The ISO 37001:2016 Certification is an Anti-Bribery Management System Certification critical for organisations in the public, private and non-profit sectors. After all, consider the benefits: Certification adds a distinct level of credibility to the organisation’s management systems and ensures that the organisation implements a viable anti-bribery management program utilising widely accepted controls and systems. It assures management, investors, business associates, personnel and other stakeholders that the organisation is actively pursuing internationally recognised and accepted processes to prevent bribery and corruption. ISO 37001:2016 certification also protects the organisation, its assets, shareholders and directors from the effects of bribery. But what, exactly, is the process for getting ISO 37001:2016 certified by CRI Group? Once your organisation has submitted questionnaire information and completed the approval and contract stage, the certification cycle is ready to begin.

A Breakdown of the Stages of ISO 37001:2016 Certification

Step 1: Audit Confirmation

An audit plan will be developed with your organisation and confirmed to the Certification’s Body Assessment Team at least three months before the organisation’s first audit.

Step 2: Pre-assessment Audit (optional)

The organisation can opt to perform a pre-assessment audit to identify any possible gaps between its current management system and the standard requirements. This audit is optional and helps the organisation check its preparedness for the stage 1 and 2 assessments by identifying any major non-conformities that have not been addressed.

Step 3: Stage 1 Audit

Review the results of the audit, including:

  • General observations
  • Non-conformities (major or minor, see below)

Minor Non-conformities: 

These are not seen as serious. The organisation must complete an internal Corrective Action Plan (CAP) before Stage 2. CAP is not required to be sent to the Assessment Team at Stage 1.

Major Non-conformities: 

These are more serious. The organisation will need to submit a CAP within ten days of receiving the audit report, with all actions scheduled to be completed before Stage 2. The CAP should be sent to the Assessment Team. The major non-conformities raised during Stage 1 will be re-assessed during Stage 2 Audit.

Step 4: Stage 2 Audit

This is an on-site audit and takes place after the organisation has successfully completed Stage 1 and corrected any major non-conformities identified during the Stage 1 audit. Stage 2 confirms that the organisation’s management system is fully aligned to the standard. The evaluation is of management system implementation and its effectiveness.

Outcome: The audit report will detail the following:

  • Any positive observations
  • Opportunities for improvement – suggestions for improvement and any findings that could lead to potential non-conformities.
  • Non-conformities (Major or Minor)
  • Recommendation for Certification

Minor non-conformities: The organisation must complete an internal Corrective Action Plan (CAP) and submit this to the Assessment Team within 45 working days of receiving the audit report. The Assessment Team will review the CAP; it must detail the non-conformity, the cause, the proposed corrective action, who is responsible and the date the action will be implemented. Based on the evaluation of CAP, the recommendation for certification will be made.

For minor non-conformities, if an organisation has a corrective action procedure, this will not delay the certificate.

Major non-conformities: The organisation must complete an internal Corrective Action Plan (CAP) and submit it within 90 days (or 180 days depending on the number and risk of major non-conformities) of receiving the audit report be sent to the auditor.

What Comes Next?

Stay tuned for more on ISO 37001:2016: sign up for our newsletter HEREISO 37001:2016 Anti-Bribery Management System certification is offered under CRI Group’s ABAC™ Centre of Excellence, an independent certification body established for Anti-Bribery Management System training and certification, ISO 37301 Compliance Management Systems and Risk Management System certification. The program will be tailored to your organisation’s needs and requirements. For assistance in developing and implementing a fraud prevention strategy, contact ABAC™ today or get a FREE QUOTE now!

Who is CRI Group™?

Based in London, CRI Group™ works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group™ also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.