ISO 37001 is an Anti-Bribery Management System Standard published in October 2016.  It is designed to help an Organization establish, implement, maintain and improve an anti-bribery compliance program.  It includes a series of measures and controls that represent global anti-bribery good practice.

ISO 37001 addresses:

• Bribery by the Organization or its personnel/business associates acting on the Organization’s behalf or benefit
• Bribery of the Organization or its personnel/business associates in relation to the Organization’s activities

Bribery is defined by law, which varies between countries.  The Standard provides guidance on what is meant by bribery to help users understand the intention and scope of the Standard.

ISO 37001 is a Requirements Standard, making it an Independent Certification.   The Organization must implement a series of measures and controls in a reasonable and equivalent manner to help prevent, detect and deal with bribery.  This must include:

• Anti-Bribery Policy
• Managements Leadership, Commitment and Responsibilities
• Personnel Controls and Training
• Risk Assessments
• Due Diligence on Projects and Business Associates
• Financial, Commercial and Contractual Controls
• Reporting, Monitoring, Investigation and Reviews
• Corrective Action and Continual Improvement

ISO 37001 is a very flexible tool, which can be adapted to the size and nature of any organization that faces the risk of bribery.  The measures required by ISO 37001 are designed to be integrated with existing Management Systems or processes and controls.  It follows the common high-level structure for ISO Management System Standards, for easy integration with Quality Management Systems (9001) and Information Security Management Systems (27001).

The Standard provides:

• Minimum requirements and supporting guidance for implementing an Anti-Bribery Management System
• Assurance and Evidence to Management, Investors, Employees, Customers and Stakeholders that the Organization is taking reasonable steps to prevent bribery

Allows Organizations of all types to prevent, detect and address bribery by appointing a person to oversee its compliance, training, risk assessments and due diligence, which creates a continuous cycle of improvement.

Other Standards that will assist in the protection of damaging litigation and safeguarding are ISO 19600 Compliance Management Systems and ISO 31000 Risk Management Systems.

Who Should Get ISO 37001:2016 Certification?

The Standard is flexible and can be adapted to a wide range of Organizations, including:

• Small and Medium Sized Enterprises (SMEs)
• Large Organizations
• Public and Private Sector Organizations
• Non-Governmental Organizations (NGOs)

The Standard mirrors steps contained in:

• The U.S. Foreign Corrupt Practices Act (FCPA)
• Good Practice Guidance on Internal Controls, Ethics and Compliance (OECD)
• Anti-Corruption Ethics and Compliance Handbook for Business (OECD)
• UK Bribery Act 2010
• The British Ministry of Justice’s Adequate Procedures Document

Process of Getting ISO 37001:2016 Certification

Implementation

• GAP Analysis – High Level, Certified Bodies or Consultants, Map out Implementation
• Training – Various Levels within the Organization, Overview and Internal Auditor
• Implementation – Standalone or using Consultants
• Pre-Assessment – Trial Audit

Certification

• Stage 1 Audit – Focus on Documentation (Show us what you do)
• Stage 2 Audit – Testing the Effectiveness of the System (Do you do what you say you do?)
• Surveillance Audit – Yearly Audits (50% of processes)
• Re-Certification Audits – 100% of Processes

ISO 37001:2016 Steps

• Risk Assessment
  • Mapping
  • Context
  • GAP Analysis
  • Workshops
  • Risk Register
• Strategy
  • Set Target
  • Decide Priorities
  • Budget
• Governance & Management System
  • Policies & Procedures
  • Implementation Plans and Controls
  • Roles & Responsibilities
• Training & Awareness
  • Training Program
  • Roll-out & Implement
  • Effect
• Assess & Check Implementation
  • Management Reporting
  • Audits
• Review & Continuous Improvement
  • Management Review
  • Results vs Target
  • Realign & Improve
  • Apply Countermeasures

ISO 37001:2016 Consulting Training and Auditing Services from QSE

• QSE Consultants can prepare your facilities to meet the Standard requirements for ISO 37001:2016.
• QSE has practiced assisting small, medium and large organizations in developing, training, implementing and maintain a documented Anti-Bribery Management System in achieving Certification.
• In addition to having a System, the same is required to be Audited periodically per a determined schedule to ensure that designed Systems are being followed and controls are being exercised.
• The Audits performed by a Team within the facility is Called 1^st-Party Audit.  Audits performed by Consultant firms like Quality Systems Enhancement is known as 2^nd-Party Audit.  Audits conducted by Certification Bodies are known as 3^rd-Party Audit.
• 3^rd-Party Audit may be conducted by a qualified Registrar with the accredited authority to perform certification audits and issue an ISO-37001:2016 Certificate.
• QSE Consultants assist organizations to effectively control documented information related to changes, conducting Management Review covering all required inputs per the Standard.
• QSE Consultants will ensure that Certification is achieved with no or minimum nonconformities first time around.
• It is necessary to build a robust system that trains and compels employees to understand and adhere to defined roles, responsibilities, procedures and controls to ensure continuity.  QSE will assist in implementing required training and awareness.
• QSE Consultants provide Training to Top Level Management, as well as Operations and Office Personnel in Risk-Based Thinking, Process Approach and Continual Improvement including the Employees’ role in achieving Improvement.

Why is Consulting Required for ISO 37001:2016 Standard?

• The ISO 37001:2016 Standard is dedicated to build Anti-Bribery Management System and pave a way for continual improvement in any facility.  Implementation of this standard is the foundation for an effective System.
• A good consultant firm can provide an explanation on the intent of the Standard and develop a process to address all clauses, sub-clauses and requirements of the Standard.
• Provide experience in the techniques for developing and implement the Standard.
• Consultants can be utilized to perform Internal Audits and assist in confirming thoroughness of root cause to help in making corrections and taking corrective actions.
• Annual surveillance Audits are conducted to ensure implementation effectiveness of the established ISO 37001:2016.
• ISO 37001:2016 Certificate is renewable after a period of 3 years after successful completion of pre-assessment and registration or final assessment date of issue.

QSE Difference in Consulting, Training and Auditing Services:

• Quality Systems Enhancement Inc. (QSE) is a Premier Consulting, Training and Auditing firm with over 27 Years’ experience in assisting with any ISO Standard, Sector Specific Standard, AISC Standard, and all Food Safety
• QSE’s 10-Step Approach™ to ISO (or any) certification is designed and perfected to cost-effectively prepare facilities for successfully passing Certification Audits with minimum or no nonconformities. 
• QSE provides On-Site and On-line Training for ISO 37001:2016 Awareness and Effective Implementation along with Internal Auditing.
• QSE’s ISO 37001 Consultants have helped over 800 facilities to earn their ISO Certifications and other Certifications.
• Over 98 % of QSE customers passed ISO 37001:2016 Certification Audits with no nonconformity first time around. 
• QSE has a 100 % success rate in obtaining Certifications for its customers.
• Unlike our competitors, QSE provides a unique, comprehensive, evidence based, simplified single level, documentation system comprehensively encompassing all requirements for four levels to achieve ISO 37001 compliance, which is easy to implement and provides evidence for implementation to earn ISO 37001 Certification.
• QSE’s “Quote to Cash” concept addresses all manufacturing and non-manufacturing processes for process improvement, in other words, all activities from submission of quotes, processing of the order, quality control, dispatch to the customer, and receive cash. All processes are covered.
• QSE Consultant’s Internal Audits of ISO 37001 is an effective management tool for run any business using the “Quote to Cash” approach for all processes to enhance customer satisfaction and Bottomline.
• QSE’s designed ISO 37001 templates are tried and tested for thorough coverage of all standard requirements, accuracy and correctness and provide objective evidence during internal audits and ISO certification audits.
• QSE’s ISO 37001 simplified system is evidence based, and it is easy to implement, easy to use and easy to audit and can be integrated with many other ISO management system standards.
• QSE‘s ISO 37001 evidence-based system with proven lists, forms and tables results in ISO certification with minimum or no nonconformities.
• QSE utilizes competent ISO 37001 Auditors to conduct internal audits or supplier audits.
• President QSE, Baskar Kotte is an original and an active member of ISO/US TAG/TC 176, the Technical Committee that originally developed the ISO 9000 family of standards, ISO/US TAG/TC 207 which developed the ISO 14000 family of standards, ISO/US TAG/ TC 301 (TC 242) which developed ISO 45001 and ISO 19011 the Guiding Standards for Auditing. Mr. Kotte also participated and provided input to the development of the current ISO 45001:2015, ISO 140001:2015, ISO 45001:2018 family of Standards and ISO 19011:2018 revised standards of certified OHSMS.
• The ISO 37001:2016 Standard certification is renewable every three years

 Benefits of Having ISO 37001:2016 Certification

The measures required by ISO 37001 are designed to be integrated with existing Management Systems or processes and controls.  It follows the common high-level structure for ISO Management System Standards, for easy integration with Quality Management Systems (9001) and Information Security Management Systems (27001).

The Standard provides:

• Minimum requirements and supporting guidance for implementing an Anti-Bribery Management System
• Assurance and Evidence to Management, Investors, Employees, Customers and Stakeholders that the Organization is taking reasonable steps to prevent bribery

Allows Organizations of all types to prevent, detect and address bribery by appointing a person to oversee its compliance, training, risk assessments and due diligence, which creates a continuous cycle of improvement.