ISO 37001 requirements

ISO 37001, Anti-bribery management systems, specifies a series of measures to help organizations prevent, detect and address bribery. These include adopting an anti-bribery policy, appointing a person to oversee anti-bribery compliance, training, risk assessments and due diligence on projects and business associates, implementing financial and commercial controls, and instituting reporting and investigation procedures.

It is designed to help your organization implement an anti-bribery management system, or enhance the controls you currently have. It helps to reduce the risk of bribery occurring and can demonstrate to your stakeholders that you have put in place internationally recognized good-practice anti-bribery controls.

(Source: International Organisation for Standardization – ISO)

ISO 37001:2016 Requirements


1 Scope

2 Normative references

3 Terms and definitions

4 Context of the organization

4.1 Understanding the organization and its context

4.2 Understanding the needs and expectations of stakeholders

4.3 Determining the scope of the anti-bribery management system

4.4 Anti-bribery management system

4.5 Bribery risk assessment

5 Leadership

5.1 Leadership and commitment

5.1.1 Governing body
5.1.2 Top management

5.2 Anti-bribery policy

5.3 Organizational roles, responsibilities and authorities

5.3.1 Roles and responsibilities
5.3.2 Anti-bribery compliance function
5.3.3 Delegated decision-making

6 Planning

6.1 Actions to address risks and opportunities

6.2 Anti-bribery objectives and planning to achieve them

7 Support

7.1 Resources

7.2 Competence

7.2.1 General

7.2.2 Employment process

7.3 Awareness and training

7.4 Communication

7.5 Documented information

7.5.1 General
7.5.2 Creating and updating
7.5.3 Control of documented information

8 Operation

8.1 Operational planning and control

8.2 Due diligence

8.3 Financial controls

8.4 Non-financial controls

8.5 Implementation of anti-bribery controls by controlled organizations and by business associates

8.6 Anti-bribery commitments

8.7 Gifts, hospitality, donations and similar benefits

8.8 Managing inadequacy of anti-bribery controls

8.9 Raising concerns

8.10 Investigating and dealing with bribery

9 Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation

9.2 Internal audit

9.3 Management review

9.3.1 Top management review
9.3.2 Governing body review

9.4 Review by anti-bribery compliance function

10 Improvement

10.1 Nonconformity and corrective action
10.2 Continual improvement


Source: ISO 37001:2016(en) Anti-bribery management systems — Requirements with guidance for use