ISO 37001:2016 pdf download – Anti-bribery management systems — Requirements with guidance for use.
3.21 conformity fulfilment of a requirement (3.4) 3.22 nonconformity non-fulfilment of a requirement (3.4) 3.23 corrective action action to eliminate the cause of a nonconformity (3.22) and to prevent recurrence 3.24 continual improvement recurring activity to enhance performance (3.16) 3.25 personnel organization’s (3.2) directors, officers, employees, temporary staff or workers, and volunteers Note 1 to entry: Different types of personnel pose different types and degrees of bribery risk (3.12) and can be treated differently by the organization’s bribery risk assessment and bribery risk management procedures. Note 2 to entry: See A.8.5 for guidance on temporary staff or workers. 3.26 business associate external party with whom the organization (3.2) has, or plans to establish, some form of business relationship Note 1 to entry: Business associate includes but is not limited to clients, customers, joint ventures, joint venture partners, consortium partners, outsourcing providers, contractors, consultants, sub-contractors, suppliers, vendors, advisors, agents, distributors, representatives, intermediaries and investors. This definition is deliberately broad and should be interpreted in line with the bribery risk (3.12) profile of the organization to apply to business associates which can reasonably expose the organization to bribery risks. Note 2 to entry: Different types of business associate pose different types and degrees of bribery risk, and an organization (3.2) will have differing degrees of ability to influence different types of business associate. Different types of business associate can be treated differently by the organization’s bribery risk assessment and bribery risk management procedures. Note 3 to entry: Reference to “business” in this document can be interpreted broadly to mean those activities that are relevant to the purposes of the organization’s existence.
4.4 Anti-bribery management system The organization shall establish, document, implement, maintain and continually review and, where necessary, improve an anti-bribery management system, including the processes needed and their interactions, in accordance with the requirements of this document. The anti-bribery management system shall contain measures designed to identify and evaluate the risk of, and to prevent, detect and respond to, bribery. NOTE 1 It is not possible to completely eliminate the risk of bribery, and no anti-bribery management system will be capable of preventing and detecting all bribery. The anti-bribery management system shall be reasonable and proportionate, taking into account the factors referred to in 4.3. NOTE 2 See Clause A.3 for guidance. 4.5 Bribery risk assessment 4.5.1 The organization shall undertake regular bribery risk assessment(s), which shall: a) identify the bribery risks the organization might reasonably anticipate, given the factors listed in 4.1; b) analyse, assess and prioritize the identified bribery risks; c) evaluate the suitability and effectiveness of the organization’s existing controls to mitigate the assessed bribery risks. 4.5.2 The organization shall establish criteria for evaluating its level of bribery risk, which shall take into account the organization’s policies and objectives.