CompliWiseAI
Governance · Global

ISO 37301 documentation generator

ISO 37301 specifies requirements for a Compliance Management System (CMS) — a structured way to identify, manage and demonstrate compliance with legal, regulatory and contractual obligations. It replaced the ISO 19600 guidance.

ISO 37301 gives SMEs a single, certifiable way to manage the growing web of legal, regulatory and contractual obligations they face — rather than tackling each in isolation. It centres on a compliance obligations register, a compliance risk assessment, a compliance function, and a culture of doing the right thing. CompliWiseAI generates the CMS documentation set — compliance policy, obligations register, risk assessment, controls and a whistleblowing procedure — tailored to your organization.

Documents we generate for ISO 37301

10 required documents, each tailored to your company and structured for audit.

Compliance Management Scope & Context

Required

Boundaries and context of the compliance management system.

Policy · ISO 37301 §4

Compliance Policy

Required

Management commitment to compliance and ethical conduct.

Policy · ISO 37301 §5.2

Compliance Function & Responsibilities

Required

The compliance function, its independence and accountabilities.

Policy · ISO 37301 §5.3

Compliance Obligations Register

Required

Record of legal, regulatory and contractual obligations and their status.

Risk register · ISO 37301 §6.1

Compliance Risk Assessment

Required

Identifies and evaluates compliance risks and their treatment.

Risk register · ISO 37301 §6.1

Compliance Objectives & Plan

Required

Measurable compliance objectives and plans to achieve them.

Policy · ISO 37301 §6.2

Compliance Controls & Procedures

Required

Operational controls that address compliance obligations and risks.

SOP · ISO 37301 §8

Compliance Culture & Training

Required

Building awareness and a culture of compliance.

Training · ISO 37301 §7.3

Raising Concerns (Whistleblowing) Procedure

Required

Confidential reporting of compliance concerns without retaliation.

SOP · ISO 37301 §8.3

Monitoring, Audit & Management Review

Required

Monitoring compliance performance and reviewing the system.

Log template · ISO 37301 §9

ISO 37301 readiness checklist

  • CMS scope and context defined
  • Compliance policy approved
  • Compliance function established
  • Compliance obligations register maintained
  • Compliance risk assessment performed
  • Compliance controls operating
  • Compliance training delivered
  • Monitoring and management review conducted

ISO 37301 — frequently asked questions

What is ISO 37301?+

ISO 37301:2021 is the international standard for compliance management systems. It helps organizations identify their obligations, manage compliance risk, and demonstrate a culture of compliance.

How is it different from ISO 27001?+

ISO 27001 manages information security specifically; ISO 37301 manages compliance with legal and regulatory obligations across the whole organization. They can run side by side.

What is a compliance obligations register?+

It is the central record of the laws, regulations, standards and contractual commitments that apply to you, how each applies, and your compliance status — the backbone of an ISO 37301 system.

Start your ISO 37301 documentation free

Create a workspace, add ISO 37301, and generate your first audit-ready document in minutes.