ISO 37001

Last updated

ISO 37001Anti-bribery management systems - Requirements [1] with guidance for use, is a management system standard published by International Organization for Standardization (ISO) in 2016. As the title suggests, this standard sets out the requirements for the establishment, implementation, operation, maintenance, and continual improvement of an anti-bribery management system (ABMS). It also provides guidance on the actions and approaches organizations can take to adhere to the requirements of this standard. [2]

Contents

This management system standard has been developed by ISO Project Committee ISO/PC 278, Anti-bribery management systems. [2] More recently, technical committee ISO/TC 309 Governance of organizations has been created and the maintenance and future development of ISO 37001 will be undertaken by members of this committee. [3]

An anti-bribery management system intends to help organizations in the fight against bribery, by establishing the procedures, policies and controls that help foster a culture of integrity, transparency and compliance.

ISO 37001 is applicable only to bribery, and the ABMS intended to improve the organization's ability to prevent, detect, and respond to bribery and comply with anti-bribery laws and commitments that the organization had adhere to. Furthermore, ISO 37001 does not specifically address fraud, cartels, money-laundering, or other activities related to corrupt practices. [2]

The anti-bribery management system can be stand-alone system or integrated into an already implemented management system such as the Quality Management System ISO 9001. An organization can choose to implement the anti-bribery management system in conjunction with or as part of other systems, such as those relating to the quality, environment and safety.

Background

The standard was developed by ISO technical committee ISO/TC 309, chaired by lawyer Neill Stansbury, and published for the first time on October 15, 2016. The standard was based upon existing guidance from the International Chamber of Commerce, Organization for Economic Co-operation and Development, Transparency International, and other organizations. [4] The standard also incorporated guidance issued by leading international regulators such as the US Department of Justice, US Securities and Exchange Commission, and UK Ministry of Justice. [5]

The standard was adopted by the governments of Singapore and Peru for their anti-bribery management systems, and formed the basis for the "Shenzhen Standard", an official anti-bribery standard published by the city of Shenzhen, China in June 2017. [5] Microsoft and Walmart have also announced intentions to obtain ISO 37001 certification. [6]

Main requirements of the standard

The ISO 37001:2016 adopts the "ISO High Level Structure (HSL)" in 10 main clauses in the following breakdown: [2]

  1. Scope
  2. Normative references
  3. Terms and definitions
  4. Context of the organization
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance evaluation
  10. Improvement

The standard only addresses management systems and is not a comprehensive anti-fraud or anti-corruption standard. It also contains a great deal of subjectivity as many requirements are qualified by terms such as "appropriate" and "reasonable". Therefore, the actual meaning and relevance of ISO 37001 certification is dependent largely upon the thoroughness of the certifying body. [7]

History

YearDescription
2016ISO 37001 (1st Edition)

See also

Related Research Articles

<span class="mw-page-title-main">International Organization for Standardization</span> International standards development organization

The International Organization for Standardization is an independent, non-governmental, international standard development organization composed of representatives from the national standards organizations of member countries. Membership requirements are given in Article 3 of the ISO Statutes.

The ISO 9000 family is a set of five quality management systems (QMS) standards by the International Organization for Standardization (ISO) that help organizations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 9000 deals with the fundamentals of QMS, including the seven quality management principles that underlie the family of standards. ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill. ISO 9002 is a model for quality assurance in production and installation. ISO 9003 for quality assurance in final inspection and test. ISO 9004 gives guidance on achieving sustained organizational success.

ISO 14000 is a family of standards by the International Organization for Standardization (ISO) related to environmental management that exists to help organizations (a) minimize how their operations negatively affect the environment ; (b) comply with applicable laws, regulations, and other environmentally oriented requirements; and (c) continually improve in the above.

A management system is a set of policies, processes and procedures used by an organization to ensure that it can fulfill the tasks required to achieve its objectives. These objectives cover many aspects of the organization's operations. For instance, an environmental management system enables organizations to improve their environmental performance, and an occupational safety and health management system enables an organization to control its occupational health and safety risks.

<span class="mw-page-title-main">ISO 22000</span> Food safety standard

ISO 22000 is a food safety management system by the International Organization for Standardization (ISO) which is outcome focused, providing requirements for any organization in the food industry with objective to help to improve overall performance in food safety. These standards are intended to ensure safety in the global food supply chain. The standards involve the overall guidelines for food safety management and also focuses on traceability in the feed and food chain.

ISO 26000:2010 Guidance on social responsibility is an international standard providing guidelines for social responsibility. It was released by the International Organization for Standardization (ISO) on 1 November 2010 and its goal is to contribute to global sustainable development by encouraging business and other organizations to practice social responsibility to improve their impacts on their workers, their natural environments and their communities.

<span class="mw-page-title-main">ISO/TC 37</span> Technical committee within the International Organization for Standardization

ISO/TC 37 is a technical committee within the International Organization for Standardization (ISO) that prepares standards and other documents concerning methodology and principles for terminology and language resources.

The ISO/IEC 27000-series comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

ISO 55000 is an international standard covering management of assets of any kind. Before it, a Publicly Available Specification was published by the British Standards Institution in 2004 for physical assets. The ISO 55000 series of Asset Management standards was launched in January 2014.

ISO 28000:2022, Security and resilience – Security management systems – Requirements, is a management system standard published by International Organization for Standardization (ISO) that specifies requirements for a security management system including aspects relevant to the supply chain.

ISO 10007 "Quality management — Guidelines for configuration management" is the ISO standard that gives guidance on the use of configuration management within an organization. "It is applicable to the support of products from concept to disposal." The standard was originally published in 1995, and was updated in 2003 and 2017. Its guidance is specifically recommended for meeting "the product identification and traceability requirements" introduced in ISO 9001:2015 and AS9100 Rev D.

Nigel Howard Croft is a globally recognized authority on quality management and conformity assessment. He retired as Chairman of the ISO Joint Technical Coordination Group for Management System Standards in December 2023 after serving a three-year term, having been appointed by ISO's Technical Management Board in December 2020. During his tenure, he coordinated the deployment of the ISO London Declaration on Climate Action into all ISO Management System Standards, requiring organizations that implement these standards to determine the extent to which climate change can affect their results and the ways in which their activities can have a impact on climate change. This can then lead to the implementation of risk-based adaptation and mitigation strategies. Dr Croft was previously Chair of the ISO Technical Committee TC 176/SC 2 from February 2010 until December 2018, with overall responsibility for the ISO 9001 standard, used worldwide as a basis for certification of quality management systems, and the ISO 9004 guidelines standard aimed at improving organisational performance, among others. In 2019 and 2020 he led the revision of "Annex SL" of the ISO Directives, that forms the basis for over 40 management system standards including those on environmental management, Occupational Health and Safety, Information Security, Anti-bribery, Food Safety, Artificial Intelligence and many more.

ISO/TC 176 is Technical Committee 176 of the International Organization for Standardization (ISO), responsible for Quality management and quality assurance - the ISO 9000 family of standards.

OHSAS 18001, Occupational Health and Safety Assessment Series, was an international standard for occupational health and safety management systems that was subsequently adopted as a British Standard. Compliance with it enabled organizations to demonstrate that they had a system in place for occupational health and safety. BSI cancelled OHSAS 18001 to adopt ISO 45001. ISO 45001 was published in March 2018 by the International Organization for Standardization. Organizations that are certified to OHSAS 18001 were able to migrate to ISO 45001 by March 2021 to retain a recognized certification.

ISO/IEC JTC 1/SC 7 Software and systems engineering is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), that develops and facilitates standards within the field of engineering of software products and systems. The international secretariat of ISO/IEC JTC 1/SC 7 is the Bureau of Indian Standards (BIS) located in India.

<span class="mw-page-title-main">ISO 45001</span> ISO OH&S standard

ISO 45001 is an International Organization for Standardization (ISO) standard for management systems of occupational health and safety (OHS), published in March 2018. The goal of ISO 45001 is the reduction of occupational injuries and diseases, including promoting and protecting physical and mental health.

ISO 19600, Compliance management systems - Guidelines, is a compliance standard introduced by the International Organization for Standardization (ISO) in April 2014. As its title suggests, it operates as an advisory standard and is not used for accreditation or certification.

ISO 22301:2019, Security and resilience – Business continuity management systems – Requirements, is a management system standard published by International Organization for Standardization that specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. It is intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization.

<span class="mw-page-title-main">ISO 21001</span>

ISO 21001, Educational Organization Management Systems, is a published international standard by the International Organization for Standardization, and released on May 1, 2018. It is intended provide a common management tool for organizations providing educational products and services capable of meeting learner and other beneficiary needs and expectations and it focuses on the specific interaction between an educational organization, the learner, and other relevant interested parties.

Anti-corruption comprises activities that oppose or inhibit corruption. Just as corruption takes many forms, anti-corruption efforts vary in scope and in strategy. A general distinction between preventive and reactive measures is sometimes drawn. In such framework, investigative authorities and their attempts to unveil corrupt practices would be considered reactive, while education on the negative impact of corruption, or firm-internal compliance programs are classified as the former.

References

  1. International Organization for Standardization, ISO 37001 – Anti-bribery management systems
  2. 1 2 3 4 "ISO 37001:2016(en) Anti-bribery management systems". www.iso.org. Retrieved 10 February 2024.
  3. "ISO/TC 309 - Governance of organizations". ISO. 9 December 2021. Retrieved 10 February 2024.
  4. "ISO publishes powerful new tool to combat bribery". ISO. Retrieved 31 July 2017.
  5. 1 2 "Jerry Fang: Local Chinese regulator develops anti-bribery management system based on ISO 37001 - The FCPA Blog - The FCPA Blog". www.fcpablog.com. 31 July 2017. Retrieved 31 July 2017.
  6. "Microsoft and Wal-Mart seek ISO 37001 Anti-Bribery Certification - The FCPA Blog - The FCPA Blog". www.fcpablog.com. 11 May 2017. Retrieved 31 July 2017.
  7. "Is there value in pursuing ISO 37001 certification or should a company's focus be on using it to strengthen existing anti-corruption compliance programs?". Deloitte United States. Retrieved 31 July 2017.