What do I need to implement ISO 37001 in my organization?

Since each organization is different, the ways of dealing with bribery problems are also different. ISO 37001 requires the organization to establish an Anti-Bribery Policy. For this purpose, it is required to establish, document, implement, maintain and continually review, and where necessary improve, an Anti-Bribery Management System (ABMS).

In this sense, Senior Management must designate a responsible for supervising the compliance with the standard, which must carry out evaluations of bribery risk in the organization, implement a system of audits, develop procedures to control activities, as well as procedures to communicate and investigate nonconformities eventually detected.

For the ABMS to be effective in any organization, it must be adapted taking into account the organization’s internal and external context. Furthermore, in accordance with the scope of ISO 37001, the ABMS may be integrated with other management systems of ISO 9001, ISO 14001 and ISO 27001, as its structure allows it.

Therefore, with a clear scope, the organization can establish which areas do not have a risk of corruption and which do. By identifying the context, stakeholders and their needs have been identified, what needs to be done is to carry out a risk assessment. The organization should identify the corruption risks to which it is exposed, analyze, evaluate and prioritize them according to the usual protocols for these cases, derived from the use of tools such as the risk matrix. Controls are required to prevent and mitigate risks.  As in any risk management task, some risks may also be shared and others simply have to be tolerated.