ISO 37001 requirements anti-bribery management systems version 2025
03/06/2025
Quiz requirements ISO 37001 version 2025 You want to familiarize yourself with the structure of the standard, identify and understand the requirements of ISO 37001 version 2025, then it's up to you to play!
The quiz "ISO 37001 Requirements version 2025" will help you understand the main requirements of the standard.
The questions (requirements) for this quiz are 102, don't panic. The requirements of the standard are 237 but these 102 requirements are among the most important, so don't hesitate to learn in a fun way!
Don't think that you can complete this quiz in less than an hour, or even two hours, unless of course you are a little genius!
News on the anti-bribery standard ISO 37001 version 2025
The 224 requirements (shall, shall) of clauses 4 to 10 of ISO 37001 are broken down as follows:
ISO 37001 requirements version 2025
![]() |
||||
No
|
Clause
|
PDCA cycle
|
Requirement No
|
Quantity
|
4
|
Context | Plan |
1 ÷ 23
|
23
|
5 | Leadership | Plan, Do, Check, Act |
24 ÷ 72
|
49 |
6 | Planning | Plan |
73 ÷ 95
|
23
|
7 | Support | Do |
96 ÷ 149
|
54 |
8 | Operation | Do |
150 ÷ 184
|
35 |
9 | Performance | Check | 185 ÷ 225 | 41 |
10 | Improvement | Act | 226 ÷ 237 | 12 |
Total
|
237
|
Requirements in ISO 37001 clauses and sub-clauses
Deming PDCA cycle
Note. Any requirement normally begins with "The organization shall ...". For simplicity we present the requirements directly starting with the verb.
ISO 37001 - Requirements and comments version 2016
![]() |
||||
No
|
Clause
(sub-clause)
|
Requirement
|
PDCA cycle, links, comments
|
|
Context
|
||||
4.1
|
The organization and its context
|
|
||
1
|
4.1
|
Document external and internal issues | Everything that influences the achievement of objectives, cf. sub-clause 6.2. The issues are related to the nature of the management, the scope, the activities, the economic model, the partners, the relations with public representatives, the legal obligations | |
2
|
4.1
|
Determine whether climate change is a relevant issue | Amendment 1 to ISO 37001: 2024: Climate action changes | |
4.2
|
Stakeholders
|
|
||
3
|
4.2 a
|
Document stakeholders | List of stakeholders who may have an influence on the ABMS or be influenced by the ABMS (anti-bribery management system) | |
4 | 4.2 b | Document requirements of stakeholders | Mandatory and non-mandatory requirements, as well as voluntary commitments | |
5 | 4.2 c | Document requirements which will be addressed | Through the ABMS | |
4.3
|
Scope
|
|||
6
|
4.3
|
Document the boundaries and applicability of the ABMS | In order to establish the scope of the ABMS | |
7 | 4.3 a | Take into account external and internal issues | Internal and external issues, cf. sub-clause 4.1 | |
8 | 4.3 b | Take into account the requirements of stakeholders | Requirements, see sub-clause 4.2 | |
9 | 4.3 c | Take into account the bribery risk assessment | Results of risk assessment, cf. sub-clause 4.5 | |
10 | 4.3 | Make the scope available | As a document, cf. sub-clause 7.5 | |
4.4
|
Anti-bribery management system
|
|
||
11 | 4.4 | Establish, implement, maintain and improve the ABMS |
Including the processes used and their interactions Processes: |
|
12 | 4.4 | Document the ABMS | Cf. sub-clause 7.5 | |
13 | 4.4 | Include measures related to the identification and evaluation of risk of bribery | In order to prevent, detect and find remedies | |
14 | 4.4 | Implement a reasonable and proportionate ABMS | Taking into acount the scope of the ABMS, internal and external issues, requirements of stakeholders, anti-bribery risk assessment, cf. sub-clause 4.3 | |
Bribery risk assessment
|
||||
15 | 4.5.1 | Undertake regular bribery risk assessment |
Based on the standard ISO 31000 Risk management |
|
16 | 4.5.1 a | Identify the bribery risks | Risks that can reasonably be anticipated, cf. the issues of sub-clause 4.1 | |
17 | 4.5.1 b | Analyze and assess the bribery risks | And establish and prioritize identified risks | |
18 | 4.5.1 c | Evaluate the suitability and effectiveness of the controls put in place | In order to mitigate the identified and assessed risks | |
19 | 4.5.2 | Define criteria | In order to evaluate the level of bribery risk in the organization | |
20 | 4.5.2 | Take into account the anti-bribery policy and objectives | Cf. sub-clauses 5.2 and 6.2 | |
21 | 4.5.3 a | Review the bribery risk assessment | On a regular basis, in order to take into account changes and new information available | |
22 | 4.5.3 b | Review the bribery risk assessment | In the event of a significant change in the structure or activities of the company | |
23 | 4.5.4 | Retain records of realized assessments | In order to improve the ABMS, cf. sub-clause 7.5.3 | |
5
|
Leadership
|
Plan, Do, Check, Act | ||
Leadership and commitment
|
||||
Governing body
|
||||
24 | 5.1.1 a | Approve the anti-bribery policy | In order to demonstrate the leadership and commitment of top management (or governing body), cf. sub-clause 5.2 | |
25 | 5.1.1 b | Ensure that the strategy and anti-bribery policy are aligned | Cf. sub-clause 5.2 | |
26 | 5.1.1 c | Review relevant ABMS information | Top management receives this information at intervals that are planned | |
27 | 5.1.1 d | Require the allocation and assignment of necessary resources | In order to achieve efficient operation of the ABMS | |
28 | 5.1.1 e | Exercise oversight over the implementation of the ABMS | Top management reasonably manages the implementation of the ABMS | |
29 | 5.1.1 | Carry out these activities by top management | When the company does not have a governing body, cf. ISO 37000 - Governance of organizations | |
Top management
|
||||
30 | 5.1.2 a | Ensure that the ABanti-bribery policy and objectives are established | In order to take into account the risks of bribery. In this way top management demonstrates its leadership and commitment | |
31 | 5.1.2 b | Ensure that the anti-bribery requirements are met | And integrated into business processes. In this way top management demonstrates its leadership and commitment | |
32 | 5.1.2 c | Deploy the necessary resources | In order to guarantee the efficient operation of the ABMS. In this way top management demonstrates its leadership and commitment | |
33 | 5.1.2 d | Communicate on the anti-bribery policy | Internally and externally. In this way top management demonstrates its leadership and commitment | |
34 | 5.1.2 e | Communicate the importance of having an effective ABMS | And to comply with ABMS requirements. In this way top management demonstrates its leadership and commitment | |
35 | 5.1.2 f | Ensure that the ABMS is appropriate | In order to achieve the objectives set. In this way top management demonstrates its leadership and commitment | |
36 | 5.1.2 g | Support personnel | In order for personnel to contribute to the effectiveness of the ABMS. In this way top management demonstrates its leadership and commitment | |
37 | 5.1.2 h | Promote anti-bribery culture | Culture appropriate to the specificities of the company. In this way top management demonstrates its leadership and commitment | |
38 | 5.1.2 i | Promote continual improvement | In this way, top management demonstrates its leadership and commitment. See sub-clause 10.1 | |
39 | 5.1.2 j | Support management roles | So that they manage the prevention and detection of bribery. In this way top management demonstrates its leadership and commitment | |
40 | 5.1.2 k | Encourage reporting procedures | On suspicious or proven cases of bribery. In this way top management demonstrates its leadership and commitment, cf. sub-clause 8.9 | |
41 | 5.1.2 l | Ensure that no personnel will suffer | For reporting a violation of the anti-bribery policy. In this way top management demonstrates its leadership and commitment, cf. sub-clause 7.2.2.1 d | |
42 | 5.1.2 m | Report regularly on the operation of the ABMS | And allegations of bribery. In this way top management demonstrates its leadership and commitment | |
Anti-bribery culture
|
||||
43 | 5.1.3 | Develop, maintain and develop an anti-bribery culture | At all levels in the organization | |
44 | 5.1.3 | Demonstrate an active, visible, consistent and sustained commitment | Towards a common stadard of behavior and conduct | |
45 | 5.1.3 | Encourage behavior supporting the anti-bribery policy | And the ABMS, cf. sub-clause 4.4 | |
46 | 5.1.3 | Prevent any behavior that compromises anti-bribery | And accept no tolerance | |
5.2
|
Anti-bribery policy
|
|
||
47 | 5.2 a | Prohibit any form of bribery | Include in the established anti-bribery policy, ![]() |
|
48 | 5.2 b | Enforce with applicable anti-bribery laws | Include in the established anti-bribery policy | |
49 | 5.2 c | Ensure that the policy is appropriate to the purpose of the organization | Include in the established anti-bribery policy | |
50 | 5.2 d | Provide a framework for achieving the anti-bribery objectives | Include in the established anti-bribery policy | |
51 | 5.2 e | Commit to satisfy anti-bribery requirements | Include in the established anti-bribery policy | |
52 | 5.2 f | Encourage raising concerns in good faith | Include in the established anti-bribery policy, without fear of reprisal, cf. sub-clause 8.9 | |
53 | 5.2 g | Commit to continual improvement | Include in the established anti-bribery policy, cf. sub-clause 10.1 | |
54 | 5.2 h | Promote the anti-bribery function | Include in the established anti-bribery policy, cf. sub-clause 5.3.2 | |
55 | 5.2 i | Explain in detail the consequences | Of not complying with the anti-bribery policy. Include in the established anti-bribery policy | |
56 | 5.2 | Ensure that the anti-bribery policy available | As a document, cf. sub-clause 7.5 | |
57 | 5.2 | Communicate the anti-bribery policy | Within the company | |
58 | 5.2 | Ensure that the anti-bribery policy is available | To stakeholders | |
59 | 5.2 | Ensure that the anti-bribery policy is available | To business associates | |
5.3
|
Roles
|
|
||
General
|
||||
60 | 5.3.1 | Assume overall responsibility for the implementation of, and compliance with the ABMS | On behalf of top management, cf. sub-clause 5.1.2 | |
61 | 5.3.1 | Ensure that the responsibilities and authorities are assigned and communicated | For all relevant levels within the organization | |
62 | 5.3.1 | Enforce compliance with ABMS requirements in each department | On behalf of every manager at every level of the organization | |
63 | 5.3.1 | Understand, comply and apply the ABMS requirements at every level | On behalf of top management and all other personnel | |
Anti-bribery function
|
||||
64 | 5.3.2 a | Assign responsibility and authority for unsuring that the ABMS | Conforms to the requirements of ISO 37001 | |
65 | 5.3.2 b | Assign responsibility and authority for reporting on the performance of the ABMS | To the governing body or top management | |
66 | 5.3.2 c | Assign responsibility and authority for overseeing the design and implementation | Of the ABMS | |
67 | 5.3.2 d | Assign responsibility and authority for providing advice and guidance | To personnel and stakeholders on the ABMS | |
68 | 5.3.2 | Provide the anti-bribery manager with the necessary resources | The anti-bribery manager is competent, has the appropriate status, authority and independence | |
69 | 5.3.2 | Have direct and prompt access to top management | From the anti-bribery manager in the event that any issue or concern has to be raised | |
70 | 5.3.2 | Ensure that the necessary responsibilities and authorities are assigned to persons external to the organization | In the event that the function or part of the anti-bribery function is outsourced | |
Delegated decision-making
|
||||
71 | 5.3.3 | Establish and maintain a decision-making process | In case top management delegates decision-making to personnel free from conflicts of interest | |
72 | 5.3.3 | Ensure that this process is reviewed periodically | On behalf of top management, cf. sub-clause 5.3.1 | |
6
|
Planning
|
|||
6.1
|
Actions
|
|
||
73 | 6.1 a | Ensure the achievement of objectives | Take into account issues, requirements and identified risks and opportunities, cf. sub-clauses 4.1, 4.2, 4.5 and 10.1 | |
74 | 6.1 b | Prevent and reduce undesired effects of the ABMS | Take into account issues, requirements and identified risks and opportunities, cf. sub-clauses 4.1, 4.2, 4.5 and 10.1 | |
75 | 6.1 c | Achieve continual improvement | Take into account issues, requirements and identified risks and opportunities, cf. sub-clauses 4.1, 4.2, 4.5 and 10.1 | |
76 | 6.1 d | Monitor the effectiveness of the ABMS | Take into account issues, requirements and identified risks and opportunities, cf. sub-clauses 4.1, 4.2, 4.5 and 10.1 | |
77 | 6.1 i | Plan actions to address bribery threats | And improvement opportunities, cf. sub-clause 10.1 | |
78 | 6.1 ii | Plan how to integrate the actions | And implement in the ABMS processes | |
79 | 6.1 ii | Plan how to evaluate the effectiveness of the actions | Cf. sub-clauses 9.1 and 9.3 | |
Objectives
|
||||
80 | 6.2 | Establish anti-bribery management system objectives | At all levels in the organization | |
81 | 6.2 a | Ensure that the ABMS objectives are consistent | With the anti-bribery policy | |
82 | 6.2 b | Ensure that the ABMS objectives are measurable | If practicable | |
83 | 6.2 c | Ensure that the ABMS objectives take into account issues, requirements and risks | Cf. sub-clauses 4.1, 4.2 and 4.5 | |
84 | 6.2 d | Ensure that the ABMS objectives are monitored | Cf. sub-clause 9.1 | |
85 | 6.2 e | Ensure that the ABMS objectives are communicated | Cf. sub-clause 7.4 | |
86 | 6.2 f | Ensure that the ABMS objectives are updated | At a reasonable frequency | |
87 | 6.2 g | Ensure that the ABMS objectives are available | As documents, cf. sub-clause 7.5 | |
88 | 6.2 h | Ensure that the ABMS objectives are achievable | In reasonable limits | |
89 | 6.2 | Document what will be done | When planning how to achieve the ABMS objectives | |
90 | 6.2 | Document the necessary resources | When planning how to achieve the ABMS objectives | |
91 | 6.2 | Document who will be responsible for implementing the objectives | When planning how to achieve the ABMS objectives | |
92 | 6.2 | Document when this will be done | When planning how to achieve the ABMS objectives | |
93 | 6.2 | Document how the objectives will be evaluated and reported | When planning how to achieve the ABMS objectives | |
94 | 6.2 | Document who will be responsible in imposing sanctions or penalties | When planning how to achieve the ABMS objectives | |
6.3
|
Planning of changes
|
|
||
95
|
Carry out changes in a planned manner | When the need for changes to the ABMS is determined | ||
7
|
Support
|
|||
7.1
|
Resources
|
|||
96
|
7.1
|
Identify and provide personnel, physical and financial resources needed | In order to establish, implement, maintain and improve the ABMS | |
7.2
|
Competence
|
|
||
General
|
||||
97 | 7.2.1 a | Document the necessary competence | Of those doing work that can affect anti-bribery performance | |
98 | 7.2.1 b | Ensure that the persons are competent | On the basis of initial and professional education, training and experience | |
99 | 7.2.1 c | Take training actions | And evaluate the effectiveness of these actions | |
100 | 7.2.1 | Retain records | As evidence of competence | |
Employment process
|
||||
101 | 7.2.2.1 a | Comply with the anti-bribery policy and the requirements of the ABMS, in relation to personnel | And give the organization the right to discipline personnel in the event of non-compliance. Included in a documented procedure, cf. sub-clause 7.5 | |
102 | 7.2.2.1 b | Make the anti-bribery policy available and train staff on the policy | Included in a documented procedure, cf. sub-clause 7.5 | |
103 | 7.2.2.1 c | Take disciplinary action for non-compliance with anti-bribery policy or requirements of the ABMS | Included in a documented procedure, cf. sub-clause 7.5 | |
104 | 7.2.2.1 d 1 | Guarantee the absence of reprisals when refusing to participate in an activity with risk of bribery | Included in a documented procedure, cf. sub-clause 7.5 | |
105 | 7.2.2.1 d 2 | Guarantee the absence of reprisals when reporting an activity with a risk of bribery | Included in a documented procedure, cf. sub-clause 7.5 | |
106 | 7.2.2.1 e | Ensure personnel are made aware of the necessity to report conflicts of interest | Related to potential and actual conflicts of interest. Included in a documented procedure, cf. sub-clause 7.5 | |
107 | 7.2.2.2 a | Conduct due diligence on persons before they are employed | In order to ensure that the persons will comply with the anti-bribery policy and the requirements of the ABMS. Included in a documented procedure, cf. sub-clause 7.5 | |
108 | 7.2.2.2 b | Ensure that reasonable anti-bribery preventive measures are in place | To prevent them from encouraging bribery. Included in a documented procedure, cf. sub-clause 7.5 | |
109 | 7.2.2.2 c | File a declaration confirming compliance with the anti-bribery policy | Valid for personnel, top management and governing body. Included in a documented procedure, cf. sub-clause 7.5 | |
7.3
|
Awareness
|
|
||
Awareness of personnel
|
||||
110
|
7.3.1 a
|
Ensure awareness and training to personnel | On the anti-bribery policy, procedures and ABMS and their duty to comply | |
111 | 7.3.1 b | Include in the training the contribution of personnel to the effectiveness of the ABMS | And the benefits of improved anti-bribery performance and of reporting suspected bribery | |
112 | 7.3.1 c | Include in the training the implications of not conforming | With the ABMS requirements | |
113 | 7.3.1 d | Include in the training the anti-bribery procedures | And the ABMS and their duty to comply | |
114 | 7.3.1 e | Include in the training the benefits of reporting | Suspected bribery | |
115 | 7.3.1 f | Include in the training how and to whom personnel is able to report | Any concerns, cf. sub-clause 8.9 | |
116 | 7.3.1 | Retain records on the awareness program | And when and to whom it was provided | |
Training of personnel
|
||||
117 | 7.3.2 | Provide personnel with anti-bribery training | Depending on the function and the identified and potential risks, cf. sub-clause 4.5 | |
118 | 7.3.2 a | Address applicable policies and procedures | Taking into account the bribery risk assessment, cf. sub-clause 4.5 | |
119 | 7.3.2 b | Address the biribery risk and the possible damage | To personnel and the organization. Taking into account the bribery risk assessment, cf. sub-clause 4.5 | |
120 | 7.3.2 c | Address the circumstances in which bribery can occur | And how to recognize these circumstances. Taking into account the bribery risk assessment, cf. sub-clause 4.5 | |
121 | 7.3.2 d | Address how to recognize | And respond to sollicitations or offers of bribes | |
122 | 7.3.2 e | Address how to prevent and avoid bribery | And recognize key bribery risk indicators | |
123 | 7.3.2 f | Address information on available training | And resources | |
124 | 7.3.2 | Retain records on training procedures | Their content, date and list of participants, cf. sub-clause 7.5 | |
Training for business associates
|
||||
125 | 7.3.3 | Implement procedures addressing anti-bribery training for business associates | Associates which can pose more than a low bribery risk, cf. sub-clause 7.5 | |
126 | 7.3.3 | Identify the business associates | For which such training is necessary, its content and the means by which the training shall be provided, cf. sub-clause 7.5 | |
127 | 7.3.3 | Retain records on training procedures for the business associates | Their content, date and list of participants, cf. sub-clause 7.5 | |
Awareness and training programs
|
||||
128 | 7.3.4 | Provide personnel with anti-bribery awareness and training | At planned intervals and when circumstances have changed | |
129 | 7.3.4 | Update at planned intervals | The awareness and training programs | |
7.4
|
Communication
|
![]() |
||
130 | 7.4.1 a | Document on which subjects to communicate | Included in the ABMS | |
131 | 7.4.1 b | Document when to communicate | Included in the ABMS | |
132 | 7.4.1 c | Document with whom to communicate | Included in the ABMS | |
133 | 7.4.1 d | Document how to communicate | Included in the ABMS | |
134 | 7.4.1 e | Document who will communicate | Included in the ABMS | |
135 | 7.4.1 f | Document the language which will be used | Included in the ABMS | |
136 | 7.4.2 | Make available the anti-bribery policy | To personnel and business associates in appropriate languages | |
137 | 7.4.2 | Publish the anti-bribery policy | Through internal and external communication channels | |
7.5
|
Documentation
|
|||
7.5.1
|
General
|
![]() |
||
138 | 7.5.1 a | Include in the ABMS the documentation required by ISO 37001 | Procedures (documented information) available: ![]()
Records (documented information) available (to retain):
Processes:
![]()
|
|
139 | 7.5.1 b | Include the documentation deemed necessary for the effectiveness of the ABMS | In the ABMS | |
7.5.2
|
Creating and updating
|
![]() |
||
140 | 7.5.2 a | Identify and describe the documents appropriately | Such as title, author, date, codification | |
141 | 7.5.2 b | Ensure that the format and media of the documents is appropriate | Such as language, version, electronic, paper | |
142 | 7.5.2 c | Review and validate documentation appropriately | In order to determine their relevance and suitability | |
7.5.3
|
Document control
|
|||
143 | 7.5.3 a | Control documentation so that it is available and suitable for use | Where and when needed | |
144 | 7.5.3 b | Control documentation so that it is properly protected | As loss of confidentiality, improper use or loss of integrity | |
145 | 7.5.3 | Apply distribution, access, retrieval and usage activities | In order to control the documentation | |
146 | 7.5.3 | Apply storage and preservation activities | In order to control the documentation | |
147 | 7.5.3 | Apply change control activities | In order to control the documentation | |
148 | 7.5.3 | Apply retention and disposition activities | In order to control the documentation | |
149 | 7.5.3 | Identify and control documents of external origin | In order to control the documentation | |
8
|
Operation
|
Do | ||
8.1
|
Planning and control
|
|||
150 |
8.1 a | Establish criteria for the processes | The processes of the ABMS are planned, implemented and under control, cf. sub-clause 6.1 | |
151 | 8.1 b | Implement control of the processes | In accordance with the criteria, cf. sub-clause 8.1 a. The processes of the ABMS are planned, implemented and under control, cf. sub-clause 6.1 | |
152 | 8.1 | Make available documents to the extent necessary | In order to ensure that the processes are carried out as planned. Cf. sub-clause 7.5.1 | |
153 | 8.1 | Control planned and unintended changes | And undertake actions to mitigate any adverse effects | |
154 | 8.1 | Ensure control of outsourced processes | Including business associates | |
155 | 8.1 | Include specific controls | Reffered to in sub-clauses 8.2 to 8.10 | |
Due diligence
|
|
|||
156 | 8.2 a to c | Assess the nature and extent of risk related to transactions, activities, partners and personnel | Cf. sub-clauses 4.5 and 7.2.2.2 | |
157 | 8.2 | Include any due diligence | In order to obtain sufficient information to assess the bribery risk | |
158 | 8.2 | Review due diligence regularly | In order to take into account the changes, cf. sub-clause 6.3 | |
Financial controls
|
|
|||
159 | 8.3 | Implement financial controls | In order to manage bribery risk | |
Non-financial controls
|
|
|||
160 | 8.4 | Implement non-financial controls | In order to manage the risk of bribery such as purchasing, operations, sales, personnel, legal and regulatory activities | |
Business associates
|
|
|||
161 | 8.5.1 a | Implement a procedure for business associates | In order that business associates implement an ABMS | |
162 | 8.5.1 b | Implement a procedure for business associates | In order that business associates implement their own anti-bribery controls | |
163 | 8.5.2 a | Implement a procedure for business associates | In order to determine whether the business associate has implemented the applicable anti-bribery controls | |
164 | 8.5.2 b 1 | Implement a procedure for business associates | In order to require the business associate to put in place anti-bribery controls in relation to the project, transaction or activity concerned | |
165 | 8.5.2 b 2 | Implement a procedure for business associates | In order to take into account the impossibility of requiring the business associate to put in place anti-bribery controls, cf. sub-clauses 4.5, 8.2, 8.3, 8.4 and 8.5 | |
Anti-bribery commitments
|
|
|||
166 | 8.6 a | Implement a procedure for business associates | In order that business associates commit to preventing bribery | |
167 | 8.6 b | Implement a procedure for business associates | In order to terminate the relationship in event of bribery | |
168 | 8.6 | Consider, where requirements 8.6 a) and b) cannot be met, this factor when assessing bribery risks | And the way the organization manages such risks | |
|
Gifts, and similar benefits
|
|
||
169 | 8.7 | Implement a procedures for gifts and similar benefits | In order to prevent what could reasonably be perceived as an act of bribery | |
Managing inadequacy of anti-bribery controls
|
|
|||
170 | 8.8 a | Suspend the relationship with business associates when bribery risks cannot be managed | Because the anti-bribery controls are not adequate | |
171 | 8.8 b | Decline to continue the relationship with business associates for any new project when bribery risks cannot be managed | Because the anti-bribery controls are not adequate | |
Rainsing concerns
|
|
|||
172 | 8.9 a | Implement a reporting procedure | In order to encourage persons to report their concerns about attempted bribery, proven cases of bribery or suspected cases | |
173 | 8.9 b | Implement a reporting procedure | In order to protect the identity of the reporting person | |
174 | 8.9 c | Implement a reporting procedure | In order to allow anonymous reporting | |
175 | 8.9 d | Implement a reporting procedure | in order to prohibit retaliation the persons making reports | |
176 | 8.9 e | Implement a reporting procedure | In order to receive advice in the face of a concern or a suspicion of bribery | |
177 | 8.9 | Ensure that all personnel are informed about the reporting procedure | And know how to use whistleblowing reports, knows their rights and applicable protections | |
Investigating and dealing with bribery
|
|
|||
178 | 8.10 a | Implement a procedure for investigation | In order to require the assessment or investigation of any reported, detected or suspected bribery, or violation of the anti-bribery policy or the ABMS | |
179 | 8.10 b | Implement a procedure for investigation | In order to implement appropriate actions if the investigation is positive | |
180 | 8.10 c | Implement a procedure for investigation | In order to empower and enable investigators | |
181 | 8.10 d | Implement a procedure for investigation | In order to require co-operation by relevant personnel | |
182 | 8.10 e | Implement a procedure for investigation | In order to require that the status of the investigation is reported to the anti-bribery manager | |
183 | 8.10 f | Implement a procedure for investigation | In order to require the confidentiality of the investigation | |
184 | 8.10 | Conduct the investigation by non-involved personnel | A business associate can be appointed to conduct the investigation | |
9
|
Performance
|
|||
Inspection
|
||||
185 | 9.1 a | Document what needs to be monitored | And be measured | |
186 | 9.1 b | Document the methods for inspection (monitoring, measurement, analysis and evaluation) | In order to ensure valid results | |
187 | 9.1 c | Document when to perform the monitoring | And the measurement | |
188 | 9.1 d | Document when the results from monitoring and measurement shall be analyzed | And evaluated | |
189 | 9.1 | Retain documents on inspection | As evidence of the methods and the results obtained, cf. sub-clause 7.5 | |
190 | 9.1 | Evaluate the anti-bribery performance | And the effectiveness and efficiency of the ABMS | |
Internal audit
|
||||
General
|
||||
191 | 9.2.1 a | Conduct internal audits at scheduled intervals | In order to provide information on whether the ABMS is compliant, cf. ISO 19011 | |
192 | 9.2.1 a 1 | Conduct internal audits at scheduled intervals | In order to provide evidence whether the ABMS conforms to the organization's own requirements | |
193 | 9.2.1 a 2 | Conduct internal audits at scheduled intervals | In order to provide evidence whether the ABMS conforms to the requirements of ISO 37001 | |
194 | 9.2.1 b | Conduct internal audits at scheduled intervals | In order to provide evidence whether the ABMS is effectively implemented and maintained | |
Internal audit program
|
||||
195 | 9.2.2 | Plan, establish, apply and maintain the audit program | Program that includes frequency, methods, responsibilities, requirements and reporting | |
196 | 9.2.2 | Consider the importance of the processes concerned and the results of previous audits | When establishing the internal audit prigram | |
197 | 9.2.2 a | Define the audit objectives, criteria and scope | For each audit | |
198 | 9.2.2 b | Select competent auditors | And conduct audits to ensure objective and impartial audits | |
199 | 9.2.2 c | Ensure that audit results are reported to relevant managers | And top management | |
200 | 9.2.2 | Make documents on audit results available | As evidence of the implementation of the audit program | |
Audit procedures, controls and systems
|
||||
201 | 9.2.3 | Conduct reasonable and appropriate internal audits | And risk-based, cf. sub-clause 4.5 | |
202 | 9.2.3 a | Include processes that analyze procedures, controls and systems | Related to bribery and suspected bribery | |
203 | 9.2.3 b | Include processes that analyze procedures, controls and systems | Related to violation of the anti-bribery policy and ABMS requirements | |
204 | 9.2.3 c | Include processes that analyze procedures, controls and systems | Related to failure of business associates to conform to anti-bribery requirements of the organization | |
205 | 9.2.3 d | Include processes that analyze procedures, controls and systems | Related to weaknesses and opportunities of the ABMS | |
Objectivity and impartiality
|
||||
206 | 9.2.4 a | Ensure that audits are undertaken by a person independent of the process | In order to ensure the objectivity and impartiality of the audit program | |
207 | 9.2.4 b | Ensure that audits are undertaken by the anti-bribery manager | Unless the scope of the audit includes an evaluation of the ABMS or work for which the anti-bribery manager is responsible | |
208 | 9.2.4 c | Ensure that audits are undertaken by an appropriate person from another department | In order to ensure the objectivity and impartiality of the audit program | |
209 | 9.2.4 d | Ensure that audits are carried out by an appropriate third party | In order to ensure the objectivity and impartiality of the audit program | |
210 | 9.2.4 e | Ensure that the audits are undertaken by a group comprising persons from sub-clauses 9.2.4 a) to d) | In order to ensure the objectivity and impartiality of the audit program | |
211 | 9.2.4 | Ensure that no auditor audits his own department | "No-one should be a judge in his own case. Latin proverb" | |
Management review
|
||||
General
|
|
|||
212 | 9.3.1 | Conduct management reviews at planned intervals | In order to ensure that the ABMS continues to be suitable, adequate and effective | |
213 | 9.3.1 | Undertake reviews of the top management's implementation of the ABMS | At planned intervals | |
|
Management review inputs
|
|
||
214 | 9.3.2 a | Include in the management review | The status of actions from the previous management review | |
215 | 9.3.2 b | Include in the management review | Changes in external and internal issues, cf. sub-clause 4.1 | |
216 | 9.3.2 c | Include in the management review | Changes in needs and expectations of relevant stakeholders | |
217 | 9.3.2 d | Include in the management review | ABMS performance information, including nonconformities and corrective actions, inspection results, audit results, bribery reports, investigations, bribery risks | |
218 | 9.3.2 e | Include in the management review | Improvement opportunities of the ABMS, cf. sub-clause 10.1 | |
219 | 9.3.2 f | Include in the management review | Effectiveness of actions taken related to address bribery risks | |
Management review results
|
|
|||
220 | 9.3.3 | Include in the outputs of the top management review | Decisions related to improvement opportunities of the ABMS and any changes to the ABMS | |
221 | 9.3.3 | Make documents available | As evidence of the results of top management review, cf. sub-clause 7.5 | |
222 | 9.3.3 | Report to the governing body | A summary of the results of the management review | |
9.4
|
Review by anti-bribery function
|
|
||
223 | 9.4 a | Assess on a continual base whether the ABMS is adequate | In order to manage effectively the bribery risks by the anti-bribery manager | |
224 | 9.4 b | Assess on a continual base whether the ABMS is effectively implemented | By the anti-bribery manager | |
225 | 9.4 | Report, at planned intervals (at least once a year), to the governance body (if any) or to top management, on the adequacy and implementation of the ABMS | Including the results of investigations and audits | |
10
|
Improvement
|
|||
10.1
|
Continual improvement
|
|||
226 | 10.1 | Continue to improve the ABMS | Implementing opportunities identified, cf. sub-clause 9.3 | |
Nonconformity and corrective action
|
|
|||
227 | 10.2 a 1 | React promptly to the nonconformity | In order to control and correct it | |
227 | 10.2 a 2 | React promptly to the nonconformity | In order to deal with the consequences | |
229 | 10.2 b 1 | Evaluate if corrective action is needed | By reviewing the nonconformity | |
230 | 10.2 b 2 | Evaluate if corrective action is needed | By determining the causes of the nonconformity | |
231 | 10.2 b 3 | Evaluate if corrective action is needed | By determining if similar nonconformities exist or could occur | |
232 | 10.2 c | Implement any action needed | When it is necessary | |
233 | 10.2 d | Review the effectiveness of corrective action | Taken | |
234 | 10.2 e | Make changes to the ABMS | If it is necessary | |
235 | 10.2 | Perform corrective actions | Appropriate to the effects of the nonconformities | |
236 | 10.2 | Make documents on the nature of the nonconformities available | Cf. sub-clause 7.5 | |
237 | 10.2 | Make documents on the results of any corrective action available | Cf. sub-clause 7.5 | |
|
|
|