An Introduction to ISO 37001

In today’s increasingly digital age, the importance of data protection and cybersecurity can never be understated. With so much sensitive information being collected and processed on a daily basis, organizations need to ensure that their systems are secure from internal and external threats. One way for businesses to ensure that their data protection policies are up-to-date is by implementing an internationally recognized standard such as ISO 37001. This is an internationally recognized standard for anti-bribery management systems that provides organizations with best practice guidelines for preventing, detecting, and responding to bribery within their business operations. In this blog post, we will look at the key components of ISO 37001 and how organizations can implement it in their business.

What is ISO 37001?

ISO 37001 is an anti-bribery management system standard. It provides a framework for organizations to prevent, detect and address bribery. The standard is based on internationally recognized good practices and is suitable for use by organizations of all sizes and types.

ISO 37001 was developed by ISO's anti-corruption committee (ISO/TMBG) with input from experts from around the world. The standard was published in October 2016.

Organizations that implement ISO 37001 can be certified by an external certification body. Certification demonstrates that an organization has put in place an effective anti-bribery management system and is committed to continual improvement.

There are many benefits of implementing ISO 37001, including:

• improved organizational culture and reputation;

• reduced risk of bribery;

• enhanced staff morale; and, ܍ increased opportunities to do business with governments and large organizations that have implemented similar standards.

The Benefits of ISO 37001

There are many benefits of ISO 37001 certification for organizations, including improved risk management, increased transparency and accountability, and enhanced reputation. By implementing an effective anti-bribery management system, certified organizations can demonstrate their commitment to preventing and combating bribery in all forms. This can lead to improved business relations with suppliers, customers, and other stakeholders, as well as reduced costs associated with bribery investigations and litigation. In addition, certified organizations can use the ISO 37001 logo as a mark of their commitment to anti-bribery compliance, which can help to build trust and confidence among their employees, shareholders, and the general public.

How to Implement ISO 37001?

The process of implementing an ISO 37001 anti-bribery management system can be divided into four distinct phases:

1. Phase 1 - Gap Analysis and System Design

The first phase of implementing ISO 37001 is to carry out a gap analysis to identify any areas where your current anti-bribery policies and procedures do not meet the requirements of the standard. Once these gaps have been identified, you will need to design a system that meets all the requirements of ISO 37001. This may involve making changes to your existing policies and procedures, or developing new ones from scratch.

2. Phase 2 - Implementation and Training

In phase 2, you will need to roll out your new or revised anti-bribery management system across your organization. This will involve training employees on the new policies and procedures, and ensuring that they are aware of their responsibilities under the system. You will also need to put in place mechanisms for monitoring and auditing compliance with the system.

3. Phase 3 - Certification

Once you have successfully implemented your anti-bribery management system, you can apply for certification from an accredited certification body. This will involve undergoing an audit to assess whether your system meets all the requirements of ISO 37001. If successful, you will be awarded a certificate which demonstrates your commitment to combating bribery in your organization.

4. Ongoing Maintenance and Improvement

Once you have achieved certification, it is important to maintain and improve

Who should Implement ISO 37001?

When it comes to implementing an anti-bribery management system, there is no one-size-fits-all answer. The decision of who should implement ISO 37001 will depend on a number of factors, including the size and structure of your organization, the resources you have available, and the level of commitment from management.

That said, there are some general guidelines that can help you decide who should take on this important task. If your organization has a dedicated compliance function, then it makes sense for them to take responsibility for implementing ISO 37001. Alternatively, if you have a large and complex organization, it may be best to appoint a project team with representatives from across different departments.

Whichever approach you take, it is essential that top management give their full support to the project. Only with their buy-in will you be able to create an effective anti-bribery management system that meets the requirements of ISO 37001.

The Certification Process for ISO 37001

The certification process for ISO 37001 is a multi-step process that begins with the submission of an application to a certification body. The certification body will then review the application and supporting documentation to determine if the organization meets the requirements for certification.

If the certification body determines that the organization meets the requirements, they will issue a certificate of compliance. The organization must then maintain their compliance with the ISO 37001 standard in order to keep their certificate valid.

How can QMII support in ISO 37001 Certification?

Quality management and internal auditing;

Support during the certification process;

Providing guidance on how to implement and maintain an effective anti-bribery management system.


ISO 37001 is an international standard for anti-bribery management systems that companies can use to help prevent, detect, and remediate bribery. By implementing the requirements of ISO 37001, organizations can build a robust system to protect themselves from the risks of bribery and corruption. Companies should carefully assess their needs and consult with qualified experts in order to determine if ISO 37001 is right for them. With its comprehensive set of controls that cover all aspects of bribery prevention, it could be just what your organization needs to stay in compliance with laws around the world.