ISO 37001:2016 – Supplementary appendix

ISO 37001:2016 - Supplementary appendix

ISO 37001:2016 outlines the framework for Anti-Bribery Management Systems, detailing procedures for certification by RINA. This supplementary appendix provides essential guidelines for organizations seeking certification, including requirements for risk assessments and compliance with legal obligations. It is designed for organizations of all sizes and types, ensuring they meet international standards for anti-bribery practices. The document emphasizes the importance of evaluating sensitive processes and maintaining transparency in relationships with public officials. This resource is crucial for compliance officers and management teams aiming to implement effective anti-bribery measures.

Key Points

  • Details the requirements for ISO 37001:2016 Anti-Bribery Management Systems certification.
  • Outlines the necessary risk assessment procedures for organizations seeking certification.
  • Specifies the importance of evaluating sensitive processes and activities related to bribery.
  • Covers compliance obligations with legal, regulatory, and contractual duties.
  • Includes guidelines for maintaining transparency in relationships with public officials.
,
  • newtopiccyclegrowin
68
/ 3
Supplementary appendix to the
Rules for the Certification of Management Systems
Standard: ISO 37001
Edition: May 2025
1
Supplementary appendix Reference standard: ISO 37001
Edition: May 2025
CHAPTER 1 GENERAL
These Rules define the additional and/or substitutive procedures applied by RINA for the certification of Anti-
bribery Management Systems in relation to what is already defined in the Document General Rules for the
Certification of Management Systems RC/40.
RINA issues certification in accordance with the requirements of the ISO/IEC 17021-1:2015 Standard to
organizations whose Management System has been recognized as fully conforming to all the requirements of
the Standard:
ISO 37001:2016
ISO 37001certification may be requested by any type of organization, of any size and/or nature.
The certification is issued to a single legal entity and includes all the sites, branches, secondary offices, activities
and processes actually carried out by the organization.
There is no possibility of exclusion for any site or process within the same Country.
It is possible, however, to limit the application to specific countries, but the scope must always include sensitive
processes and activities carried out abroad when carried out under the responsibility and direct control of the
organization (eg representative offices or secondary offices brokers).
In any case, it may however be necessary to evaluate some aspects related to the Head Office, despite not
being included in the scope of the certificate.
CHAPTER 2 - REFERENCE STANDARD / CERTIFICATION REQUIREMENTS
In addition to what is already defined in the Document General Rules for the Certification of Management
Systems RC/C 40, to obtain certification by RINA, an Anti-bribery Management System must initially and over
time satisfy the requirements of the ISO 37001: 2016 Standard and the additional ones provided by the
Accreditation Bodies for the ISO 37001 scheme.
To be fully operational, an Anti-Bribery Management System, as well as complying with what is stated in the
Document General Rules for the Certification of Management Systems RC/C 40, is to ensure that:
The dimension, structure and authorities of the organization have been determined;
The context in which the organization operates has been determined;
The nature, size and complexity of the activities carried out by the organization have been determined;
The business line of the organization have been determined;
the relevant interested parties for the Anti-bribery Management System, and their requirements, have
Supplementary appendix to the
Rules for the Certification of Management Systems
Standard: ISO 37001
Edition: May 2025
2
been determined;
The subjects over which the organization has control and the entities exercising control over the
organization;
The business partners of the organization have been determined;
The nature and extent of the organization’s relationship with public officials has been determined;
The applicable legal, regulation, contractual and professional obligations and duties have been
determined;
The Antibribery Risk Assessment has been carried out on all processes and activities.
The Organization shall be in possess of a document in which its scope is determined, by considering the
requirements indicated at paragraphs 4.1, 4.2 and 4.5 of standard ISO 37001:2016 and the documented
information as after paragraph 7.5 of the reference standard.
CHAPTER 3 - INITIAL CERTIFICATION
In addition to what is indicated at paragraph 3.1 of the Document General Rules for the Certification of
Management Systems RC/C 40, the organization shall provide to RINA information related to:
Antibribery risk assessment carried out, highlighting the sensitive processes carried out at each site subject
to certification and the relevant number of employees involved;
Application of measures for preventing and controlling the risks of bribery;
Detalis related to the turnouts, in case of reception of contribution, compensations or public funds;
Reception from Public Entities or Public Companies or International Organization any kind of
compensation or retribution, including those coming from the subscription of public contracts;
Involvement in the last 5 years in at least one judicial proceeding for corruption phenomena;
Participation to national or international tenders;
Possession of the requirements of a public law body;
Quotation on the Stock Market, if any.
The above documentation is analyzed by RINA in order to verify if it’s compliant to the standard and the
requirements of these Regulations.
CHAPTER 4 - MAINTENANCE OF CERTIFICATION
The requirements of the RINA Rules for the certification of management systems (RC/C 40) apply.
Supplementary appendix to the
Rules for the Certification of Management Systems
Standard: ISO 37001
Edition: May 2025
3
CHAPTER 5 RECERTIFICATION
The requirements of the RINA Rules for the certification of management systems (RC/C 40) apply.
CHAPTER 6 - CONDUCTION OF AUDITS
The requirements of the RINA Rules for the certification of management systems (RC/C 40) apply.
CHAPTER 7 - MANAGEMENT OF CERTIFICATES OF CONFORMITY
The requirements of the RINA Rules for the certification of management systems (RC/C 40) apply.
CHAPTER 8 - MODIFICATION OF CERTIFICATION AND COMMUNICATION OF CHANGES
In addition to what indicated on the General Rules for the Certification of Management Systems RC/40 and the
provisions of the GENERAL CONTRACT CONDITIONS FOR CONFORMITY ASSESSMENT ACTIVITIES, an
organization which is certified or under certification shall timely inform RINA of any critical situation in which it is
involved that may compromise the guarantee of the management system certification (e.g. scandals, crisis of
involvement in any legal process for bribery or similar situations).
In the same way, the organization shall timely inform the CB of any event related to bribery events that may
have involved one or more of its Human Resources, and the consequent actions undertaken to contain the
effect of that event, the root-cause analysis and the related corrective actions.
RINA, after these notifications, should they come directly from the organization or from any other source, will
carry out the necessary verifications and specific detailed studies and will be able to adopt the related
measures such as: filing of the notification, financial penalties, strengthening of the inspection activities,
determined after the adequacy of the response and the strategies adopted by the organization.
CHAPTER 9 - SPECIAL REQUIREMENTS FOR MULTI-SITE ORGANISATIONS
The requirements of the RINA Rules for the certification of management systems (RC/C 40) apply.
CHAPTER 10 - TRANSFER OF ACCREDITED CERTIFICATES
The requirements of the RINA Rules for the certification of management systems (RC/C 40) apply.
CHAPTER 11 - SUSPENSION, REINSTATEMENT AND WITHDRAWAL OF CERTIFICATION
The requirements of the RINA Rules for the certification of management systems (RC/C 40) and of the
GENERAL CONTRACT CONDITIONS FOR CONFORMITY ASSESSMENT ACTIVITIES apply.
CHAPTER 12 - RENUNCIATION OF CERTIFICATION
The requirements of the RINA Rules for the certification of management systems (RC/C 40) apply.
CHAPTER 13 - CONTRACTUAL CONDITIONS
The requirements of the RINA Rules for the certification of management systems (RC/C 40) and of the
GENERAL CONTRACT CONDITIONS FOR CONFORMITY ASSESSMENT ACTIVITIES apply.
/ 3
End of Document
68
You May Also Like

FAQs of ISO 37001:2016 – Supplementary appendix

What are the key requirements for ISO 37001:2016 certification?
ISO 37001:2016 certification requires organizations to establish an Anti-Bribery Management System that meets specific criteria. These include conducting a thorough anti-bribery risk assessment, defining the organization's structure and context, and ensuring compliance with applicable legal and regulatory obligations. Organizations must also implement measures to prevent and control bribery risks and maintain documentation of their processes. Continuous monitoring and improvement of the management system are essential for maintaining certification.
How does the ISO 37001:2016 appendix assist organizations?
The ISO 37001:2016 appendix provides organizations with detailed guidelines and procedures for achieving certification in anti-bribery management. It outlines the steps necessary for conducting risk assessments, identifying sensitive processes, and ensuring compliance with legal obligations. This resource is particularly beneficial for compliance officers and management teams, as it highlights the importance of transparency and accountability in organizational practices. By following these guidelines, organizations can effectively mitigate bribery risks and enhance their ethical standards.
What is the significance of conducting an Anti-Bribery Risk Assessment?
Conducting an Anti-Bribery Risk Assessment is crucial for identifying potential vulnerabilities within an organization's processes and activities. This assessment helps organizations understand the nature and extent of their exposure to bribery risks, particularly in dealings with public officials and business partners. By evaluating these risks, organizations can implement targeted measures to prevent bribery and ensure compliance with ISO 37001:2016 standards. This proactive approach not only protects the organization from legal repercussions but also enhances its reputation and trustworthiness in the marketplace.
What types of organizations can apply for ISO 37001:2016 certification?
ISO 37001:2016 certification can be requested by any type of organization, regardless of size or nature. This includes private companies, public sector entities, non-profit organizations, and multinational corporations. The certification process is designed to be inclusive, ensuring that all organizations can implement effective anti-bribery measures tailored to their specific contexts and operational environments. By obtaining this certification, organizations demonstrate their commitment to ethical business practices and compliance with international standards.

Related of ISO 37001:2016 – Supplementary appendix