Urgent NIS-2 Directive: New cybersecurity obligations for companies — are you ready? Learn more →

Compliance

Compliance:
Laws Made Simple.

We provide the right consulting on all aspects of compliance and help you minimise risks within your organisation.

Request Consultation
Book Appointment

Compliance Management System

What Does Compliance Mean?

Compliance refers to adherence to all laws, regulatory requirements, international standards and agreements applicable to the company concerned. It also includes compliance with internal company policies and instructions from the employer. Adherence to all applicable regulations contributes significantly to ethically sound business conduct and creates high added value for the organisation. A holistic management system is the best solution to achieve this.

ISO 37301 – Compliance Management System

ISO 37301 outlines the principles of a Compliance Management System (CMS) in a set of requirements that can be used to establish and certify a CMS. The standard is addressed to the management of an organisation and stipulates that the introduction of a CMS is a strategic decision. The CMS should be built and further developed within a PDCA cycle (Plan, Do, Check, Act).

Whistleblower Protection Act / Whistleblowing

A whistleblower is a person who exposes misconduct in their workplace. A whistleblowing system, as part of a CMS, helps uncover legal violations and take corrective action in time. The Whistleblower Protection Act prohibits any reprisals against whistleblowers. Since the EU Directive and the German Whistleblower Protection Act (HinSchG), companies above a certain size are obliged to establish a whistleblowing system. We help you set up and operate a legally compliant reporting system.

Our Services

Our Service Spectrum in the Area of Compliance

As part of our service, we offer the following services.

Compliance as a Service

To support you optimally in meeting your compliance requirements, we offer external support to achieve the necessary compliance together with you. This covers everything from documentation requirements and the provision of a whistleblowing system to training. We are the trusted point of contact at eye level for addressing your compliance challenges.

Code of Conduct

As the foundation of any Compliance Management System, the organisation must commit to its course and align objectives with compliance principles. This is achieved through a developed Code of Conduct. machCon develops the Code of Conduct together with you, either as part of Compliance as a Service or as a standalone service.

Risk Analysis

Risk analysis is an essential and indispensable component of a Compliance Management System. Risks within the organisation are identified, their impact assessed and appropriate measures derived — typically using a legal register. Both risk analyses and the creation of a legal register are part of Compliance as a Service and can also be commissioned as standalone projects.

Whistleblowing System

Our whistleblowing system provides a secure and confidential platform for employees, customers and external parties to report potential violations of company policies or ethical standards. We guarantee anonymity, protection from reprisals and carefully follow up on incoming reports. Our team is available to answer your questions and supports you in building the system.

IT Compliance

As a standalone speciality, we offer analysis and improvement of IT compliance (within or independently of our external support). We review your IT for legal and IT security-related gaps and jointly develop a concept to build and maintain IT compliance in your organisation.

Awareness & Training

Learn everything about legal requirements and ethical conduct. Our experts impart practical knowledge and provide valuable tips for implementation in your organisation. With a strong compliance culture, you protect your company from legal consequences and strengthen the trust of your customers.

Whistleblower Protection

Setting Up a Legally Compliant Whistleblowing System

The Whistleblower Protection Act prohibits any reprisals against whistleblowers. We help you build a compliantly operated whistleblowing system that meets all requirements.

Legal Obligation

Since the German Whistleblower Protection Act (HinSchG) and the underlying EU Whistleblower Directive, companies with 50 or more employees are obliged to establish an internal reporting channel.

Anonymity & Data Protection

The system must enable anonymous reports, meet GDPR data protection requirements and protect against reprisals. We set up your system in full GDPR compliance.

External Reporting Channels

In addition to internal reporting channels, external reporting channels must be made known. We ensure that your system meets all legal requirements.

Related Topics

Compliance in Context

IT Security

IT compliance and information security go hand in hand. We combine both disciplines.

Learn More
NIS-2 Directive

The NIS-2 Directive places new compliance requirements on your cyber security.

Learn More
Data Protection

Data protection is a central component of compliance. We coordinate both roles.

Learn More

Our Clients

What Our Clients Say

Fantastic Business Analysts!

" I am absolutely delighted to have machCon on board in my projects. They have an incredible drive and are solution-oriented while maintaining a friendly and positive working atmosphere. "

Process Integration Lead

Novartis Pharma AG

machCon is like TopGun's Maverick!

" machCon is like Maverick from TopGun! I have to say I would choose to work with machCon again and again. We have had very good experiences with their project managers, coordinators, business analysts and technical experts. "

Head of Global TechOps IT

Roche Pharma Research IT

Highly Qualified Project Managers

" I worked with machCon on a major project and was absolutely satisfied with the performance. The project manager did an outstanding job and integrated seamlessly into the entire team. "

Head of Laboratory IT

Sandoz International GmbH

FAQ

Frequently Asked Questions about Compliance

When do I need a Data Protection Officer?

A Data Protection Officer is legally required if your organisation regularly employs at least 20 people in the automated processing of personal data, or if your organisation processes certain sensitive data or must carry out risk assessments.

How much does an external Compliance Officer cost?

The cost of an external Compliance Officer varies depending on company size and requirements. As a rule, an external officer is significantly less expensive than an internal position: no employer costs, no holiday or sick leave cover required. Contact us for an individual quote.

Am I affected by NIS-2?

The NIS-2 Directive applies to companies in 18 sectors above a certain size (generally from 50 employees or €10 million annual turnover). We can check free of charge in an initial consultation whether and to what extent NIS-2 applies to your organisation.

What penalties are there for compliance violations?

For GDPR violations, fines of up to €20 million or 4% of global annual turnover can be imposed. For NIS-2 violations, fines of up to €10 million or 2% of global turnover are possible. In addition, there is reputational damage and personal liability for management.

Which companies need a whistleblowing system?

Since the entry into force of the German Whistleblower Protection Act (HinSchG), companies with 50 or more employees must establish an internal reporting channel. A transitional period applies for companies with 50–249 employees. We advise you on your specific obligations.

Your Contact

Contact Us for Further Information

We are happy to answer all your questions about compliance. Get in touch for a non-binding initial consultation or a specific quote.

Send Enquiry

Christoph Rank

Senior Consultant Compliance & Data Security — christoph.rank@machcon.com

Compliance doesn't have to be complicated.

We make the first step easy: in a non-binding 30-minute initial consultation, we analyse your compliance status and show you clear priorities.

Free Consultation
Contact Us