oSIST ISO/DIS 37303:2024

SLOVENSKI STANDARD
01-oktober-2024
Sistemi za upravljanje skladnosti - Smernice za vodenje kompetenc
Compliance management systems - Guidelines for competence management
Systèmes de management de la conformité — Lignes directrices pour la gestion des
compétences
Ta slovenski standard je istoveten z: ISO/DIS 37303
ICS:
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
03.100.02 Upravljanje in etika Governance and ethics
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

DRAFT
International
Standard
ISO/DIS 37303
ISO/TC 309
Compliance management
Secretariat: BSI
systems — Guidelines for
Voting begins on:
competence management
2024-06-06
ICS: 03.100.02; 03.100.01
Voting terminates on:
2024-08-29
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENTS AND APPROVAL. IT
IS THEREFORE SUBJECT TO CHANGE
AND MAY NOT BE REFERRED TO AS AN
INTERNATIONAL STANDARD UNTIL
PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
This document is circulated as received from the committee secretariat.
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS.
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION.
Reference number
DRAFT
International
Standard
ISO/DIS 37303
ISO/TC 309
Compliance management
Secretariat: BSI
systems — Guidelines for
Voting begins on:
competence management
ICS: 03.100.02; 03.100.01
Voting terminates on:
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENTS AND APPROVAL. IT
IS THEREFORE SUBJECT TO CHANGE
AND MAY NOT BE REFERRED TO AS AN
INTERNATIONAL STANDARD UNTIL
PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
© ISO 2024
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
STANDARDS MAY ON OCCASION HAVE TO
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
This document is circulated as received from the committee secretariat. BE CONSIDERED IN THE LIGHT OF THEIR
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
or ISO’s member body in the country of the requester.
NATIONAL REGULATIONS.
ISO copyright office
RECIPIENTS OF THIS DRAFT ARE INVITED
CP 401 • Ch. de Blandonnet 8
TO SUBMIT, WITH THEIR COMMENTS,
CH-1214 Vernier, Geneva
NOTIFICATION OF ANY RELEVANT PATENT
Phone: +41 22 749 01 11
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION.
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland Reference number
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Competence management . 2
4.1 General .2
4.2 Objectives of competence management .2
4.3 Determining competence needs .3
4.3.1 General .3
4.3.2 Organizational competence .4
4.3.3 Governing body and top management competence .4
4.3.4 Compliance function competence .4
4.3.5 Management competence .5
4.3.6 Risk-exposed personnel competence .5
4.3.7 Third parties’ competence .5
4.4 Assessing the current state of the competence and development needs .6
4.4.1 Status needs of competence .6
4.4.2 Risk assessment in relation to determination of status needs of competence .6
5 Competence development . 7
5.1 General .7
5.2 Planning .7
5.3 Program structure .7
5.4 Activities .8
5.4.1 General .8
5.4.2 Competence development activities .8
5.5 Roles and responsibilities .9
6 Evaluation of competence management program . 9
6.1 General .9
6.2 Evaluating competence management .10
6.3 Maintaining and continuous improvement of competence management .10
Annex A (informative) Competence portfolio .12
Bibliography .18

iii
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO should not be held responsible for identifying any or all such patent rights. Details of any patent
rights identified during the development of the document will be in the Introduction and/or on the ISO list of
patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO's adherence to the WTO principles in the Technical Barriers to Trade (TBT)
see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 309, Governance of Organizations.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

iv
Introduction
A compliance management system enables an organization to demonstrate its commitment to comply with
relevant laws, regulatory requirements, industry codes and organizational standards, as well as standards
of good governance, generally accepted best practices, ethics and the expectations of the interested parties.
It has become an integral part to any organization that aims to be successful and sustainable in the long
term. A compliance management system is notably made sustainable by creating a compliance culture in
the organization and by establishing common standards in behaviour and attitude affecting its compliance.
International standard ISO 37301:2021 sets out the requirements and provides guidelines for establishing,
developing, implementing, evaluating and improving competence necessary to ensure the effectiveness of
the compliance management system. This document provides guidance to support the implementation of
the requirements in ISO 37301:2021 related to competence and training, mostly expressed in clause 7.
Competence management is a fundamental factor of an organization's compliance management systems
and activities. Competence management support an organization to recognize and determine the necessary
competence requirements of the personnel doing work under its control to achieve the intended results of
its compliance management system. Competence management ensure that persons doing the work under
the organizations’ control are timely qualified with knowledge, skills and experiences to fulfil the relevant
compliance obligations based on appropriate education, training, or experiences by practice.
Competence management is tailored to the context of the organization, the roles and responsibilities, the
planning and support activities and the operations of the compliance management system and can support
the organization to evaluate and determine the necessary competence needs including relevant knowledge,
skills and experiences. It is also the key to ensure that the organization complies with its compliance
obligations, integrates compliance management into the organization's business processes and operational
links, and develops a compliance culture. Competence management can also improve the overall efficiency
and productivity of the organization's compliance management system and make an important contribution
...