BS ISO 19600:2014 pdf free
BS ISO 19600:2014 pdf free.Compliance management systems – Guidelines
The organization should identify and evaluate its compliance risks. This evaluation can be based on a formal compliance risk assessment or conducted via alternative approaches. Compliance risk assessment constitutes the basis for the implementation of the compliance management system and the planned allocation of appropriate and adequate resources and processes to manage identified compliance risks.
The organization should identify compliance risks by relating its compliance obligations to its activities, products, services and relevant aspects of its operations in order to identify situations where noncompliance can occur. The organization should identify the causes for and consequences of noncompliance.
The organization should analyse compliance risks by considering causes and sources of noncompliance and the severity of their consequences, as well as the likelihood that noncompliance and associated consequences can occur. Consequences can include, for example, personal and environmental harm, economic loss, reputational harm and administrative liability.
Risk evaluation involves comparing the level of compliance risk found during the analysis process with the level of compliance risk the organization is able and willing to accept. Based on this comparison, priorities can be set as a basis for determining the need for implementing controls and the extent of these controls (see 6.1).
The compliance risks should be reassessed periodically and whenever there are:
一new or changed activities, products or services;
一changes to the structure or strategy of the organization;
一significant external changes, such as financial-economic circumstances, market conditions,liabilities and client relationships;
一changes to compliance obligations (see 4.5);
一noncompliance(s).
NOTE 1 The extent and level of detail of the compliance risk asssment are dependent on the risk situation, context, size and objectives of the organization and can vary for specific sub-areas (e.g environment, financial, social).
NOTE 2 The risk-based approach to compliance management does not mean that for low compliance risk situations, noncompliance is accepted by the organization. It assists organizations in focussing primary attention and resources on higher risks as a priority, and ultimately will cover all compliance risks. All identified compliance risks/situations are subject to monitoring, correction and corrective action.BS ISO 19600 pdf download.