ISO 37001 Certification: Anti Bribery Management System

• Obtain the standard:

Get a licensed copy of the relevant standard and familiarize yourself with the requirements to decide if certification/registration to this standard makes good sense for your organization.

• Review available literature and apply digital tools

Explore available literature, guidelines from the standard owners (e.g. ISO/TS 9002 for ISO 9001, ISO 14004 for ISO 14001)   and digital sources and tools that can assist with implementation. Note that as a DNV customer you get access to tailored tools that can assist you.

• Assemble a team and define strategy:

To implement a management system should be a strategic decision for the entire organization. Senior management must be involved in the decision, committed and involved in shaping the system. They decide the business strategy the management system should support. In addition, you need a dedicated team to develop and implement your management system.

• Determine competence needs:

First, your team implementing and maintaining the management system needs a thorough understanding of the chosen standards. Later on, the wider organization needs awareness training. DNV offers a variety of public and in-house courses worldwide that meets your competence training needs at all levels within your organization.

• Review consultant options:

Independent consultants can advise on a workable, realistic, and cost-effective strategy plan for implementation if you do not have this competence or capacity already.

• Develop management system documentation: 

Decide on an appropriate platform for your documented information (e.g. software, process map- or SharePoint-based). The right platform is important to ensure effective management, communication and implementation.

• Determine, manage and document processes:

First identify key processes – what they are, how they work, and how they interact. Each process should have a clear purpose, defined responsibilities, and expected outputs. The level of documented information needed depends on the organization’s size, complexity, and the importance of each process, but must include relevant processes and other documented information needed to deliver on intended outcomes and comply with the chosen standard’s requirements.

• Implement management system:

Clear communication and necessary competence training are essential elements. During the implementation phase, you will work to ensure that your organization is working according to defined and documented processes. Once successful, you can prove system’s compliance and effectiveness.

• Select a certification body/registrar:

Selecting the right certification body/registrar can make a difference throughout your certification journey. DNV offers a trusted partnership approach, a risk-based approach and range of free digital tools that help you manage your certification journey before, during and after the audit.

• Consider a pre-audit gap analysis:

Consider a preliminary evaluation by your certification body/registrar to identify and correct nonconformities before starting the official certification process. The purpose is to identify areas of non-conformance or weaknesses, allowing you to correct these before you begin the official certification process.

ISO 37001 is the international standard for establishing, implementing, maintaining and continually improving an anti bribery management system. It provides a structured and globally recognized framework that helps organizations prevent, detect and respond to bribery in a consistent and proportionate way.  The standard focuses exclusively on bribery and applies to any organization, regardless of size, sector or geography. It covers bribery committed by the organization and bribery directed at the organization, including situations involving employees or business associates acting on its behalf.

Achieving ISO 37001 certification starts with leadership commitment, clear implementation objectives and building the necessary competence and awareness across the organization. You must establish an anti bribery management system that reflects your context, legal obligations and bribery related exposure, supported by appropriate controls and documented processes. When the system is in place, internal audits and management reviews help confirm readiness for certification. An independent third-party, such as DNV, then evaluates whether your anti bribery management system meets the requirements of ISO 37001. While certification cannot guarantee that bribery will not occur, it confirms that you have a structured and compliant system designed to reduce the likelihood of such situations and support an appropriate response.

ISO 37001 clause 4.5 requires organizations to carry out a systematic and documented bribery risk assessment. Its purpose is to identify, analyse and evaluate the bribery risks that could affect the organization, and to ensure that controls remain appropriate to the level of exposure. The clause expects organizations to understand the nature and level of their bribery risks by considering internal and external factors, legal obligations and the expectations of interested parties. This understanding guides the design of suitable controls, the need for due diligence and the effective allocation of resources.

ISO 37001 clause 8.7 sets requirements for how an organization handles suspected or actual bribery. It requires clear and confidential channels for reporting concerns, as well as defined processes for investigating allegations and taking corrective action. These processes must protect individuals from retaliation and ensure that concerns are addressed objectively and without delay. The clause also expects competent personnel to review reports and ensure that outcomes lead to appropriate actions, including addressing any underlying weaknesses in the anti bribery management system. This helps ensure the system can not only prevent bribery but also detect and respond to issues in a structured and credible way.