DRAFT INTERNA INTERNATIONAL TIONAL ST STANDARD ANDARD This is a preview of "ISO/DIS 37001". Click here to purchase the full version from the ANSI store. ISO/DIS 37001
ISO/PC 278 278
Secretariat: BSI
Voting begins on: 2016-01-05
Voting terminates on: 2016-04-05
Anti-bribery management management systems systems Systèmes de management anti-corruption
ICS: 03.100.01
THIS DOCUMENT IS A DRAFT CIRCULATED FOR COMMENT AND APPROVAL. IT IS THEREFORE SUBJECT TO CHANGE AND MAY NOT BE REFERRED TO AS AN INTERNATIONAL STANDARD STAND ARD UNTIL PUBLISHED AS SUCH. IN ADDITION TO THEIR EVALUATION AS BEING ACCEPTABLE FOR INDUSTRIAL, TECHNOLOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT INTERNATIONAL STANDARDS MAY ON OCCASION HAVE TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL TO BECOME STANDARDS TO WHICH REFERENCE MAY BE MADE IN NATIONAL REGULATIONS. RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT, WITH THEIR COMMENTS, NOTIFICATION OF ANY RELEVANT PATENT RIGHTS OF WHICH THEY A RE AWARE AND TO PROVIDE SUPPORTING DOCUMENTA DOCUMENTATION. TION.
Reference number ISO/DIS 37001:2015(E)
© ISO 2015
ISO/DIS 37001:2015(E) This is a preview of "ISO/DIS 37001". Click here to purchase the full version from the ANSI store.
COPYRIGHT PROTECTED DOCUMENT © ISO 2015, Published in Switzerland Switzerland All rights reserved. Unless otherwise speciied, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester. ISO copyright ofice Ch. de Blandonnet 8 • CP 401 CH-1214 Vernier, Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47
[email protected] www.iso.org
ii
© ISO 2015 – All rights reserved
ISO/DIS 37001:2015(E) This is a preview of "ISO/DIS 37001". Click here to purchase the full version from the ANSI store.
COPYRIGHT PROTECTED DOCUMENT © ISO 2015, Published in Switzerland Switzerland All rights reserved. Unless otherwise speciied, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester. ISO copyright ofice Ch. de Blandonnet 8 • CP 401 CH-1214 Vernier, Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47
[email protected] www.iso.org
ii
© ISO 2015 – All rights reserved
This is a preview of "ISO/DIS 37001". Click here to purchase the full version from the ANSI store. 16
Contents
17
Forewo For eword rd ...................................................................................................................................... ..............................................................................................................................................................4 ........................4
18
Introduction .........................................................................................................................................................5
19
1
Sco pe .......................................................................................... ......................................................................................................................................................6 ............................................................6
20
2
Normat Nor mat iv e ref erenc es .................................................................................................. ............................................................................................................................7 ..........................7
21
3
Terms Term s and def init in it ions io ns .................................................................................................. ...........................................................................................................................7 .........................7
22 23 24 25 26 27
4 4.1 4.2 4.3 4.4 4.5
Contex Con tex t of th e organi or gani zati on ................................................................................................. ................................................................................................................10 ...............10 Unders tand ing the th e org anizati on and its contex co ntex t ............ .................. ............ ........... ........... ............ ........... ........... ............ ........... ........... ............ .........1 ...10 0 Unders tand ing the needs and expect atio ns of st akehol ders ........... ................. ........... ........... ............ ........... ........... ............ ........... ......11 .11 Determi ning ni ng the th e scope sc ope of the th e anti -bri bery management syst sy st em ........... ................. ........... ........... ............ ........... ........... ............ ......11 11 Anti An ti -brib -br ibery ery managemen man agemen t sy st em ............................................................................................ ......................................................................................................11 ..........11 Brib Br ib ery ri sk assess ass essment ment ............................................................................................... .....................................................................................................................11 ......................11
28 29 30 31 32 33 34 35 36
5 5.1 5.1.1 5.1.2 5.2 5.3 5.3.1 5.3.2 5.3.3
Leader sh ip ....................................................................................... ............................................................................................................................................12 .....................................................12 Leader sh ip and co mmit mm it ment men t ................................................................................................. ..............................................................................................................12 .............12 Govern Gov ernin ing g body bo dy ................................................................................... ...................................................................................................................................12 ................................................12 Top managemen man agemen t ............................................................................ .................................................................................................................................12 .....................................................12 Anti An ti -brib -br ib ery poli po licy cy ....................................................................................... ...............................................................................................................................13 ........................................13 Organi zation al rol es, resp ons ibi liti li ti es and autho rit ies ............ ................. ........... ............ ........... ........... ............ ........... ........... ............ ............ ......13 13 Rol es and res pons po nsib ibilil it ies .............................................................................................. ..................................................................................................................13 ....................13 Ant i-bri bery com plianc pl ianc e fun ct ion ......... ............... ........... ........... ............ ........... ........... ............ ........... ........... ............ ............ ........... ........... ........... ........... ............ ........14 ..14 Delegat ed dec is ion-m io n-maki aki ng ............................................................................................... ................................................................................................................14 .................14
37 38 39
6 6.1 6.2
Planni Plan ning ng .................................................................................... ................................................................................................................................................1 ............................................................14 4 Acti Ac tions ons to addr ess bri bery ri sks sk s and opp ort uni ties ti es ........... ................. ............ ........... ........... ............ ........... ........... ............ ............ ............ .........1 ...14 4 Ant i-br ibery ib ery obj ecti ves and plan nin g to achi eve them th em ............ ................. ........... ............ ............ ........... ........... ............ ........... ........... ...........1 .....15 5
40 41 42 43 44 45 46 47 48 49 50
7 7.1 7.2 7.2.1 7.2.2 7.3 7.4 7.5 7.5.1 7.5.2 7.5.3 7.5.3
Suppo Sup port rt ................................................................................................ .................................................................................................................................................15 .................................................15 Resour Reso urces ces ................................................................................ .............................................................................................................................................1 .............................................................15 5 Compet Com pet ence enc e .................................................................................................. .........................................................................................................................................16 .......................................16 General ................................................................................ ..................................................................................................................................................1 ..................................................................16 6 Emp lo yment ym ent proc pr ocedu edures res .......................................................................................... .....................................................................................................................16 ...........................16 Aw arenes s and tr ainin ain ing g .................................................................................................... ......................................................................................................................17 ..................17 Commu Com muni nicat cat ion io n ................................................................................. ....................................................................................................................................17 ...................................................17 Doc ument um ent ed in form fo rmati ati on ...................................................................................... ....................................................................................................................18 ..............................18 General ................................................................................ ..................................................................................................................................................1 ..................................................................18 8 Creatin Creat ing g and updat up dat ing in g ................................................................................................ .........................................................................................................................18 .........................18 Cont rol o f doc ument ed info rmat ion .......... ............... ........... ............ ............ ............ ........... ........... ............ ........... ........... ........... ........... ............ ........... ........... .........18 ...18
51 52 53 54 55 56 57 58 59 60 61 62
8 8.1 8.2 8.3 8.4 8.5 8.5 8.6 8.7 8.8 8.9 8.10
Operat ion io n ........................................................................................... ..............................................................................................................................................19 ...................................................19 Operat ional io nal plann pl annin ing g and co ntro nt roll ........................................................................................ ......................................................................................................19 ..............19 Due dili di li gence gen ce .......................................................................... ........................................................................................................................................1 ..............................................................19 9 Financ Fin anc ial co ntro nt rols ls ................................................................................................. ................................................................................................................................19 ...............................19 Non-fi Non -fi nanc ial co ntro nt rols ls ................................................................................................ .........................................................................................................................20 .........................20 Implementation Implementation of anti-bribery anti-bribery controls by controlled organizations organizations and by business assoc ass oc iat es ................................................................................ .............................................................................................................................................2 .............................................................20 0 Anti An ti -brib -br ib ery comm co mmit it ments men ts ..................................................................................... ..................................................................................................................20 .............................20 Gift s, hos pitali pi tali ty, ty , don atio ns and simil si mil ar benefi ts ........... ................ ........... ............ ........... ........... ............ ............ ............ ........... ........... ........... ........21 ...21 Managing inad equacy of anti -bri bery con tro ls ........... ................. ............ ............ ........... ........... ............ ........... ........... ............ ........... ........... ........... .......21 ..21 Rais in g conc co ncern ern s .................................................................................................. .................................................................................................................................21 ...............................21 Invest igat ing and dealing w ith it h bri bery ............ .................. ............ ............ ........... ........... ............ ........... ........... ............ ........... ........... ............ .......... .......... .........21 ...21
63 64 65 66 67
9 9.1 9.2 9.3 9.4
Perf orman or mance ce evaluat eval uat ion io n ................................................................................................... ......................................................................................................................22 ...................22 Moni tor ing , measur ement, analys is and evaluat ion ........... ................. ............ ........... ........... ............ ........... ........... ............ ........... ........... ..........2 ....22 2 Review by an t i -b r i b er y com pli ance fun ction ct ion ............ ................. ........... ............ ........... ........... ............ ........... ........... ............ ........... ........... ............ .......22 .22 Int ernal ern al audi t ............................................................................................. ........................................................................................................................................22 ...........................................22 Top managem man agement ent review rev iew ........................................................................................... .....................................................................................................................23 ..........................23
2
Page
© ISO 2015 – All rights reserved
68
9.5
Governing body review ....................................................................................................................... 24
69 Impro vemen t ........................................................................................................................................ 24 This is 10 a preview of "ISO/DIS 37001". Click here to purchase the full version from the ANSI store. 70 71
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105
10.1 10.2
Nonconf orm it y and cor rect ive acti on ................................................................................................ 24 Conti nual improvement ...................................................................................................................... 25
Annex A.1 A.2 A.2.1 A.2.2 A.3 A.4 A.5 A.6 A.7 A.8 A.8.1 A.8.2 A.8.3 A.8.4 A.8.5 A.9 A.10 A.11 A.12 A.13
A (i nf ormative) Guidance on the use of t his In ternat ional Standard ............................................ 27 General ................................................................................................................................................. 27 Scope of t he ant i-bri bery managem ent sy st em ............................................................................... 27 Standalone or i nt egrated anti-bribery managem ent syst em .......................................................... 27 Facili tat ion and extort ion payments .................................................................................................. 27 Reasonable and proporti onate .......................................................................................................... 28 Br ibery Ris k A ss essment ................................................................................................................... 29 Roles and responsi bi li ti es of governin g body and to p managem ent ............................................ 30 An ti-bribery compli ance functi on ...................................................................................................... 31 Resources ............................................................................................................................................ 32 Emplo yment procedures .................................................................................................................... 32 Due di li gence on personnel ............................................................................................................... 32 Performance bonus es ......................................................................................................................... 32 Confl ic ts of interest ............................................................................................................................. 33 Br ibery of the organization’ s personnel ........................................................................................... 33 Tempo rary staf f o r w orkers ................................................................................................................ 34 Aw arenes s and training ...................................................................................................................... 34 Due dil igence ....................................................................................................................................... 35 Financial controls ................................................................................................................................ 36 Non-fi nanci al control s......................................................................................................................... 37 Implementation o f t h e anti-bribery management syst em by co nt rol led organizatio ns an d business associates ........................................................................................................................... 38 A.13.1 General ................................................................................................................................................. 38 A.13.2 Contr olled organi zations .................................................................................................................... 38 A.13.3 Busi ness asso ci ates ........................................................................................................................... 39 A.14 An ti-bribery commit ment s .................................................................................................................. 40 A.15 Gifts , hosp it ality , donations and si milar benefits ............................................................................ 41 A.16 Int ernal aud it ........................................................................................................................................ 43 A.17 Documented information .................................................................................................................... 43 A.18 Invest igati ng and deali ng with bribery ............................................................................................. 44 A.19 Monit oring ............................................................................................................................................ 45 A.20 Publi c o ff ic ials ..................................................................................................................................... 46 A.21 An ti-bribery init iatives......................................................................................................................... 46
© ISO 2015 – All rights reserved
3
This is a preview of "ISO/DIS 37001". Click here to purchase the full version from the ANSI store. 106
Foreword
107 108 109 110 111 112
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
113 114 115 116
The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
117 118 119 120
Attention is drawn to the possibility that some of the elements of this document may be the th e subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
121 122
Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.
123 124 125 126 127
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information. The committee responsible for this document is Technical Committee ISO/TC 207, Environmental management, Subcommittee SC 1, Environmental management systems.
128
ISO 37001 was prepared by Technical Committee ISO/TC 278, Anti-briber 278, Anti-bribery y management management systems. systems.
129 130
NOTE TO THIS TEXT (which will not be included in the published International Standard):
131 132 133 134 135 136
This text has been prepared using the a high level structure, identical core text, and common terms with core definitions, designed to benefit users implementing multiple ISO management system standards, as set out in Annex SL, Appendix 2 of the ISO/IEC Directives, Part 1, Consolidated ISO Supplement, 2015. The text of Annex SL is shown in the main body of the text (Clauses 1 to 10) by the use of blue blue font. font. All other text is shown in black in black font. This is only to facilitate analysis and will not be incorporated in the final version of ISO 37001.
4
© ISO 2015 – All rights reserved
This is a preview of "ISO/DIS 37001". Click here to purchase the full version from the ANSI store. 137
Introduction
138 139 140 141 142 143
Bribery is a widespread phenomenon. It raises serious moral, economic and political concerns, undermines good governance, hinders development and distorts competition. It erodes justice, undermines human rights and is an obstacle to the relief of poverty. It also increases the cost of doing business, introduces uncertainties into commercial transactions, increases the cost of goods and services, diminishes the quality of products and services, which may lead to loss of life and property, destroys trust in institutions and interferes with the fair and efficient operation of markets.
144 145 146 147 148
Governments have made progress in addressing bribery through international agreements such as the Organization for Economic Co-operation and Development’s Convention on Combating Bribery of Foreign Public Officials in International Business Transactions and the United Nations Convention against Corruption and through their national laws. In most jurisdictions, it is an offence for individuals to engage in bribery and there is a growing trend to make organizations as well as individuals liable for bribery.
149
Nevertheless, the law alone is not sufficient to solve this problem.
150 151 152 153
Organizations therefore have a responsibility to proactively contribute to combating bribery. This can be achieved through leadership commitment to establishing a culture of integrity, transparency, openness and compliance. The nature of an organization's culture is critical to the success or failure of an anti-bribery management system.
154 155
This International Standard is intended to support the establishment of such a culture by providing an antibribery management system framework.
156 157 158 159 160
A well-managed organization should have a compliance policy supported by appropriate management systems to assist it in complying with its legal obligations and commitment to integrity. An anti-bribery policy is a component of an overall compliance policy. The anti-bribery policy and supporting management system helps an organization to avoid or mitigate the costs, risks and damage of involvement in bribery, to promote trust and confidence in business dealings and to enhance its reputation.
161 162 163 164 165 166 167 168
This International Standard reflects international good practice and is applicable across all jurisdictions. It is applicable to small, medium and large organizations in all sectors, including public, private and not-for-profit sectors. The bribery risks facing an organization vary according to factors such as the size of the organization, the locations and sectors in which the organization operates and the nature, scale and complexity of the organization's activities. Therefore, this International Standard specifies the implementation by the organization of policies, procedures and controls which are reasonable and proportionate according to the bribery risks the organization faces. Annex A provides guidance on implementing the requirements of this International Standard.
169 170 171 172
Conformity with this International Standard cannot provide assurance that no bribery has occurred or will take place in relation to the organization as it is not possible to completely eliminate the risk of bribery. However, this International Standard can help the organization implement reasonable and proportionate measures designed to prevent, detect and address bribery.
173 174
This International Standard can be used in conjunction with ISO 19600 and other management system standards such as ISO 9001, ISO 14001, ISO 22000, as well as ISO 26000 and ISO 31000.
© ISO 2015 – All rights reserved
5
This is a preview of "ISO/DIS 37001". Click here to purchase the full version from the ANSI store.
175
Antt i -br An -brii b er ery y m anag anagemen ementt s y s t em ems s—
176
1
Scope
177 178 179 180
This International Standard specifies requirements and provides guidance for establishing, implementing, maintaining, reviewing and improving an anti-bribery management system. The system can be standalone or can be integrated into an overall management system. This standard addresses the following in relation to the organization's activities:
181
a)
bribery in the public, private and not-for-profit sectors; sectors;
182
b)
bribery by the organization;
183
c)
bribery by the organization's personnel acting on the organization's behalf or for its benefit;
184
d)
bribery by the organization's business associates acting on the organization's behalf or for its benefit;
185
e)
bribery of the organization;
186
f)
bribery of the organization's personnel in relation to the organization’s activities;
187
g)
bribery of the organization's business associates in relation to the organization’s activities;
188
h)
direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party).
189 190 191
This International Standard is applicable only to bribery. It sets out requirements and provides guidance for a management system designed to help an organization to prevent, detect and address bribery and comply with anti-bribery laws and voluntary commitments applicable to its activities.
192 193 194 195 196 197 198 199 200 201 202
In this International Standard, the term "bribery" is used to refer to the offering, promising, giving, accepting or soliciting of an undue advantage of any value (which could be financial or non-financial), directly or indirectly, and irrespective of location(s), in violation of applicable law, as an inducement or reward for a person acting or refraining from acting in relation to the performance of that person's duties.
203 204 205 206
The requirements of this International Standard are generic and are intended to be applicable to all organizations (or parts of an organization), regardless of type, size and nature of activity, and whether in the public, private or not-for-profit sectors. The extent of application of these requirements depends on the factors specified in 4.1, 4.2 and 4.5.
207 208 209
If the whole or part of any requirement in this International Standard is in conflict with, or prohibited by, any applicable law, then the organization will not be obliged to conform with the relevant whole or part of that requirement.
210
NOTE 1
211 212 213
NOTE 2 The measures necessary to prevent, detect and address the risk of bribery by the organization may be different from the measures used to prevent, detect and address bribery of the organization (or its personnel or business associates acting on the organization's behalf). See A.8.4 for guidance.
Moreover, this general use of the term “bribery” will be further informed by the anti-bribery laws applicable to the organization and an anti-bribery management system designed to help the organization. This International Standard does not specifically address fraud, cartels and other anti-trust/competition offences, money-laundering or other activities related to corrupt practices (although an organization may choose to extend the scope of the management system to include such activities).
6
See A.2 for guidance.
© ISO 2015 – All rights reserved
214
2
Normative references
This a preview "ISO/DISreferences. 37001". Click here to purchase the full version from the ANSI store. 215 is There are noofnormative 216
3
Terms and defini tio ns
217
For the purposes of this document, the following terms and definitions apply.
218 219 220 221
3.01 organization person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives (3.10)
222 223 224
Note 1 to entry: The concept of organization includes, but is not limited to sole-trader, company, corporation, firm, enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated or not, public or private.
225 226
Note 2 to entry: organization.
227 228 229 230
3.02 stakeholder person or organization (3.01) that can affect, be affected by, or perceive itself to be affected by a decision or activity
231
Note 1 to entry:
232 233 234
3.03 requirement need that is stated and obligatory
235 236 237 238
3.04 management system set of interrelated or interacting elements of an organization (3.01) to establish policies (3.09) and objectives (3.10) and processes (3.14) to achieve those objectives
239
Note 1 to entry:
A management system can address a single discipline or several disciplines.
240 241
Note 2 to entry: operation.
The system elements include the organization’s structure, roles and responsibilities, planning and
242 243 244
Note 3 to entry: The scope of a management system may include the whole of the organization, specific and identified functions of the organization, specific and identified sections of the organization, or one or more functions across a group of organizations.
245 246 247
3.05 top management person or group of people who directs and controls an organization (3.01) at the highest level
248
Note 1 to entry:
249 250
Note 2 to entry: If the scope of the management system (3.04) covers only part of an organization, then top management refers to those who direct and control that part of the organization.
251 252 253 254
Note 3 to entry: Organizations can be organized depending on which legal framework they are obliged to operate under and also according to their size, sector etc. Some organizations may have both a governing body (3.06) and top management (3.05), while some organizations may not have responsibilities divided into several bodies. These variations, both in respect of organization and responsibilities, can be considered when applying the requirements in clause 5.
255 256
3.06 governing body
257 258
group or body that has the ultimate responsibility and authority for an organization's (3.01) activities, governance and policies and to which top management (3.05) reports and is held accountable.
For organizations with more than one operating unit, a single operating unit may be defined as an
A stakeholder can be internal or external to the organization.
Top management has the power to delegate authority and provide resources within the organization.
© ISO 2015 – All rights reserved
7
259
EXAMPLE
260 261
Note 1istoaentry: organizations, particularly have governing bodythe separate top This previewNot of all "ISO/DIS 37001". Click small hereorganizations, to purchasewill the fullaversion from ANSIfrom store.
262 263 264
3.07 anti-bribery compli ance functi on person(s) with responsibility and authority for the operation of the anti-briberymanagement system (3.04)
265 266 267
3.08 effectiveness extent to which planned activities are realized and planned results achieved
268 269 270 271
3.09 policy intentions and direction of an organization (3.01), as formally expressed by its top management (3.05) or its governing body (3.06)
272 273 274
3.10 objective result to be achieved
275
Note 1 to entry:
276 277 278
Note 2 to entry: Objectives can relate to different disciplines (such as financial, sales and marketing, procurement, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process (3.14)).
279 280
Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational criterion, as an anti-bribery objective, or by the use of other words with similar meaning (e.g. aim, goal, or target).
281 282
Note 4 to entry: In the context of anti-bribery management systems, anti-bribery objectives are set by the organization, consistent with the anti-bribery policy, to achieve s pecific results.
283 284 285
3.11 risk effect of uncertainty on objectives (3.10)
286
Note 1 to entry:
287 288
Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence or likelihood.
289 290
Note 3 to entry: Risk is often characterized by reference to potential "events" (as defined in ISO Guide 73:2009, 3.5.1.3) and "consequences" (as defined in ISO Guide 73:2009, 3.6.1.3), or a combination of these.
291 292
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated "likelihood" (as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.
293 294 295
3.12 competence ability to apply knowledge and skills to achieve intended results
296 297 298 299
3.13 documented information information required to be controlled and maintained by an organization (3.01) and the medium on which it is contained
300
Note 1 to entry:
Documented information can be in any format and media, and from any source.
301
Note 2 to entry:
Documented information can refer to:
302
— the management system (3.04), including related processes (3.14);
Board of directors, supervisory board, trustees or overseers.
management (see 3.05 Note 3 to entry).
8
An objective can be strategic, tactical or operational.
An effect is a deviation from the expected — positive or negative.
© ISO 2015 – All rights reserved
303
— information created in order for the organization to operate (documentation);
This a preview ofresults "ISO/DIS 37001". Click here to purchase the full version from the ANSI store. evidence of achieved (records). 304 is — 305 306 307
3.14 process set of interrelated or interacting activities which transforms inputs into outputs
308 309 310
3.15 performance measurable result
311
Note 1 to entry:
312 313
Note 2 to entry: Performance can relate to the management of activities, processes (3.14), products (including services), systems or organizations (3.01).
314 315 316
3.17 monitoring determining the status of a system, a process (3.14) or an activity
317
Note 1 to entry:
318 319 320
3.18 measurement process (3.14) to determine a value
321 322 323 324
3.19 audit systematic, independent and documented process (3.14) for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled
325 326
Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party), and it can be a combined audit (combining two or more disciplines).
327
Note 2 to entry:
An internal audit is conducted by the organization itself, or by an external party on its behalf.
328
Note 3 to entry:
“Audit evidence” and “audit criteria” are defined in ISO 19011.
329 330 331
3.20 conformity fulfilment of a requirement (3.03)
332 333 334
3.21 nonconformity non-fulfilment of a requirement (3.03)
335 336 337
3.22 corrective action action to eliminate the cause of a nonconformity (3.21) and to prevent recurrence
338 339 340
3.23 continual imp rovement recurring activity to enhance performance (3.15)
341
Note 1 to entry:
342 343 344
3.24 personnel organization's (3.01) directors, officers, employees, temporary staff or workers, and volunteers
345
Note 1 to entry:
Performance can relate either to quantitative or qualitative findings.
To determine the status, there may be a need to check, supervise or critically observe.
See 10.2.
See A.8.5 for guidance on temporary staff or workers.
© ISO 2015 – All rights reserved
9
346 347
Note 2 to entry: Different types of personnel pose different types and degrees of briberyrisk (3.11) and therefore may be treated differently by the organization's bribery risk assessment and bribery risk management procedures.
This is a preview of "ISO/DIS 37001". Click here to purchase the full version from the ANSI store.
348 349 350
3.25 business associ ate external party with whom the organization (3.01) has, or plans to establish, some form of business relationship
351 352 353 354 355
Note 1 to entry: Business associate includes but is not limited to clients, customers, joint ventures, joint venture partners, consortium partners, outsourcing providers, contractors, consultants, sub-contractors, suppliers, vendors, advisors, agents, distributors, representatives, intermediaries and investors. This definition is deliberately broad and should be interpreted in line with the bribery risk profile of the organization to apply to business associates which may reasonably expose the organization to bribery risks.
356 357 358 359
Note 2 to entry: Different types of business associate pose different types and degrees of bribery risk (3.11), and an organization (3.01) will have differing degrees of ability to influence different types of business associate. Different types of business associate may therefore be treated differently by the organization's bribery risk assessment and bribery risk management procedures.
360 361
Note 3 to entry: Reference to “business” in this International Standard can be interpreted broadly to mean those activities that are relevant to the purposes of the organization’s existence.
362 363 364 365 366
3.26 public official any person holding a legislative, administrative or judicial office, whether appointed or elected, or any person exercising a public function, including for a public agency or public enterprise, or any official or agent of a public domestic or international organization
367
Note 1 to entry:
368 369 370
3.27 third party person or body that is independent of the organization
371 372 373 374
3.28 conflict of interest situation where business, financial, family, political or personal interests could interfere with the judgment of personnel (3.24) in carrying out their duties for the organization
375 376 377 378
3.30 due dili gence process (3.14) to further assess the nature and extent of the bribery risk (3.11) and help organizations make decisions in relation to specific transactions, projects, activities, business associates and personnel
379 380 381
3.31 ensure take reasonable and proportionate steps with the intent of achieving the stated objective
382
4
383
4.1 Understanding the organization and its context
384 385 386
The organization shall determine external and internal factors that are relevant to its purpose and that affect its ability to achieve the objectives of its anti-bribery management system. These factors will include, without limitation, the following:
387
a)
size and structure of the organization;
388
b)
locations and sectors in which the organization operates or anticipates operating;
389
c)
nature, scale and complexity of the organization's activities and operations;
390
d)
entities over which the organization has control;
10
For examples of individuals who can be considered to be public officials, see A.20.
Context of the org anizatio n
© ISO 2015 – All rights reserved
391
e)
organization's business associates;
This a preview of "ISO/DIS Click with herepublic to purchase the full version from the ANSI store. 392 is f) the nature and extent 37001". of interactions officials; and 393
g)
applicable statutory, regulatory, contractual and professional obligations and duties.
394 395
NOTE An organization has control over another organization if it directly or indirectly controls the management of the organization.
396
4.2 Understanding the needs and expectations of s takeholders
397
The organization shall determine:
398
a)
the stakeholders that are relevant to the anti-bribery management system;
399
b)
the relevant requirements of these stakeholders.
400 401
NOTE In identifying the requirements of stakeholders, an organization can distinguish between mandatory requirements and the non-mandatory expectations of, and voluntary commitments to, stakeholders.
402
4.3 Determini ng t he scope of the anti-bribery management s ystem
403 404
The organization shall determine the boundaries and applicability of the anti-bribery management system to establish its scope.
405
When determining this scope, the organization shall consider:
406
a)
the external and internal factors referred to in 4.1;
407
b)
the requirements referred to in 4.2;
408
c)
the results of the bribery risk assessment referred to in 4.5.
409
The scope shall be available as documented information.
410
4.4 Anti-bribery management s ystem
411 412 413
The organization shall establish, document, implement, maintain and continually review and, where necessary, improve an anti-bribery management system, including the processes needed and their interactions, in accordance with the requirements of this International Standard.
414 415
The anti-bribery management system shall contain measures designed to identify and evaluate the risk of, and to prevent, detect and address, bribery.
416 417
NOTE 1 It is not possible to completely eliminate the risk of bribery, and no anti-bribery management system will be capable of preventing and detecting all bribery.
418 419
The anti-bribery management system shall be reasonable and proportionate, taking into account the factors referred to in 4.3.
420
NOTE 2
421
4.5 Bribery risk assessment
422
4.5.1
423
a)
identify the bribery risks the organization might reasonably anticipate given the factors listed in 4.1;
424
b)
assess and prioritize the identified bribery risks;
425 426
c)
evaluate the suitability and effectiveness of the organization's existing controls to mitigate the assessed bribery risks.
See A.3 for guidance.
The organization shall undertake bribery risk assessment(s) which shall:
© ISO 2015 – All rights reserved
11
427 428
4.5.2 The organization shall establish criteria for evaluating its level of bribery risk, which shall take into account the organization's policies and objectives.
This is a preview of "ISO/DIS 37001". Click here to purchase the full version from the ANSI store. 429
4.5.3
430 431
a)
on a regular basis so that changes and new information can be properly assessed based on timing and frequency defined by the organization;
432
b)
in the event of a significant change to the structure or activities of the organization.
433 434
4.5.4 The organization shall maintain documented information that demonstrates that the bribery risk assessment has been conducted, and used to design the anti-bribery management system.
435
NOTE
436
5
437
5.1 Leadership and com mitment
438
5.1.1
439 440
When the organization has a governing body, that body shall demonstrate leadership and commitment with respect to the anti-bribery management system by:
441
a)
approving the organization’s anti-bribery policy;
442 443
b)
at planned intervals receiving and reviewing information about the content and operation of the organization’s anti-bribery management system;
444 445
c)
ensuring that adequate and appropriate resources needed for effective operation of the anti-bribery management system are allocated and assigned;
446 447
d)
exercising reasonable oversight over the implementation of the organization’s anti-bribery management system by top management and its effectiveness.
448
NOTE
449
5.1.2
450 451
Top management shall demonstrate leadership and commitment with respect to the anti-bribery management system by:
452 453
a)
ensuring that the anti-bribery management system, including policy and objectives, is established, implemented, maintained and reviewed to adequately address the organization's bribery risks;
454 455
b)
ensuring the integration of the anti-bribery management system requirements into the organization’s processes;
456 457
c)
deploying adequate and appropriate resources for the effective operation of the anti-bribery management system;
458
d)
communicating internally and externally regarding the anti-bribery policy;
459 460
e)
communicating internally the importance of effective anti-bribery management and of conforming to the anti-bribery management system requirements;
461
f)
ensuring that the anti-bribery management system is appropriately designed to achieve its objectives;
462 463
g)
directing and supporting personnel to contribute to the effectiveness of the anti-bribery management system;
12
The bribery risk assessment shall be reviewed:
See A.4 for guidance.
Leadership
Governing body
These activities shall be carried out by top management if the organization does not have a governing body.
Top management
© ISO 2015 – All rights reserved
464
h)
promoting an appropriate anti-bribery culture within the organization;
This of "ISO/DIS 37001". Click here to purchase the full version from the ANSI store. 465 is i)a preview promoting continual improvement; 466 467
j)
supporting other relevant management roles to demonstrate their leadership in preventing and detecting bribery as it applies to their areas of responsibility;
468
k)
encouraging the use of reporting procedures for suspected and actual bribery (see also 8.9);
469 470 471 472
l)
ensuring that no personnel will suffer retaliation or discriminatory or disciplinary action for reports made in good faith or on the basis of a reasonable belief of violations or suspected violations of the organization’s anti-bribery policy, or for refusing to engage in bribery, even if such refusal may result in the organization losing business (except where the individual participated in the breach);
473 474
m) at planned intervals, reporting to the governing body (if one exists) on the content and operation of the anti-bribery management system and of allegations of serious and/or systematic bribery.
475
NOTE
476
5.2 An ti -br ib ery policy
477
Top management shall establish, review and maintain an anti-bribery policy that:
478
a)
prohibits bribery;
479
b)
requires compliance with anti-bribery laws that are applicable to the organization;
480
c)
is appropriate to the purpose of the organization;
481
d)
provides a framework for setting, reviewing and achieving anti-bribery objectives;
482
e)
includes a commitment to satisfy anti-bribery management system requirements;
483
f)
encourages raising concerns in confidence without fear of reprisal;
484
g)
includes a commitment to continual improvement of the anti-bribery management system;
485
h)
explains the authority and independence of the anti-bribery compliance function; and
486
i)
explains the consequences of not complying with the anti-bribery policy.
487
The anti-bribery policy shall:
488
a)
be available as documented information;
489 490
b)
be communicated in appropriate languages within the organization and to business associates who pose more than a low risk of bribery;
491
c)
be available to relevant stakeholders, as appropriate.
492
5.3 Organizational r oles, responsibi liti es and authoriti es
493
5.3.1
494 495
Top management shall have overall responsibility for the implementation of and compliance with the antibribery management system as described in 5.1.2.
496 497
Top management shall ensure that the responsibilities and authorities for relevant roles are assigned and communicated within and throughout every level of the organization.
498
Managers at every level shall be responsible for ensuring that the anti-bribery management system
See A.5 for guidance.
Roles and respons ibil iti es
© ISO 2015 – All rights reserved
13
