Home > Compliance > ISO 37001
ISO 37001 Anti-bribery Certification ENAC Accredited
In October 2016, the International Organization for Standardization (ISO) published the first certifiable standard on compliance, the long-awaited ISO 37001:2016 Anti-bribery management systems, commonly known as anti-corruption or anti-bribery.
Continuing with the culture of compliance that tends to prevail in the way of operating in the commercial traffic of our environment, as well as the dynamics of international standards aimed at compliance, transparency and the fight against corruption, this standard establishes the requirements to ensure good practices within companies and other organisations in the prevention, detection and reaction to bribery, being equally useful both for companies that contract in the public sector and for those that focus their activity on the purely private sphere, as well as for non-profit organisations, whatever their size.
Due to the special importance of the subject matter and the consequences of non-compliance, it is advisable to rely on the guarantee offered by an ENAC Accredited Certification Body such as EQA, which has been operating in the world of accredited certification for more than 25 years, periodically audited by ENAC and already has the appropriate procedures and material and human resources for the audit of management models.
ENAC is the entity designated by the Government to operate in Spain as the only National Accreditation Body in application of Regulation (EC) 765/2008 which regulates the operation of accreditation in the European Union.
If your organisation has implemented and executes an anti-bribery or anti-corruption system and you want to ensure that this model adequately complies with the requirements, EQA includes among its services the Accredited Certification of Anti-bribery Compliance in accordance with ISO 37001, which allows you to be sure that your system is suitable for your organisation and is properly implemented.
ISO 37001 certification diagram
Frequently Asked Questions
Can EQA help me design and implement my anti-bribery compliance management system in accordance with ISO 37001?
No. EQA is a verification and certification body and does not provide advisory or consultancy services in its areas of expertise. Our task is to audit and, where appropriate, certify that your compliance management system has been designed in accordance with the standard, is implemented in your organisation, and is being implemented correctly.
In my organisation we have implemented a crime prevention plan/model, but it has not been done according to the structure of the ISO 37001 standard. Is it possible to certify it?
In order to undertake a successful certification process, it is recommended that this crime prevention plan/model, in addition to having adequately assessed the risks related to bribery and established control measures, should have the structure of the standard. To this end, you may need to plan a transition project prior to starting the certification process.
In any case, EQA can audit your crime prevention plan/model even if it is not designed to comply with the standards, but such an audit will not result in a certificate of compliance but in a verification report issued by an independent third party.
Such verification reports are requested in some areas, although the expectation is that organisations will gradually replace the request for verification reports with the request for compliance certificates.
I have already implemented my anti-bribery compliance management system in accordance with ISO 37001, is certification mandatory?
Undergoing a management system audit and certification process is – in principle – a voluntary matter. However, one of the natural objectives of implementing a system according to a certifiable standard is precisely to go through the audit process and obtain a certificate of compliance.
The certificate is the reliable way to expose to third parties that the organisation really has a compliance management system in place. Although certification is a voluntary matter, there are certain markets where having a certificate can make the difference between being able to compete and being left out.
On the other hand, auditing and certifying your system allows you to ensure that your system is alive in your organisation and can help you to detect deviations and non-compliances, thus supporting the internal control work of the organisation.
What are the legal implications of certifying my anti-bribery compliance management system?
Obtaining a certificate of compliance of the anti-bribery compliance management system can be a valuable tool and a strong indication in favour of the organisation in case of bribery, as it can serve as proof of the organisation’s willingness to comply.
This has been stated by judicial bodies in relation to the criminal compliance certificate and it would seem correct to extend this interpretation to the field of bribery. In any case, it must be pointed out that it will be the courts of justice that will make the final decision on the value that can be given to the certificate in each situation.
By implementing my UNE 19601 criminal compliance management system, I consider that I have integrated an ISO 37001 anti-bribery system insofar as I have already assessed the bribery risks and established control measures in relation to them. Can I certify both systems?
In most cases it will be possible for the organisation to undergo both a certification process according to UNE 19601 for its criminal compliance management system and a certification process according to ISO 37001 in the same audit process.
This is possible insofar as both standards share an almost identical structure, so that a robust UNE 19601 system should have integrated most of the requirements that an ISO 37001 system should integrate.
In any case, it is an option that will depend on the organisation concerned, and in no case is it compulsory to undergo both certification processes at the same time.
Can any entity audit and certify my anti-bribery compliance management system in accordance with ISO 37001?
In principle, certification bodies are the ones called upon to carry out these auditing and certification processes, as they are organisations that have been providing this type of services for decades, experts in working under the premises of independence, impartiality and technical competence. Furthermore, those that have made a firm commitment to compliance – as is the case of EQA – will tend to have solid structures and their own staff with exclusive dedication to undertake these projects.
In principle, using accredited certification bodies can be an indication that the entity meets the appropriate levels of independence, impartiality and competence. Our compliance division manager published an article in Cinco Días giving more details on this issue.
Contact us for more information about ISO 37001
Follow us
Tel. +34 913 078 648