What I have witnessed over the past months exposes a deep structural fragility in the current model of compliance certification, especially regarding ISO 37301:2021.
In practice, what should function as a robust instrument of governance, prevention, control, and protection of rights often reveals itself to be an empty bureaucratic ritual, aimed far more at building reputation than at verifying real-world conduct.
A surveillance audit that does not analyze a single real case, does not examine actual investigations, does not test operational mechanisms, and ignores documented situations of retaliation, SLAPP lawsuits, and professional destruction, is simply not an audit. It is formality. It is performance. It is cosmetic compliance.
When a standard is not accredited by national accreditation bodies, lacks effective independent public oversight, and relies almost exclusively on procedural and documentary checks, the risk becomes evident: a self-referential system emerges, in which organizations validate their own narratives, without any genuine confrontation with reality.
This picture becomes even more troubling when the certified company and the certification body operate within the same national corporate ecosystem, sharing institutional, economic, and cultural proximity - as in the case of Eni and RINA SERVICES.
The risk of corporate solidarity, structural complacency, and symbolic mutual validation is not theoretical - it is systemic.
The outcome is perverse:
✔️ impeccable policies on paper
✔️ sophisticated codes of ethics
✔️ international certifications displayed as trophies
✔️ and, at the same time, absolute silence in the face of real violations
This is not compliance.
This is reputation management.
Real compliance disturbs, questions, exposes weaknesses, tests limits, and protects whistleblowers.
When it fails to do so, it becomes an instrument of institutional shielding.
The essential - and uncomfortable - question is simple:
📌 What is the value of a compliance certification that cannot detect, analyze, and respond to concrete cases of abuse, retaliation, and systematic professional destruction?
If it cannot do that, then it serves only reputational marketing.
And that undermines not just the credibility of one standard, but public trust in the entire international compliance system.
Compliance cannot be a trophy on the wall.
It must be a living, concrete, tested, and verifiable practice.
Without that, all that remains is institutional hypocrisy with an international seal of approval.
No comments:
Post a Comment