeo videos

Interview mit Professor em. Dr. Günther Schmid

By accessing the video, you agree that your data (e.g. your IP address) is transmitted to Vimeo. For more information, please see our privacy policy.Always load vimeo videos

Interview mit Profi-Bergsteiger David Göttler

By accessing the video, you agree that your data (e.g. your IP address) is transmitted to Vimeo. For more information, please see our privacy policy.Always load vimeo videos

Interview mit Dr. Alexander Fink (ScMI)

By accessing the video, you agree that your data (e.g. your IP address) is transmitted to Vimeo. For more information, please see our privacy policy.Always load vimeo videos

Interview mit Oberstleutnant Thorsten Kodalle (Führungsakademie der Bundeswehr)

By accessing the video, you agree that your data (e.g. your IP address) is transmitted to Vimeo. For more information, please see our privacy policy.Always load vimeo videos

Rückblick und Impressionen RiskNET Summit 2021

By accessing the video, you agree that your data (e.g. your IP address) is transmitted to Vimeo. For more information, please see our privacy policy.Always load vimeo videos

Interview mit Tom Theisejans, IT-Notfallbeauftragter, Deutsche Bahn Konzern

By accessing the video, you agree that your data (e.g. your IP address) is transmitted to Vimeo. For more information, please see our privacy policy.Always load vimeo videos

Interview mit Prof. Schmid: Globaler Ordnungsanspruch, made in China

By accessing the video, you agree that your data (e.g. your IP address) is transmitted to Vimeo. For more information, please see our privacy policy.Always load vimeo videos

Interview mit Dr. Christian Glaser: Wirecard & Co.: Warum sich große Betrugsfälle immer wieder ereignen

By accessing the video, you agree that your data (e.g. your IP address) is transmitted to Vimeo. For more information, please see our privacy policy.Always load vimeo videos

Interview mit Prof. Dr. Michael Huth zu Risiken in der Supply Chain

By accessing the video, you agree that your data (e.g. your IP address) is transmitted to Vimeo. For more information, please see our privacy policy.Always load vimeo videos

Rückblick und Impressionen RiskNET Summit 2020

By accessing the video, you agree that your data (e.g. your IP address) is transmitted to Vimeo. For more information, please see our privacy policy.Always load vimeo videos

Interview mit Prof. Dr. Jürgen Döllner, Hasso-Plattner-Institut (HPI), Universität Potsdam

By accessing the video, you agree that your data (e.g. your IP address) is transmitted to Vimeo. For more information, please see our privacy policy.Always load vimeo videos

Interview mit Prof. Dr. Günther Schmid, vormals Bundesnachrichtendienst

By accessing the video, you agree that your data (e.g. your IP address) is transmitted to Vimeo. For more information, please see our privacy policy.Always load vimeo videos

Dialog zwischen Harald Philipp, Mountainbike Abenteurer und Frank Romeike, Gründer des Kompetenzportals RiskNET

By accessing the video, you agree that your data (e.g. your IP address) is transmitted to Vimeo. For more information, please see our privacy policy.Always load vimeo videos

Interview mit Tamara Lunger über die Gratwanderung auf den höchsten Bergen der Welt

Risk Academy

The seminars of the RiskAcademy® focus on methods and instruments for evolutionary and revolutionary ways in risk management.

More Information
Newsletter

The newsletter RiskNEWS informs about developments in risk management, current book publications as well as events.

Register now
Solution provider

Are you looking for a software solution or a service provider in the field of risk management, GRC, ICS or ISMS?

Find a solution provider
Ihre Daten werden selbstverständlich vertraulich behandelt und nicht an Dritte weitergegeben. Weitere Informationen finden Sie in unseren Datenschutzbestimmungen.