Compliance programs aimed at preventing and detecting noncompliance are an essential component of most companies’ risk management programs. If noncompliance does occur, the effectiveness of compliance programs will typically be taken into account by the government in determining the nature and extent of any enforcement that may be taken.[1]
At the same time, voluntary consensus standards have become part of the legal landscape. Though developed in a nonregulatory multistakeholder context, standards are used by governmental authorities around the world. In the U.S., the National Technology Transfer Act of 1995 directs federal agencies to use applicable standards in regulations (or demonstrate why the relevant standard should not be used).[2] A database that tracks standards that have been incorporated by reference into federal regulations has over 15,000 entries.[3]
Beginning in the late 1980s, standards development bodies began expanding into "management systems" standards aimed at high-visibility topics, including product quality, environmental protection, cybersecurity and bribery. These standards have attracted the interest of the compliance program community as well as governmental authorities. This trend began with the publication of the International Organization for Standardization’s ("ISO") ISO 9001 quality management systems standard in 1987. Implementing ISO 9001 has blossomed into a condition of doing business in many economic sectors, with over 1.1 million "certificates" having been issued by accredited third-party auditors to organizations that have implemented ISO 9001.[4]
Continue Reading via the View Media link.