ISO 37001 - The Anti-Bribery Management Standard

Learn all about ISO 37001, its scope, which organizations need it, the benefits of getting certified, the challenges in implementing it, and a new way to implement it in your organization.

a professional practicing anti-bribery in accordance with the ISO 37001 standard

What is ISO 37001?

ISO 37001 is an international standard that creates a framework that allows organizations to catch, detect, address, and prevent bribery through a comprehensive anti-bribery policy. The standard also includes anti-bribery training, appointing an official to oversee anti-bribery compliance, conducting risk assessments, and practicing due diligence with business associates and on projects.

Bribery is a crime that turns over billions of dollars every year. This is a destructive criminal activity and has been very challenging to tackle head-on. The standard provides a way for organizations worldwide to address and prevent bribery in their organization and commit themselves to eliminating corruption.

Who Needs to be Certified?

ISO 37001 is a flexible and adaptable standard fit for any organization and industry. You don’t have to be part of a certain sector or meet business size requirements to apply for certification. In most cases, ISO 37001 can be scaled up or down according to an organization’s needs.

While the certification isn’t required, there are many reasons for an organization to want to obtain ISO 37001 certification. Primarily, obtaining this certification formalizes your commitment to stamping out corruption and conducting clean business practices.

Benefits of Certification

There are many benefits to ISO 37001 certification, which is why it’s used in many organizations and industries. Some of the key benefits that come with ISO 37001 certification include:

Promote Trust & Confidence

One of the biggest benefits of obtaining ISO 37001 certification for an organization is that it promotes trust and confidence among employees, stakeholders, clients, and anyone involved in the business. ISO 37001 allows organizations to build a proper framework for combatting bribery, including a comprehensive anti-bribery system. This ensures individuals involved with the business that they can trust that there is no bribery taking place.

Safeguard the Organization’s Reputation

Bribery cases and scandals can be a huge crutch to an organization’s reputation. Bribery is one of the biggest problems that the world faces right now and is present wherever you go. Having anti-bribery measures and systems in place ensures that an organization won’t have to deal with bribery scandals that may damage its image and have negative repercussions.

Avoid Unnecessary Costs

Preventing bribery through a comprehensive anti-bribery system is a great way to avoid unnecessary costs. Bribery scandals can have a huge cost to a business, whether in legal fees or unforeseen expenses as a result of bribery. With a system in place to detect and assess an organization’s risk of bribery, there is a lesser risk of it taking a toll on the business.

Corruption has grave consequences for a business. These consequences can greatly affect an organization’s chance at success and even survival in the industry. This is why even if it isn’t required, obtaining ISO 37001 certification is very beneficial.

Prevent, Detect, and Address Bribery

The biggest benefit of ISO 37001 certification is also its main purpose: creating an anti-bribery system. Remember, corruption has no place in the modern world. That said, one of the ways organizations can prevent bribery is by determining the amount of risk there is for it within an organization and taking proper steps to implement controls that prevent this from happening.

How to Obtain ISO 37001 Certification

How to Obtain ISO 37001 Certification

How to Obtain ISO 37001 Certification

There are many steps to obtaining this certification. To start, organizations must schedule an audit with a certification body that can check on the business to ensure that they comply with the standards. From there, the steps to obtaining certification are as follows:

Step 1: Confirming the Audit

To start the process, an organization must develop an auditing plan that outlines everything that will happen during the certification process. From there, it must be confirmed by the certification body at least three months before the first audit.

Step 2: Internal Auditing

Auditing is a major step in obtaining this certification. Multiple audits will take place during this process, starting with a pre-audit or internal audit. This is done within the organization to detect potential gaps and ensure preparedness for the major stages 1 and 2 audits.

To simplify this process, in-house auditors can utilize digital checklists so that they can:

  • Note their general observations
  • Catch major and minor nonconformities
  • Address lapses in the implementation of the ISO standard
  • Discover areas for improvement

Step 3: Third-Party Certification

From there, the team moves on to the two stages of external audits. This is generally done by third-party certifying bodies across the globe.

The first stage of external audit involves general observations and nonconformities (major and minor). When the organization addresses and corrects the gaps caught in the stage 1 audit, it can proceed to stage 2.

During the second stage, the third-party certifier will note all observations, areas of improvement, and non-conformities. This audit should also include a recommendation for certification that indicates whether or not the organization has passed and qualifies for certification.

If there were major nonconformities noted during stage 2, the auditing team will revisit the site within 30 days to ensure that corrections have been made before recommending the organization for certification. Once the organization passes the audit, it will be awarded certification.

Step 4: Continuous Improvement

To ensure that the standard is implemented properly, organizations must look to continuously improve their practices and ensure that there are no lapses in their anti-bribery system.

Step 5: Recertification

This certification lasts 3 years. So, after that time, organizations must apply for recertification for their ISO 37001 certification to remain valid and recognized worldwide.

What Are the Challenges in Implementing ISO 37001?

One of the major challenges in implementing this standard and obtaining certification is the auditing process. Non-conformities detected during the audit can get in the way of your certification, which is why conducting in-house pre-audits is very important. That way, any potential lapses may be caught right away, and controls can be put in place to address them.

When implementing the standard, organizations face the challenge of ensuring that the entire team is on-board and committed to stamping out corruption. This is why training is very important for the anti-bribery team and the workforce to ensure everyone understands the company’s stance and policies on bribery.

FAQs about ISO 37001

No, ISO 37001 certification is not required. However, any organization may obtain certification and are highly recommended to do so as it can bring many benefits and ensure that business is conducted cleanly.

To obtain this certification, an organization must meet certain requirements, as stated on the ISO website. From there, they must get audited and inspected by a certified team to ensure that they are compliant with the standard before they can receive their certification.

The anti-bribery team is in charge of implementing the standard. Part of the standard involves establishing a team and appointing an official to oversee the implementation of the standard.

This standard only applies to anti-bribery measures within an organization. The elements of this standard include:

  • Ensuring employee communication
  • Providing anti-bribery and due diligence training
  • Establishing an anti-bribery system
  • Detecting and responding to cases of bribery within an organization
Leon Altomonte
Article by
Leon Altomonte
Leon Altomonte is a content contributor for SafetyCulture. He got into content writing while taking up a language degree and has written copy for various web pages and blogs. Aside from working as a freelance writer, Leon is also a musician who spends most of his free time playing gigs and at the studio.