Saturday, June 07 2025

ISO 37001 requirements anti-bribery management systems version 2025

03/06/2025 

Quiz requirements ISO 37001 version 2025

You want to familiarize yourself with the structure of the standard, identify and understand the requirements of ISO 37001 version 2025, then it's up to you to play!

Start

The quiz "ISO 37001 Requirements version 2025" will help you understand the main requirements of the standard.

The questions (requirements) for this quiz are 102, don't panic. The requirements of the standard are 237 but these 102 requirements are among the most important, so don't hesitate to learn in a fun way!

Don't think that you can complete this quiz in less than an hour, or even two hours, unless of course you are a little genius!

 

News on the anti-bribery standard ISO 37001 version 2025

 

The 224 requirements (shall, shall) of clauses 4 to 10 of ISO 37001 are broken down as follows:

ISO 37001 requirements version 2025 copyleft
No
Clause
PDCA cycle
Requirement No
Quantity
4
Context Plan
1 ÷ 23
23
5 Leadership Plan, Do, Check, Act
24 ÷ 72
49
6 Planning Plan
73 ÷ 95
23
7 Support Do
96 ÷ 149
54
8 Operation Do
150 ÷ 184
35
9 Performance Check 185 ÷ 225 41
10 Improvement Act 226 ÷ 237 12
Total
237

requirements iso 37001

Requirements in ISO 37001 clauses and sub-clauses

 

PDCA

Deming PDCA cycle

 

Note. Any requirement normally begins with "The organization shall ...". For simplicity we present the requirements directly starting with the verb.

ISO 37001 - Requirements and comments version 2016 copyleft
No
Clause
(sub-clause)
Requirement
PDCA cycle, links, comments
4
Context
 
4.1
The organization and its context
 
1
4.1
Document external and internal issues Everything that influences the achievement of objectives, cf. sub-clause 6.2. The issues are related to the nature of the management, the scope, the activities, the economic model, the partners, the relations with public representatives, the legal obligations
2
4.1
Determine whether climate change is a relevant issue Amendment 1 to ISO 37001: 2024: Climate action changes
 
4.2
Stakeholders
 
3
4.2 a
Document stakeholders List of stakeholders who may have an influence on the ABMS or be influenced by the ABMS (anti-bribery management system)
4 4.2 b Document requirements of stakeholders Mandatory and non-mandatory requirements, as well as voluntary commitments
5 4.2 c Document requirements which will be addressed Through the ABMS
 
 4.3
Scope
 up
6
4.3
Document the boundaries and applicability of the ABMS In order to establish the scope of the ABMS
7  4.3 a Take into account external and internal issues Internal and external issues, cf. sub-clause 4.1
8  4.3 b Take into account the requirements of stakeholders Requirements, see sub-clause 4.2
9 4.3 c Take into account the bribery risk assessment Results of risk assessment, cf. sub-clause 4.5
10 4.3 Make the scope available As a document, cf. sub-clause 7.5
4.4
Anti-bribery management system
 
11  4.4 Establish, implement, maintain and improve the ABMS

Including the processes used and their interactions

Processes: processus

  • delegate decision-making (sub-clause 5.3.3)
  • manage operational requirements (sub-clause 8.1)
  • conduct internal audits (sub-clause 9.2.2)
12  4.4 Document the ABMS Cf. sub-clause 7.5
13  4.4 Include measures related to the identification and evaluation of risk of bribery In order to prevent, detect and find remedies
14  4.4 Implement a reasonable and proportionate ABMS Taking into acount the scope of the ABMS, internal and external issues, requirements of stakeholders, anti-bribery risk assessment, cf. sub-clause 4.3
4.5
Bribery risk assessment
up
15 4.5.1 Undertake regular bribery risk assessment

Based on the standard ISO 31000 Risk management

16 4.5.1 a Identify the bribery risks Risks that can reasonably be anticipated, cf. the issues of sub-clause 4.1
17 4.5.1 b Analyze and assess the bribery risks And establish and prioritize identified risks
18 4.5.1 c Evaluate the suitability and effectiveness of the controls put in place In order to mitigate the identified and assessed risks
19 4.5.2 Define criteria In order to evaluate the level of bribery risk in the organization
20 4.5.2 Take into account the anti-bribery policy and objectives Cf. sub-clauses 5.2 and 6.2
21 4.5.3 a Review the bribery risk assessment On a regular basis, in order to take into account changes and new information available
22 4.5.3 b Review the bribery risk assessment In the event of a significant change in the structure or activities of the company
23 4.5.4 Retain records of realized assessments In order to improve the ABMS, cf. sub-clause 7.5.3
 
5
Leadership
Plan, Do, Check, Act
 
5.1
Leadership and commitment
 
 
5.1.1
Governing body
 
24 5.1.1 a Approve the anti-bribery policy In order to demonstrate the leadership and commitment of top management (or governing body), cf. sub-clause 5.2
25 5.1.1 b  Ensure that the strategy and anti-bribery policy are aligned Cf. sub-clause 5.2
26 5.1.1 c Review relevant ABMS information Top management receives this information at intervals that are planned
27 5.1.1 d Require the allocation and assignment of necessary resources In order to achieve efficient operation of the ABMS
28 5.1.1 e Exercise oversight over the implementation of the ABMS Top management reasonably manages the implementation of the ABMS
29 5.1.1 Carry out these activities by top management When the company does not have a governing body, cf. ISO 37000 - Governance of organizations
 
5.1.2
Top management
 
30 5.1.2 a Ensure that the ABanti-bribery policy and objectives are established In order to take into account the risks of bribery. In this way top management demonstrates its leadership and commitment
31 5.1.2 b Ensure that the anti-bribery requirements are met And integrated into business processes. In this way top management demonstrates its leadership and commitment
32 5.1.2 c Deploy the necessary resources In order to guarantee the efficient operation of the ABMS. In this way top management demonstrates its leadership and commitment
33 5.1.2 d Communicate on the anti-bribery policy Internally and externally. In this way top management demonstrates its leadership and commitment
34 5.1.2 e Communicate the importance of having an effective ABMS And to comply with ABMS requirements. In this way top management demonstrates its leadership and commitment
35 5.1.2 f Ensure that the ABMS is appropriate In order to achieve the objectives set. In this way top management demonstrates its leadership and commitment
36 5.1.2 g Support personnel In order for personnel to contribute to the effectiveness of the ABMS. In this way top management demonstrates its leadership and commitment
37 5.1.2 h Promote anti-bribery culture Culture appropriate to the specificities of the company. In this way top management demonstrates its leadership and commitment
38 5.1.2 i Promote continual improvement In this way, top management demonstrates its leadership and commitment. See sub-clause 10.1
39 5.1.2 j Support management roles So that they manage the prevention and detection of bribery. In this way top management demonstrates its leadership and commitment
40 5.1.2 k Encourage reporting procedures On suspicious or proven cases of bribery. In this way top management demonstrates its leadership and commitment, cf. sub-clause 8.9
41 5.1.2 l Ensure that no personnel will suffer For reporting a violation of the anti-bribery policy. In this way top management demonstrates its leadership and commitment, cf. sub-clause 7.2.2.1 d
42 5.1.2 m Report regularly on the operation of the ABMS And allegations of bribery. In this way top management demonstrates its leadership and commitment
 
5.1.3
Anti-bribery culture
 
43 5.1.3 Develop, maintain and develop an anti-bribery culture At all levels in the organization
44 5.1.3 Demonstrate an active, visible, consistent and sustained commitment Towards a common stadard of behavior and conduct
45 5.1.3 Encourage behavior supporting the anti-bribery policy And the ABMS, cf. sub-clause 4.4
46 5.1.3 Prevent any behavior that compromises anti-bribery And accept no tolerance 
 
5.2
Anti-bribery policy
 
47 5.2 a Prohibit any form of bribery Include in the established anti-bribery policy, politique
48 5.2 b Enforce with applicable anti-bribery laws Include in the established anti-bribery policy
49 5.2 c Ensure that the policy is appropriate to the purpose of the organization Include in the established anti-bribery policy
50 5.2 d Provide a framework for achieving the anti-bribery objectives Include in the established anti-bribery policy
51 5.2 e Commit to satisfy anti-bribery requirements Include in the established anti-bribery policy
52 5.2 f Encourage raising concerns in good faith Include in the established anti-bribery policy, without fear of reprisal, cf. sub-clause 8.9
53 5.2 g Commit to continual improvement Include in the established anti-bribery policy, cf. sub-clause 10.1
54 5.2 h Promote the anti-bribery function Include in the established anti-bribery policy, cf. sub-clause 5.3.2
55 5.2 i Explain in detail the consequences Of not complying with the anti-bribery policy. Include in the established anti-bribery policy
56 5.2 Ensure that the anti-bribery policy available As a document, cf. sub-clause 7.5
57 5.2 Communicate the anti-bribery policy Within the company
58 5.2 Ensure that the anti-bribery policy is available To stakeholders
59 5.2 Ensure that the anti-bribery policy is available To business associates
5.3
Roles
 
 
5.3.1
General
 
60 5.3.1 Assume overall responsibility for the implementation of, and compliance with the ABMS On behalf of top management, cf. sub-clause 5.1.2
61 5.3.1 Ensure that the responsibilities and authorities are assigned and communicated For all relevant levels within the organization
62 5.3.1 Enforce compliance with ABMS requirements in each department On behalf of every manager at every level of the organization
63 5.3.1 Understand, comply and apply the ABMS requirements at every level On behalf of top management and all other personnel
 
5.3.2
Anti-bribery function
 
64 5.3.2 a Assign responsibility and authority for unsuring that the ABMS Conforms to the requirements of ISO 37001
65 5.3.2 b Assign responsibility and authority for reporting on the performance of the ABMS To the governing body or top management
66 5.3.2 c Assign responsibility and authority for overseeing the design and implementation Of the ABMS
67 5.3.2 d Assign responsibility and authority for providing advice and guidance To personnel and stakeholders on the ABMS
68 5.3.2 Provide the anti-bribery manager with the necessary resources The anti-bribery manager is competent, has the appropriate status, authority and independence
69 5.3.2 Have direct and prompt access to top management From the anti-bribery manager in the event that any issue or concern has to be raised
70 5.3.2 Ensure that the necessary responsibilities and authorities are assigned to persons external to the organization In the event that the function or part of the anti-bribery function is outsourced
 
5.3.3
Delegated decision-making
 
71 5.3.3 Establish and maintain a decision-making process In case top management delegates decision-making to personnel free from conflicts of interest
72 5.3.3 Ensure that this process is reviewed periodically On behalf of top management, cf. sub-clause 5.3.1
 
6
Planning
 
6.1
Actions 
 
73 6.1 a Ensure the achievement of objectives Take into account issues, requirements and identified risks and opportunities, cf. sub-clauses 4.14.2, 4.5 and 10.1
74 6.1 b Prevent and reduce undesired effects of the ABMS Take into account issues, requirements and identified risks and opportunities, cf. sub-clauses 4.14.24.5 and 10.1
75  6.1 c Achieve continual improvement  Take into account issues, requirements and identified risks and opportunities, cf. sub-clauses 4.14.24.5 and 10.1
76 6.1 d Monitor the effectiveness of the ABMS Take into account issues, requirements and identified risks and opportunities, cf. sub-clauses 4.14.24.5 and 10.1
77 6.1 i Plan actions to address bribery threats And improvement opportunities, cf. sub-clause 10.1
78 6.1 ii Plan how to integrate the actions And implement in the ABMS processes
79 6.1 ii Plan how to evaluate the effectiveness of the actions Cf. sub-clauses 9.1 and 9.3
 
6.2
Objectives
up
80 6.2 Establish anti-bribery management system objectives At all levels in the organization
81 6.2 a Ensure that the ABMS objectives are consistent With the anti-bribery policy
82 6.2 b Ensure that the ABMS objectives are measurable If practicable
83 6.2 c Ensure that the ABMS objectives take into account issues, requirements and risks Cf. sub-clauses 4.14.2 and 4.5
84 6.2 d Ensure that the ABMS objectives are monitored Cf. sub-clause 9.1
85 6.2 e Ensure that the ABMS objectives are communicated Cf. sub-clause 7.4
86 6.2 f Ensure that the ABMS objectives are updated At a reasonable frequency
87 6.2 g Ensure that the ABMS objectives are available As documents, cf. sub-clause 7.5
88 6.2 h Ensure that the ABMS objectives are achievable In reasonable limits
89 6.2 Document what will be done When planning how to achieve the ABMS objectives
90 6.2 Document the necessary resources When planning how to achieve the ABMS objectives
91 6.2 Document who will be responsible for implementing the objectives When planning how to achieve the ABMS objectives
92 6.2 Document when this will be done When planning how to achieve the ABMS objectives
93 6.2 Document how the objectives will be evaluated and reported When planning how to achieve the ABMS objectives
94 6.2 Document who will be responsible in imposing sanctions or penalties When planning how to achieve the ABMS objectives
6.3
Planning of changes
 
95
6.3
Carry out changes in a planned manner When the need for changes to the ABMS is determined
 
 7
Support
 
7.1
Resources
up
96
7.1
Identify and provide personnel, physical and financial resources needed In order to establish, implement, maintain and improve the ABMS
 
7.2
Competence
 
 
7.2.1
General
 
97  7.2.1 a Document the necessary competence Of those doing work that can affect anti-bribery performance
98 7.2.1 b Ensure that the persons are competent On the basis of initial and professional education, training and experience
99 7.2.1 c Take training actions And evaluate the effectiveness of these actions
100 7.2.1 Retain records As evidence of competence
 
7.2.2
Employment process
 
101 7.2.2.1 a Comply with the anti-bribery policy and the requirements of the ABMS, in relation to personnel And give the organization the right to discipline personnel in the event of non-compliance. Included in a documented procedure, cf. sub-clause 7.5
102 7.2.2.1 b Make the anti-bribery policy available and train staff on the policy Included in a documented procedure, cf. sub-clause 7.5
103 7.2.2.1 c Take disciplinary action for non-compliance with anti-bribery policy or requirements of the ABMS  Included in a documented procedure, cf. sub-clause 7.5
104 7.2.2.1 d 1 Guarantee the absence of reprisals when refusing to participate in an activity with risk of bribery Included in a documented procedure, cf. sub-clause 7.5
105 7.2.2.1 d 2 Guarantee the absence of reprisals when reporting an activity with a risk of bribery Included in a documented procedure, cf. sub-clause 7.5
106 7.2.2.1 e Ensure personnel are made aware of the necessity to report conflicts of interest Related to potential and actual conflicts of interest. Included in a documented procedure, cf. sub-clause 7.5
107 7.2.2.2 a Conduct due diligence on persons before they are employed  In order to ensure that the persons will comply with the anti-bribery policy and the requirements of the ABMS. Included in a documented procedure, cf. sub-clause 7.5
108 7.2.2.2 b Ensure that reasonable anti-bribery preventive measures are in place To prevent them from encouraging bribery. Included in a documented procedure, cf. sub-clause 7.5
109 7.2.2.2 c File a declaration confirming compliance with the anti-bribery policy Valid for personnel, top management and governing body. Included in a documented procedure, cf. sub-clause 7.5
 
7.3
Awareness
 
 
7.3.1
Awareness of personnel
 
110
7.3.1 a
Ensure awareness and training to personnel On the anti-bribery policy, procedures and ABMS and their duty to comply
111 7.3.1 b Include in the training the contribution of personnel to the effectiveness of the ABMS And the benefits of improved anti-bribery performance and of reporting suspected bribery
112 7.3.1 c Include in the training the implications of not conforming With the ABMS requirements
113 7.3.1 d Include in the training the anti-bribery procedures And the ABMS and their duty to comply
114 7.3.1 e Include in the training the benefits of reporting Suspected bribery
115 7.3.1 f Include in the training how and to whom personnel is able to report Any concerns, cf. sub-clause 8.9
116 7.3.1 Retain records on the awareness program And when and to whom it was provided
 
7.3.2
Training of personnel
 
117 7.3.2 Provide personnel with anti-bribery training Depending on the function and the identified and potential risks, cf. sub-clause 4.5
118 7.3.2 a Address applicable policies and procedures Taking into account the bribery risk assessment, cf. sub-clause 4.5
119 7.3.2 b Address the biribery risk and the possible damage To personnel and the organization. Taking into account the bribery risk assessment, cf. sub-clause 4.5
120 7.3.2 c Address the circumstances in which bribery can occur And how to recognize these circumstances. Taking into account the bribery risk assessment, cf. sub-clause 4.5
121 7.3.2 d Address how to recognize And respond to sollicitations or offers of bribes
122 7.3.2 e Address how to prevent and avoid bribery And recognize key bribery risk indicators
123 7.3.2 f Address information on available training And resources
124 7.3.2 Retain records on training procedures Their content, date and list of participants, cf. sub-clause 7.5
 
7.3.3
Training for business associates
 
125 7.3.3 Implement procedures addressing anti-bribery training for business associates Associates which can pose more than a low bribery risk, cf. sub-clause 7.5
126 7.3.3 Identify the business associates  For which such training is necessary, its content and the means by which the training shall be provided, cf. sub-clause 7.5
127 7.3.3 Retain records on training procedures for the business associates Their content, date and list of participants, cf. sub-clause 7.5
 
7.3.4
Awareness and training programs
 
128 7.3.4 Provide personnel with anti-bribery awareness and training At planned intervals and when circumstances have changed
129 7.3.4 Update at planned intervals The awareness and training programs
 
7.4
Communication
up
130 7.4.1 a Document on which subjects to communicate Included in the ABMS
131 7.4.1 b Document when to communicate Included in the ABMS
132 7.4.1 c Document with whom to communicate Included in the ABMS
133 7.4.1 d Document how to communicate Included in the ABMS
134 7.4.1 e Document who will communicate Included in the ABMS
135 7.4.1 f Document the language which will be used Included in the ABMS
136 7.4.2 Make available the anti-bribery policy To personnel and business associates in appropriate languages
137 7.4.2 Publish the anti-bribery policy Through internal and external communication channels
 
7.5
Documentation
 
 
7.5.1
General
 up
138 7.5.1 a Include in the ABMS the documentation required by ISO 37001 Procedures (documented information) available: procédure
  • employment (sub-clause 7.2.2)
  • disciplinary action (sub-clause 7.2.2)
  • training (sub-clause 7.3)
  • documentation (sub-clause 7.5)
  • business associates (sub-clause 8.58.6)
  • gifts and similar (sub-clause 8.7)
  • reporting (sub-clause 8.9)
  • investigating and dealing with bribery (sub-clause 8.10)
  • internal audit (sub-clause 9.2.3)

Records (documented information) available (to retain): enregistrement

 

  • scope (sub-clause 4.3)
  • bribery risk assessment results (sub-clause 4.5)
  • anti-bribery objectives (sub-clause 6.2)
  • competence (sub-clause 7.2.1)
  • awareness program (sub-clause 7.3.1)
  • training program and results (sub-clause 7.3.2)
  • training program for business associates (sub-clause 7.3.3)
  • documents of external origin (sub-clause 7.5.3)
  • operational control (sub-clause 8.1)
  • due diligence results (sub-clause 8.2)
  • records of gifts and other benefits (sub-clause 8.7)
  • raised concerns (sub-clause 8.9)
  • evaluation results (sub-clause 9.1)
  • internal audit program (sub-clause 9.2.2)
  • management review results (sub-clause 9.3)
  • nonconformity and corrective action (sub-clause 10.2)

Processes: processus

  • delegate decision-making (sub-clause 5.3.3)
  • manage operational requirements (sub-clause 8.1)
  • conduct internal audits (sub-clause 9.2.2)
Policy:politique
  • anti-bribery policy (sub-clause 5.2)
139 7.5.1 b Include the documentation deemed necessary for the effectiveness of the ABMS In the ABMS
 
7.5.2
Creating and updating
up
140 7.5.2 a Identify and describe the documents appropriately Such as title, author, date, codification
141 7.5.2 b Ensure that the format and media of the documents is appropriate Such as language, version, electronic, paper
142 7.5.2 c Review and validate documentation appropriately In order to determine their relevance and suitability
 
7.5.3
Document control
 
143 7.5.3 a Control documentation so that it is available and suitable for use Where and when needed
144 7.5.3 b Control documentation so that it is properly protected As loss of confidentiality, improper use or loss of integrity
145 7.5.3 Apply distribution, access, retrieval and usage activities In order to control the documentation
146 7.5.3 Apply storage and preservation activities In order to control the documentation
147 7.5.3 Apply change control activities In order to control the documentation
148 7.5.3 Apply retention and disposition activities In order to control the documentation
149 7.5.3 Identify and control documents of external origin In order to control the documentation
8
Operation
Do
 
8.1 
Planning and control
up
150
8.1 a Establish criteria for the processes The processes of the ABMS are planned, implemented and under control, cf. sub-clause 6.1
151 8.1 b Implement control of the processes In accordance with the criteria, cf. sub-clause 8.1 a. The processes of the ABMS are planned, implemented and under control, cf. sub-clause 6.1
152 8.1 Make available documents to the extent necessary In order to ensure that the processes are carried out as planned. Cf. sub-clause 7.5.1
153 8.1 Control planned and unintended changes And undertake actions to mitigate any adverse effects
154 8.1 Ensure control of outsourced processes Including business associates
155 8.1 Include specific controls Reffered to in sub-clauses 8.2 to 8.10
 
8.2
Due diligence
 
156 8.2 a to c Assess the nature and extent of risk related to transactions, activities, partners and personnel Cf. sub-clauses 4.5 and 7.2.2.2
157 8.2 Include any due diligence In order to obtain sufficient information to assess the bribery risk
158 8.2 Review due diligence regularly In order to take into account the changes, cf. sub-clause 6.3
 
8.3
Financial controls
 
159 8.3 Implement financial controls In order to manage bribery risk
 
8.4
Non-financial controls
 
160 8.4 Implement non-financial controls In order to manage the risk of bribery such as purchasing, operations, sales, personnel, legal and regulatory activities
 
8.5
Business associates
 
161 8.5.1 a Implement a procedure for business associates In order that business associates implement an ABMS
162 8.5.1 b Implement a procedure for business associates In order that business associates implement their own anti-bribery controls
163 8.5.2 a Implement a procedure for business associates In order to determine whether the business associate has implemented the applicable anti-bribery controls
164 8.5.2 b 1 Implement a procedure for business associates In order to require the business associate to put in place anti-bribery controls in relation to the project, transaction or activity concerned
165 8.5.2 b 2 Implement a procedure for business associates In order to take into account the impossibility of requiring the business associate to put in place anti-bribery controls, cf. sub-clauses 4.5, 8.2, 8.3, 8.4 and 8.5
 
8.6
Anti-bribery commitments
 
166 8.6 a Implement a procedure for business associates In order that business associates commit to preventing bribery
167 8.6 b Implement a procedure for business associates In order to terminate the relationship in event of bribery
168 8.6 Consider, where requirements 8.6 a) and b) cannot be met, this factor when assessing bribery risks And the way the organization manages such risks
 
 8.7
Gifts, and similar benefits
 
169 8.7 Implement a procedures for gifts and similar benefits In order to prevent what could reasonably be perceived as an act of bribery
 
8.8
Managing inadequacy of anti-bribery controls
 
170 8.8 a Suspend the relationship with business associates when bribery risks cannot be managed Because the anti-bribery controls are not adequate
171 8.8 b Decline to continue the relationship with business associates for any new project when bribery risks cannot be managed Because the anti-bribery controls are not adequate
 
8.9
Rainsing concerns
 
172 8.9 a Implement a reporting procedure In order to encourage persons to report their concerns about attempted bribery, proven cases of bribery or suspected cases
173 8.9 b Implement a reporting procedure In order to protect the identity of the reporting person
174 8.9 c Implement a reporting procedure In order to allow anonymous reporting
175 8.9 d Implement a reporting procedure in order to prohibit retaliation the persons making reports
176 8.9 e Implement a reporting procedure In order to receive advice in the face of a concern or a suspicion of bribery
177 8.9 Ensure that all personnel are informed about the reporting procedure And know how to use whistleblowing reports, knows their rights and applicable protections
 
8.10
Investigating and dealing with bribery
 
178 8.10 a Implement a procedure for investigation In order to require the assessment or investigation of any reported, detected or suspected bribery, or violation of the anti-bribery policy or the ABMS
179 8.10 b Implement a procedure for investigation In order to implement appropriate actions if the investigation is positive
180 8.10 c Implement a procedure for investigation In order to empower and enable investigators
181 8.10 d Implement a procedure for investigation In order to require co-operation by relevant personnel
182 8.10 e Implement a procedure for investigation In order to require that the status of the investigation is reported to the anti-bribery manager
183 8.10 f Implement a procedure for investigation In order to require the confidentiality of the investigation
184 8.10 Conduct the investigation by non-involved personnel A business associate can be appointed to conduct the investigation
 
9
Performance
 
9.1
Inspection
up
185 9.1 a Document what needs to be monitored And be measured
186 9.1 b Document the methods for inspection (monitoring, measurement, analysis and evaluation) In order to ensure valid results
187 9.1 c Document when to perform the monitoring And the measurement
188 9.1 d Document when the results from monitoring and measurement shall be analyzed And evaluated
189 9.1 Retain documents on inspection As evidence of the methods and the results obtained, cf. sub-clause 7.5
190 9.1 Evaluate the anti-bribery performance And the effectiveness and efficiency of the ABMS
 
9.2
Internal audit
up
 
9.2.1
General
 
191 9.2.1 a Conduct internal audits at scheduled intervals  In order to provide information on whether the ABMS is compliant, cf. ISO 19011
192 9.2.1 a 1 Conduct internal audits at scheduled intervals  In order to provide evidence whether the ABMS conforms to the organization's own requirements
193 9.2.1 a 2 Conduct internal audits at scheduled intervals  In order to provide evidence whether the ABMS conforms to the requirements of ISO 37001
194 9.2.1 b Conduct internal audits at scheduled intervals  In order to provide evidence whether the ABMS is effectively implemented and maintained
 
9.2.2
Internal audit program
 
195 9.2.2 Plan, establish, apply and maintain the audit program Program that includes frequency, methods, responsibilities, requirements and reporting
196 9.2.2 Consider the importance of the processes concerned and the results of previous audits When establishing the internal audit prigram
197 9.2.2 a Define the audit objectives, criteria and scope For each audit
198 9.2.2 b Select competent auditors  And conduct audits to ensure objective and impartial audits  
199 9.2.2 c Ensure that audit results are reported to relevant managers  And top management 
200 9.2.2 Make documents on audit results available  As evidence of the implementation of the audit program
 
9.2.3
Audit procedures, controls and systems
 
201 9.2.3 Conduct reasonable and appropriate internal audits And risk-based, cf. sub-clause 4.5
202 9.2.3 a Include processes that analyze procedures, controls and systems  Related to bribery and suspected bribery
203 9.2.3 b Include processes that analyze procedures, controls and systems  Related to violation of the anti-bribery policy and ABMS requirements
204 9.2.3 c Include processes that analyze procedures, controls and systems  Related to failure of business associates to conform to anti-bribery requirements of the organization
205 9.2.3 d Include processes that analyze procedures, controls and systems  Related to weaknesses and opportunities of the ABMS
 
9.2.4
Objectivity and impartiality
 
206 9.2.4 a Ensure that audits are undertaken by a person independent of the process In order to ensure the objectivity and impartiality of the audit program
207 9.2.4 b Ensure that audits are undertaken by the anti-bribery manager Unless the scope of the audit includes an evaluation of the ABMS or work for which the anti-bribery manager is responsible
208 9.2.4 c Ensure that audits are undertaken by an appropriate person from another department In order to ensure the objectivity and impartiality of the audit program
209 9.2.4 d Ensure that audits are carried out by an appropriate third party In order to ensure the objectivity and impartiality of the audit program
210 9.2.4 e Ensure that the audits are undertaken by a group comprising persons from sub-clauses 9.2.4 a) to d) In order to ensure the objectivity and impartiality of the audit program
211 9.2.4 Ensure that no auditor audits his own department "No-one should be a judge in his own case. Latin proverb"
 
9.3
Management review
up
 
9.3.1
General
 
212 9.3.1 Conduct management reviews at planned intervals In order to ensure that the ABMS continues to be suitable, adequate and effective
213 9.3.1 Undertake reviews of the top management's implementation of the ABMS At planned intervals
 
9.3.2
Management review inputs
 
214 9.3.2 a Include in the management review The status of actions from the previous management review
215 9.3.2 b Include in the management review Changes in external and internal issues, cf. sub-clause 4.1
216 9.3.2 c Include in the management review Changes in needs and expectations of relevant stakeholders
217 9.3.2 d Include in the management review ABMS performance information, including nonconformities and corrective actions, inspection results, audit results, bribery reports, investigations, bribery risks
218 9.3.2 e Include in the management review Improvement opportunities of the ABMS, cf. sub-clause 10.1
219 9.3.2 f Include in the management review Effectiveness of actions taken related to address bribery risks
 
9.3.3
Management review results
 
220 9.3.3 Include in the outputs of the top management review Decisions related to improvement opportunities of the ABMS and any changes to the ABMS
221 9.3.3 Make documents available As evidence of the results of top management review, cf. sub-clause 7.5
222 9.3.3 Report to the governing body A summary of the results of the management review
 
9.4
Review by anti-bribery function
 
223 9.4 a Assess on a continual base whether the ABMS is adequate In order to manage effectively the bribery risks by the anti-bribery manager
224 9.4 b Assess on a continual base whether the ABMS is effectively implemented By the anti-bribery manager
225 9.4 Report, at planned intervals (at least once a year), to the governance body (if any) or to top management, on the adequacy and implementation of the ABMS Including the results of investigations and audits
10
Improvement
Act 
 
10.1
Continual improvement
up
226 10.1 Continue to improve the ABMS Implementing opportunities identified, cf. sub-clause 9.3
 
10.2
Nonconformity and corrective action
 
227 10.2 a 1 React promptly to the nonconformity  In order to control and correct it
227 10.2 a 2 React promptly to the nonconformity In order to deal with the consequences
229 10.2 b 1 Evaluate if corrective action is needed  By reviewing the nonconformity
230 10.2 b 2 Evaluate if corrective action is needed  By determining the causes of the nonconformity
231 10.2 b 3 Evaluate if corrective action is needed  By determining if similar nonconformities exist or could occur
232 10.2 c Implement any action needed When it is necessary
233 10.2 d Review the effectiveness of corrective action Taken
234 10.2 e Make changes to the ABMS  If it is necessary
235 10.2 Perform corrective actions  Appropriate to the effects of the nonconformities
236 10.2 Make documents on the nature of the nonconformities available Cf. sub-clause 7.5
237 10.2 Make documents on the results of any corrective action available Cf. sub-clause 7.5
 
 
 
up