There appears to be a recurring misunderstanding regarding the Corporate Integrity System Malaysia (CISM) governance certification issued by Institut Integriti Malaysia (IIM).
Let’s be clear:
CISM is not an ISO 37001 certification scheme, and it is not subject to ISO certification body accreditation requirements.
It is a governance and integrity assessment framework based on ISO 37000, which is a guidance standard, not a certifiable ISO management system standard such as ISO 9001 or ISO 37001.
It is also worth noting that Institut Integriti Malaysia itself is certified to ISO 37001 (Anti-Bribery Management Systems), which is a separately structured, auditable ISO standard under established accreditation frameworks. That, however, is entirely distinct from CISM.
In addition, the CISM programme plays an important preventive role. It helps companies and organisations make early preparations to strengthen their governance systems in anticipation of corporate liability for corruption provisions under Section 17A of the Malaysian Anti-Corruption Commission (MACC) Act 2009.
That said, it is important to emphasise that CISM is still a highly meaningful and structured assessment process. It is a governance and integrity framework and it is a great honour to be awarded, as every participating entity must undergo a stringent evaluation process covering governance and integrity practices.
Therefore, CISM should correctly be understood as:
- a national governance and integrity maturity assessment framework, and
a recognition and benchmarking system for organizations,
- not an ISO-accredited certification regime.
- Conflating governance frameworks based on ISO guidance standards with accredited ISO certification systems is technically incorrect and leads to unnecessary confusion.
Precision in terminology matters especially in governance, integrity, and compliance discussions.
No comments:
Post a Comment