Choose your language or country
Take your anti-corruption management to a new level
Reduced risk of corruption in the company
Greater trust among all stakeholders
Greater competitive advantages in tenders
Recognized evidence for investigations by authorities
ISO 37001: An important standard for fighting corruption
ISO 37001 certification was developed in such a way that, in principle, any company wishing to proactively prevent and combat corruption can undergo the audit. Since the standard follows the same structure as ISO 9001 or ISO 14001, the requirements can be met with comparatively little additional effort and integrated into the existing management system.
All necessary measures follow the globally applicable anti-corruption guidelines and fulfill all legal requirements. The content of the standard relates both to bribery by employees of a company, by the company itself, and to corruption emanating from business partners or affiliated companies.
An important goal of the ISO standard is to ensure that corruption prevention becomes part of a transparent and open corporate culture.
Requirements of ISO 37001
In addition, you are required to develop specific anti-corruption measures as well as fraud prevention measures. These measures must be overseen by a compliance manager appointed by you. Accordingly, such a position must be created if it does not already exist.
All employees must be trained and educated on the topic of "corruption" for ISO 37001 certification. This is to ensure that fraud prevention becomes part of the corporate culture in the medium term. It is also important to apply due diligence and exercise due care in monetary transactions or projects, as well as in the selection of business partners and employees.
Elementary to passing the ISO 37001 audit is consistent control and regulation of finances in your organization or company. This includes regular analyses and assessments of the situation as well as individual departments, courses of action and processes in the company.
Which companies is an ISO 37001 certification suitable for?
All reputable companies want to actively fight corruption and reject fraudulent acts and practices. This applies internally to employees, executives and management as well as externally to business partners or suppliers. However, ISO 37001 certification offers companies the opportunity to communicate their high compliance standards to the outside world in an objectively verifiable manner.
This helps to gain the trust of business partners and customers. The positive reputation can in turn have a favorable effect on the economic development and competitiveness of the company. Thanks to the international recognition of ISO 37001, a commitment to actively fighting and preventing corruption is also advantageous in global business relationships.
Requirements in detail
What companies must specifically fulfill for ISO 37001:
- Organizational environment: It is necessary for companies to define the scope of the certified anti-corruption management system. This includes defining the risk of corruption for the company or individual departments. In addition, measures must be defined to take preventive action against bribery. Risk analyses and assessments are an integral part of the work that must be done for a successful audit.
- Executives: Management must take responsibility for introducing, maintaining and optimizing an anti-corruption management system. This includes assigning fixed roles and responsibilities within this system.
- Planning: All anti-corruption measures require comprehensive planning, accompanied by target definitions and resource planning (financial and human).
- Operations: In this section, ISO 37001 primarily specifies that due diligence processes are implemented.
- Performance and evaluation: The anti-corruption system implemented should make the progress of the measures and processes measurable. In this way, an evaluation and subsequent improvement of the management system can take place. Internal audits can be carried out for this purpose.
Certification process according to ISO 37001
Once all requirements of the standard have been implemented, you can have your anti-corruption management system certified. In doing so, you will go through a multi-stage certification process at DQS. If a certified management system is already established in the company, the process can be shortened.
In the first step, you discuss your company, your management system and the goals of certification with us. On this basis, you will promptly receive a detailed and transparent quote, tailored to your individual needs.
Especially for larger certification projects, a planning meeting is a valuable opportunity to get to know your auditor as well as to develop an individual audit program for all involved areas and sites.
A pre-audit also offers the opportunity to identify potential for improvement as well as strengths of your management system in advance. Both services are optional.
The certification audit starts with a system analysis (audit stage 1) and an evaluation of your documentation, objectives, the results of your management review and internal audits. In this process, we determine whether your anti-corruption management system is sufficiently developed and ready for certification. In the next step (system audit stage 2), your DQS on-site auditor assesses the effectiveness of all management processes. In a final meeting, they will provide you with a detailed presentation of the results and potential improvements for your company. If necessary, action plans will be agreed upon.
After the certification audit, the results are evaluated by the independent certification board of DQS. You will receive an audit report documenting the audit results. If all requirements of ISO 37001 are met, you will receive an internationally recognized certificate.
To ensure that your company continues to meet all important criteria of the standard after the certification audit, we conduct surveillance audits on an annual basis. This provides competent support for the continuous improvement of your management system and business processes.
The certificate is valid for a maximum of three years. Recertification is carried out in good time before expiry to ensure continued compliance with the applicable standard requirements. Upon fulfillment, a new certificate is issued.