We offer the right advice on all aspects of compliance and help you to minimize the risks in the company.


Compliance is understood to mean the observance of and adherence to those laws, official requirements, regulatory provisions, international standards and agreements that affect the specific company. In addition, compliance also provides for adherence to the company’s internal guidelines as well as instructions from the employer. Compliance with all applicable regulations essentially contributes to ethically sound business practices and creates high added value for the company. To achieve this, a holistic management system is the best solution.

ISO 37301 – Compliance Management System

 ISO 37301 explains the principles of a compliance management system (CMS) in a catalogue of requirements that can be used both to set up a CMS and to certify it.

By specifying that the introduction of a CMS should be a strategic decision of the organisation, ISO 37301 addresses first and foremost the management of an organisation, i.e. as a rule the management. Therefore, the CMS should be set up accordingly together with the management. During the introduction, implementation and further development of the specifications of a CMS, a large number of activities and tasks are required, which are processed within a PDCA cycle (Plan, Do, Check, Act). Meanwhile, this standard can be certified and then signals to all competitors and business partners how important compliance is to you.

Whistleblower Protection Act / Whistleblowing Policy

A whistleblower refers to a person who discloses wrongdoing in his/her workplace.

As part of a Compliance Management System (CMS), the whistleblower system helps to uncover violations of the law and to take timely action. The Whistleblower Protection Act prohibits any reprisals and retaliation against whistleblowers. Since the EU Directive on the Protection of Whistleblowers and the German Whistleblower Protection Act, there is an obligation to set up a whistleblower system of a certain company size. A lot of things have to be taken into account, e.g. that external reporting offices are referred to, that questions can be asked, that transparency is required and even data protection has to be taken into account in many areas. We help you to set up and manage a whistleblowing system.

Our offer in the area of compliance

As part of our service, we offer the following services.

Compliance as a Service

In order to provide you with optimal support in meeting your compliance requirements, we offer external support in order to achieve the necessary compliance together with you. This includes everything from documentation requirements and the provision of a whistleblowing system to training. We are the trusted point of contact at eye level to tackle your compliance challenges.

Code of Conduct

As the foundation of any compliance management system, the organisation must commit to your course and bring goals in line with compliance principles. This is done through a developed Code of Conduct. machCon will draw up the code of conduct together with you. This takes place either within the Compliance as a Service support or also within the scope of an individual service.

Risk analyses

Risk analysis is an essential and unavoidable part of a compliance management system. In this process, risks are identified within the organisation, their effects are assessed and, finally, appropriate measures are derived. This is usually done using the legal register, which we can develop together with you. Both the risk analyses and the development of a legal register are included in the Compliance as a Service and can also be commissioned as an individual project.

Whistleblowing system

Our whistleblowing system provides a secure and confidential platform for employees, customers and external parties to report potential violations of company policies or ethical standards. We ensure anonymity and protection from reprisals while carefully reviewing and taking action on incoming tips. Our dedicated team is available to answer your questions and assist you with whistleblowing.


As a separate special field, we offer the analysis and improvement of IT compliance within or independently of our external support. Here we check your IT for any legal and IT security loopholes. Together, we develop a concept to set up and maintain IT compliance in your company.

Awareness-raising and training measures

Learn all about legal requirements and ethical behaviour. Our experts impart practical knowledge and give you valuable tips for implementation in your company. With a strong compliance culture, you protect your company from legal consequences and strengthen the trust of your customers.

Our customers


Novartis Pharma AG

Fantastic Business Analysts!

I’m absolutely happy to have machCon onboard within my projects. They have an incredible drive and are solution oriented while keeping a friendly and positive working atmosphere

Process Integration Lead<br><br />
Process Integration Lead

Roche Pharma Research IT

machCon is like TopGun’s Maverick!

I have to say that I totally love working together with machCon – They have very good Project Managers & Coordinators as well as great Business Analysts and Technical Experts.

Head of Global TechOps IT
Head of Global TechOps IT

Sandoz International GmbH

Highly skilled Project Managers

I was collaborating with machCon for a large scale project and was absolutely satisfied with the performance. The Project Manager did a great job & socialized smoothly with the whole team.

Head of Laboratory IT
Head of Laboratory IT

Contact person

Contact us for
more information

Christoph Rank

Senior Consultant Compliance & Data Security

Christian Herbst - CEO