ISO 37001 is an Anti-bribery Management System that helps the organizations prevent, detect and avoid bribery by complying with Anti-bribery laws. Implementing, maintaining and improving an Anti-bribery Management System program in an organization will help the organization condemn bribery; avoid reputational damage and gain trust and confidence. Integrating ISO 37001 with any other management system will be easier if the organization has gone under specific processes and fulfilled requirements as required by ISO standards. The processes which are important when implementing a management system are objective setting, policy creation, training and awareness sessions, communication of policies that comply with ISO standards, documentation of information, control non-conformities, the creation of corrective and preventive actions, internal audits, commitment to continual improvement and management review.
In order to integrate ISO 37001 with an existing management system in an organization, we need to consider the requirements of ISO 37001 and update what has already been implemented. While updating the existing processes, the organization shall include Anti-bribery objectives and policies, train employees, communicate the anti-bribery policies and other changes that have been made in the previous processes of the management system. The organization shall comply with the requirements of ISO 37001 and other ISO standards. To do so, the organization shall document information for integrating these management systems, hold internal audits, control non-conformities of an integrated management system, create corrective and preventive actions conform to non-conformities, commit to continual improvement of integrated management systems and review them.
Regarding organizations scope and objectives some steps for implementing ISO 37001 will require the creation of new procedures by considering the legal aspects of the new standard that will be implemented. A simpler way to understand the integration of two management systems is by understanding the clauses of the standards, understanding organizations needs, and context and by matching processes in order to achieve the desired result.
The table above interprets the main requirements of four management systems that organization could but are not limited to integrate ISO 37001 with. By following this method established by PECB, organizations will find it easier to understand and implement new procedures and integrate them with the existing procedures.
Organization shall always identify which of their departments is mostly exposed to bribery risks and what measures should be taken. While taking the necessary measures, the organization shall ensure that they do not have a negative impact on measures that have already been taken for the existing management system. Thus, each measure taken shall be appropriately designed to successfully prevent or avoid bribery risk and effectively maintain the management systems.
When it comes to editing the existing policies in order to integrate Anti-bribery policies, the organization shall ensure that all the legal requirements have been met and that the anti-bribery goals and objectives do not confront other management systems objectives. The organization will have long-term advantages and will save time if they have properly identified the applicable parts of integrating two management systems.
Organizations wanting to integrate management systems can refer to PECB (Professional Evaluation and Certification Broad) training and certification services which are offered on a wide range of international standards. Organizations can choose with which management system they want to integrate ISO 37001, therefore PECB offers training that are helpful in implementing all management systems.
PECB provides many management system trainings and is not limited to:
About the author:
Donika Muçolli is the Course Development Manager for Risk and Management at PECB. She is in charge of developing and maintaining training courses related to RM. If you have any questions, please do not hesitate to contact her at rm@pecb.com.