ISO 37001 specifies requirements and guides for establishing, implementing, maintaining, reviewing and improving an anti-bribery management system. The system can be stand-alone or integrated into an overall management system. This document addresses the following concerning the organization’s activities:
— bribery in the public, private and not-for-profit sectors,
— bribery by the organization,
— bribery by the organization’s personnel acting on the organization’s behalf or for its benefit,
— bribery by the organization’s business associates acting on the organization’s behalf or for its benefit,
— bribery of the organization,
— bribery of the organization’s personnel concerning the organization’s activities,
— bribery of the organization’s business associates concerning the organization’s activities,
— direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party).
This standard applies only to bribery. It sets out requirements and guides a management system designed to help an organization prevent, detect and respond to bribery and comply with anti-bribery laws and voluntary commitments applicable to its activities. ISO 37001 does not specifically address fraud, cartels and other anti-trust/competition offences, money laundering or other activities related to corrupt practices. However, an organization can choose to extend the scope of the management system to include such activities.
The requirements of ISO 37001 are generic and are intended to apply to all organizations (or parts of an organization), regardless of type, size and nature of activity, and whether in the public, private or not-for-profit sectors. The measures necessary to prevent, detect and mitigate the risk of bribery by the organization can be different from the measures used to prevent, detect and respond to bribery of the organization (or its personnel or business associates acting on the organization’s behalf).
Additional guidance on implementing the standard is given by ISO 37001 handbook.