Anti-bribery management systems -- Requirements with guidance for use

ISO 37001:2016 specifies requirements and provides guidance for establishing, implementing, maintaining, reviewing and improving an anti-bribery management system. The system can be stand-alone or can be integrated into an overall management system. ISO 37001:2016 addresses the following in relation to the organization's activities: · bribery in the public, private and not-for-profit sectors; · bribery by the organization; · bribery by the organization's personnel acting on the organization's behalf or for its benefit; · bribery by the organization's business associates acting on the organization's behalf or for its benefit; · bribery of the organization; · bribery of the organization's personnel in relation to the organization's activities; · bribery of the organization's business associates in relation to the organization's activities; · direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party). ISO 37001:2016 is applicable only to bribery. It sets out requirements and provides guidance for a management system designed to help an organization to prevent, detect and respond to bribery and comply with anti-bribery laws and voluntary commitments applicable to its activities. ISO 37001:2016 does not specifically address fraud, cartels and other anti-trust/competition offences, money-laundering or other activities related to corrupt practices, although an organization can choose to extend the scope of the management system to include such activities. The requirements of ISO 37001:2016 are generic and are intended to be applicable to all organizations (or parts of an organization), regardless of type, size and nature of activity, and whether in the public, private or not-for-profit sectors. The extent of application of these requirements depends on the factors specified in 4.1, 4.2 and 4.5.

Systèmes de management anti-corruption -- Exigences et recommandations de mise en oeuvre

L'ISO 37001:2016 définit des exigences et fournit des préconisations pour l'établissement, la mise en ?uvre, la tenue ŕ jour, la revue et l'amélioration d'un systčme de management anti-corruption. Le systčme peut ętre autonome ou intégré ŕ un systčme de management global. L'ISO 37001:2016 couvre les aspects suivants en ce qui concerne les activités de l'organisme: - corruption dans les secteurs public, privé et ŕ but non lucratif; - corruption par l'organisme; - corruption par le personnel de l'organisme agissant pour le compte de l'organisme ou dans son intéręt; - corruption par les partenaires commerciaux de l'organisme agissant pour le compte de l'organisme ou dans son intéręt; - corruption de l'organisme; - corruption du personnel de l'organisme dans le cadre des activités de l'organisme; - corruption des partenaires commerciaux de l'organisme dans le cadre des activités de l'organisme; - corruption directe et indirecte (par exemple, un pot-de-vin offert ou accepté par une tierce partie). L'ISO 37001:2016 est applicable ŕ la corruption uniquement. Il définit des exigences et fournit des préconisations pour les systčmes de management conçus pour aider les organismes ŕ prévenir, détecter et lutter contre la corruption, et ŕ respecter les lois anti-corruption et leurs engagements volontaires applicables ŕ leurs activités. L'ISO 37001:2016 n'aborde pas spécifiquement la fraude, les ententes et autres délits anti-trust/de concurrence, le blanchiment d'argent ou autres activités liées ŕ des man?uvres frauduleuses, męme si l'organisme peut choisir d'étendre le périmčtre du systčme de management afin d'inclure de telles activités. Les exigences du présent document sont génériques et destinées ŕ s'appliquer ŕ tous les organismes (ou parties d'organisme), indépendamment du type, de la taille et de la nature de l'activité, qu'ils évoluent dans le secteur public, privé ou ŕ but non lucratif. L'étendue de l'application de ces exigences dépend des facteurs décrits en 4.1, 4.2 et 4.5.

Sistemi vodenja za preprečevanje korupcije - Zahteve z navodili za uporabo

Ta dokument določa zahteve in podaja smernice za vzpostavljanje, uvajanje, vzdrževanje, pregledovanje in izboljševanje sistema vodenja za preprečevanje korupcije. Sistem je lahko samostojen ali integriran kot del celovitega sistem vodenja. Ta dokument obravnava naslednje točke v povezavi z dejavnostmi organizacije:
– podkupovanje v javnem, zasebnem in neprofitnem sektorju;
– podkupovanje s strani organizacije;
– podkupovanje s strani osebja organizacije, ki deluje v imenu organizacije ali v njeno korist;
– podkupovanje s strani poslovnih partnerjev organizacije, ki delujejo v imenu organizacije ali v njeno korist;
– podkupovanje organizacije;
– podkupovanje osebja organizacije, ki je povezano z dejavnostmi organizacije;
– podkupovanje poslovnih partnerjev organizacije, ki so povezani z dejavnostmi organizacije;
– neposredno in posredno podkupovanje (npr. podkupnina, ki jo ponudi ali sprejme tretja stranka).
Ta dokument se uporablja samo za podkupovanje. Podaja zahteve in smernice za sistem vodenja, ki je zasnovan, da pomaga organizacijam pri preprečevanju, odkrivanju in odzivanju na podkupovanje ter ravnanju v skladu z zakoni za preprečevanje korupcije in prostovoljnimi zavezami, ki veljajo za te dejavnosti.
Ta dokument ne obravnava posebej prevar, kartelov in drugih protimonopolnih kršitev, pranja denarja ali drugih dejavnosti, ki so povezane s koruptivnimi praksami, čeprav se lahko organizacija odloči, da razširi področje sistema vodenja in vključi te dejavnosti.
Zahteve tega dokumenta so splošne in so namenjene uporabi za vse organizacije (ali dele organizacij) neodvisno od vrste, velikosti in narave dejavnosti ter ne glede na to, ali delujejo v javnem, zasebnem ali neprofitnem sektorju. Obseg uporabe teh zahtev je odvisen od dejavnikov, ki so navedeni v točkah 4.1, 4.2 in 4.5.
OPOMBA 1: Za napotke glej točko A.2.
OPOMBA 2: Ukrepi, ki so potrebni za preprečevanje, odkrivanje in omejevanje podkupovanja s strani organizacije, se lahko razlikujejo od ukrepov za preprečevanje, odkrivanje in odzivanje na podkupovanje organizacije (oziroma njenega osebja ali poslovnih partnerjev, ki delujejo v imenu organizacije). Za napotke glej točko A.8.4.

General Information

Status
Published
Publication Date
12-Oct-2016
Current Stage
6060 - International Standard published
Start Date
03-Oct-2016
Completion Date
13-Oct-2016

Buy Standard

Standard
ISO 37001:2016 - Anti-bribery management systems -- Requirements with guidance for use
English language
47 pages
sale 15% off
Preview
sale 15% off
Preview
Standard
ISO 37001:2016 - natisnjeno
English language
53 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day
Standard
ISO 37001:2016 - Systemes de management anti-corruption -- Exigences et recommandations de mise en oeuvre
French language
51 pages
sale 15% off
Preview
sale 15% off
Preview
Standard
ISO 37001:2016 - Anti-bribery management systems -- Requirements with guidance for use
Spanish language
51 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO
STANDARD 37001
First edition
2016-10-15
Anti-bribery management systems —
Requirements with guidance for use
Systèmes de management anti-corruption — Exigences et
recommandations de mise en oeuvre
Reference number
ISO 37001:2016(E)
ISO 2016
---------------------- Page: 1 ----------------------
ISO 37001:2016(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2016, Published in Switzerland

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form

or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior

written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of

the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2016 – All rights reserved
---------------------- Page: 2 ----------------------
ISO 37001:2016(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Context of the organization ....................................................................................................................................................................... 6

4.1 Understanding the organization and its context ....................................................................................................... 6

4.2 Understanding the needs and expectations of stakeholders .......................................................................... 6

4.3 Determining the scope of the anti-bribery management system ................................................................ 6

4.4 Anti-bribery management system ......................................................................................................................................... 7

4.5 Bribery risk assessment .................................................................................................................................................................. 7

5 Leadership .................................................................................................................................................................................................................. 8

5.1 Leadership and commitment ..................................................................................................................................................... 8

5.1.1 Governing body ................................................................................................................................................................. 8

5.1.2 Top management ............................................................................................................................................................. 8

5.2 Anti-bribery policy .............................................................................................................................................................................. 9

5.3 Organizational roles, responsibilities and authorities.......................................................................................... 9

5.3.1 Roles and responsibilities ........................................................................................................................................ 9

5.3.2 Anti-bribery compliance function..................................................................................................................10

5.3.3 Delegated decision-making .................................................................................................................................10

6 Planning ......................................................................................................................................................................................................................10

6.1 Actions to address risks and opportunities ................................................................................................................10

6.2 Anti-bribery objectives and planning to achieve them .....................................................................................11

7 Support ........................................................................................................................................................................................................................11

7.1 Resources ..................................................................................................................................................................................................11

7.2 Competence ............................................................................................................................................................................................12

7.2.1 General...................................................................................................................................................................................12

7.2.2 Employment process .................................................................................................................................................12

7.3 Awareness and training ................................................................................................................................................................13

7.4 Communication ...................................................................................................................................................................................13

7.5 Documented information ............................................................................................................................................................14

7.5.1 General...................................................................................................................................................................................14

7.5.2 Creating and updating ..............................................................................................................................................14

7.5.3 Control of documented information ............................................................................................................14

8 Operation ..................................................................................................................................................................................................................15

8.1 Operational planning and control .......................................................................................................................................15

8.2 Due diligence .........................................................................................................................................................................................15

8.3 Financial controls ..............................................................................................................................................................................16

8.4 Non-financial controls ...................................................................................................................................................................16

8.5 Implementation of anti-bribery controls by controlled organizations and by

business associates ..........................................................................................................................................................................16

8.6 Anti-bribery commitments........................................................................................................................................................17

8.7 Gifts, hospitality, donations and similar benefits ...................................................................................................17

8.8 Managing inadequacy of anti-bribery controls ........................................................................................................17

8.9 Raising concerns .................................................................................................................................................................................17

8.10 Investigating and dealing with bribery ...........................................................................................................................18

9 Performance evaluation ............................................................................................................................................................................18

9.1 Monitoring, measurement, analysis and evaluation ............................................................................................18

9.2 Internal audit .........................................................................................................................................................................................19

9.3 Management review ........................................................................................................................................................................20

9.3.1 Top management review .......................................................................................................................................20

© ISO 2016 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO 37001:2016(E)

9.3.2 Governing body review ...........................................................................................................................................20

9.4 Review by anti-bribery compliance function ............................................................................................................21

10 Improvement .........................................................................................................................................................................................................21

10.1 Nonconformity and corrective action ..............................................................................................................................21

10.2 Continual improvement ...............................................................................................................................................................22

Annex A (informative) Guidance on the use of this document ...............................................................................................23

Bibliography .............................................................................................................................................................................................................................46

iv © ISO 2016 – All rights reserved
---------------------- Page: 4 ----------------------
ISO 37001:2016(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,

as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the

Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.

The committee responsible for this document is Project Committee ISO/PC 278, Anti-bribery

management systems.
© ISO 2016 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO 37001:2016(E)
Introduction

Bribery is a widespread phenomenon. It raises serious social, moral, economic and political concerns,

undermines good governance, hinders development and distorts competition. It erodes justice,

undermines human rights and is an obstacle to the relief of poverty. It also increases the cost of doing

business, introduces uncertainties into commercial transactions, increases the cost of goods and

services, diminishes the quality of products and services, which can lead to loss of life and property,

destroys trust in institutions and interferes with the fair and efficient operation of markets.

Governments have made progress in addressing bribery through international agreements such as the

Organization for Economic Co-operation and Development Convention on Combating Bribery of Foreign

[15]

Public Officials in International Business Transactions and the United Nations Convention against

[14]

Corruption and through their national laws. In most jurisdictions, it is an offence for individuals to

engage in bribery and there is a growing trend to make organizations, as well as individuals, liable for

bribery.

However, the law alone is not sufficient to solve this problem. Organizations have a responsibility to

proactively contribute to combating bribery. This can be achieved by an anti-bribery management

system, which this document is intended to provide, and through leadership commitment to establishing

a culture of integrity, transparency, openness and compliance. The nature of an organization’s culture

is critical to the success or failure of an anti-bribery management system.

A well-managed organization is expected to have a compliance policy supported by appropriate

management systems to assist it in complying with its legal obligations and commitment to integrity.

An anti-bribery policy is a component of an overall compliance policy. The anti-bribery policy and

supporting management system helps an organization to avoid or mitigate the costs, risks and damage

of involvement in bribery, to promote trust and confidence in business dealings and to enhance its

reputation.

This document reflects international good practice and can be used in all jurisdictions. It is applicable to

small, medium and large organizations in all sectors, including public, private and not-for-profit sectors.

The bribery risks facing an organization vary according to factors such as the size of the organization,

the locations and sectors in which the organization operates, and the nature, scale and complexity of the

organization’s activities. This document specifies the implementation by the organization of policies,

procedures and controls which are reasonable and proportionate according to the bribery risks the

organization faces. Annex A provides guidance on implementing the requirements of this document.

Conformity with this document cannot provide assurance that no bribery has occurred or will occur

in relation to the organization, as it is not possible to completely eliminate the risk of bribery. However,

this document can help the organization implement reasonable and proportionate measures designed

to prevent, detect and respond to bribery.
In this document, the following verbal forms are used:
— “shall” indicates a requirement;
— “should” indicates a recommendation;
— “may” indicates a permission;
— “can” indicates a possibility or a capability.

Information marked as “NOTE” is for guidance in understanding or clarifying the associated

requirement.

This document conforms to ISO’s requirements for management system standards. These requirements

include a high level structure, identical core text, and common terms with core definitions, designed to

benefit users implementing multiple ISO management system standards. This document can be used

in conjunction with other management system standards (e.g. ISO 9001, ISO 14001, ISO/IEC 27001 and

ISO 19600) and management standards (e.g. ISO 26000 and ISO 31000).
vi © ISO 2016 – All rights reserved
---------------------- Page: 6 ----------------------
INTERNATIONAL STANDARD ISO 37001:2016(E)
Anti-bribery management systems — Requirements with
guidance for use
1 Scope

This document specifies requirements and provides guidance for establishing, implementing,

maintaining, reviewing and improving an anti-bribery management system. The system can be stand-

alone or can be integrated into an overall management system. This document addresses the following

in relation to the organization’s activities:
— bribery in the public, private and not-for-profit sectors;
— bribery by the organization;

— bribery by the organization’s personnel acting on the organization’s behalf or for its benefit;

— bribery by the organization’s business associates acting on the organization’s behalf or for its

benefit;
— bribery of the organization;

— bribery of the organization’s personnel in relation to the organization’s activities;

— bribery of the organization’s business associates in relation to the organization’s activities;

— direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party).

This document is applicable only to bribery. It sets out requirements and provides guidance for a

management system designed to help an organization to prevent, detect and respond to bribery and

comply with anti-bribery laws and voluntary commitments applicable to its activities.

This document does not specifically address fraud, cartels and other anti-trust/competition offences,

money-laundering or other activities related to corrupt practices, although an organization can choose

to extend the scope of the management system to include such activities.

The requirements of this document are generic and are intended to be applicable to all organizations

(or parts of an organization), regardless of type, size and nature of activity, and whether in the public,

private or not-for-profit sectors. The extent of application of these requirements depends on the factors

specified in 4.1, 4.2 and 4.5.
NOTE 1 See Clause A.2 for guidance.

NOTE 2 The measures necessary to prevent, detect and mitigate the risk of bribery by the organization can be

different from the measures used to prevent, detect and respond to bribery of the organization (or its personnel

or business associates acting on the organization’s behalf). See A.8.4 for guidance.

2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
© ISO 2016 – All rights reserved 1
---------------------- Page: 7 ----------------------
ISO 37001:2016(E)

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at http://www.iso.org/obp
— IEC Electropedia: available at http://www.electropedia.org/
3.1
bribery

offering, promising, giving, accepting or soliciting of an undue advantage of any value (which could

be financial or non-financial), directly or indirectly, and irrespective of location(s), in violation of

applicable law, as an inducement or reward for a person acting or refraining from acting in relation to

the performance (3.16) of that person’s duties

Note 1 to entry: The above is a generic definition. The meaning of the term “bribery” is as defined by the anti-

bribery law applicable to the organization (3.2) and by the anti-bribery management system (3.5) designed by the

organization.
3.2
organization

person or group of people that has its own functions with responsibilities, authorities and relationships

to achieve its objectives (3.11)

Note 1 to entry: The concept of organization includes, but is not limited to sole-trader, company, corporation, firm,

enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated

or not, public or private.

Note 2 to entry: For organizations with more than one operating unit, one or more of the operating units can be

defined as an organization.
3.3
interested party (preferred term)
stakeholder (admitted term)

person or organization (3.2) that can affect, be affected by, or perceive itself to be affected by a decision

or activity
Note 1 to entry: A stakeholder can be internal or external to the organization.
3.4
requirement
need that is stated and obligatory

Note 1 to entry: The core definition of “requirement” in ISO management system standards is “need or

expectation that is stated, generally implied or obligatory”. “Generally implied requirements” are not applicable

in the context of anti-bribery management.

Note 2 to entry: “Generally implied” means that it is custom or common practice for the organization and

interested parties that the need or expectation under consideration is implied.

Note 3 to entry: A specified requirement is one that is stated, for example in documented information.

3.5
management system

set of interrelated or interacting elements of an organization (3.2) to establish policies (3.10) and

objectives (3.11) and processes (3.15) to achieve those objectives

Note 1 to entry: A management system can address a single discipline or several disciplines.

Note 2 to entry: The management system elements include the organization’s structure, roles and responsibilities,

planning and operation.

Note 3 to entry: The scope of a management system may include the whole of the organization, specific and

identified functions of the organization, specific and identified sections of the organization, or one or more

functions across a group of organizations.
2 © ISO 2016 – All rights reserved
---------------------- Page: 8 ----------------------
ISO 37001:2016(E)
3.6
top management

person or group of people who directs and controls an organization (3.2) at the highest level

Note 1 to entry: Top management has the power to delegate authority and provide resources within the

organization.

Note 2 to entry: If the scope of the management system (3.5) covers only part of an organization, then top

management refers to those who direct and control that part of the organization.

Note 3 to entry: Organizations can be organized depending on which legal framework they are obliged to operate

under and also according to their size, sector, etc. Some organizations have both a governing body (3.7) and top

management, while some organizations do not have responsibilities divided into several bodies. These variations,

both in respect of organization and responsibilities, can be considered when applying the requirements in

Clause 5.
3.7
governing body

group or body that has the ultimate responsibility and authority for an organization’s (3.2) activities,

governance and policies and to which top management (3.6) reports and by which top management is

held accountable

Note 1 to entry: Not all organizations, particularly small organizations, will have a governing body separate from

top management (see 3.6, Note 3 to entry).

Note 2 to entry: A governing body can include, but is not limited to, board of directors, committees of the board,

supervisory board, trustees or overseers.
3.8
anti-bribery compliance function

person(s) with responsibility and authority for the operation of the anti-bribery management system (3.5)

3.9
effectiveness
extent to which planned activities are realized and planned results achieved
3.10
policy

intentions and direction of an organization (3.2), as formally expressed by its top management (3.6) or

its governing body (3.7)
3.11
objective
result to be achieved
Note 1 to entry: An objective can be strategic, tactical or operational.

Note 2 to entry: Objectives can relate to different disciplines (such as financial, sales and marketing, procurement,

health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-

wide, project, product and process (3.15)).

Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an

operational criterion, as an anti-bribery objective, or by the use of other words with similar meaning (e.g. aim,

goal, or target).

Note 4 to entry: In the context of anti-bribery management systems (3.5), anti-bribery objectives are set by the

organization (3.2), consistent with the anti-bribery policy (3.10), to achieve specific results.

3.12
risk
effect of uncertainty on objectives (3.11)

Note 1 to entry: An effect is a deviation from the expected — positive or negative.

© ISO 2016 – All rights reserved 3
---------------------- Page: 9 ----------------------
ISO 37001:2016(E)

Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or

knowledge of, an event, its consequence or likelihood.

Note 3 to entry: Risk is often characterized by reference to potential “events” (as defined in ISO Guide 73:2009,

3.5.1.3) and “consequences” (as defined in ISO Guide 73:2009, 3.6.1.3), or a combination of these.

Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including

changes in circumstances) and the associated “likelihood” (as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.

3.13
competence
ability to apply knowledge and skills to achieve intended results
3.14
documented information

information required to be controlled and maintained by an organization (3.2) and the medium on

which it is contained

Note 1 to entry: Documented information can be in any format and media, and from any source.

Note 2 to entry: Documented information can refer to:
— the management system (3.5), including related processes (3.15);

— information created in order for the organization to operate (documentation);

— evidence of results achieved (records).
3.15
process

set of interrelated or interacting activities which transforms inputs into outputs

3.16
performance
measurable result

Note 1 to entry: Performance can relate either to quantitative or qualitative findings.

Note 2 to entry: Performance can relate to the management of activities, processes (3.15), products (including

services), systems or organizations (3.2).
3.17
outsource (verb)

make an arrangement where an external organization (3.2) performs part of an organization’s function

or process (3.14)

Note 1 to entry: An external organization is outside the scope of the management system (3.5), although the

outsourced function or process is within the scope.

Note 2 to entry: The core text of ISO management system standards contains a definition and requirement in

relation to outsourcing, which is not used in this document, as outsourcing providers are included within the

definition of business associate (3.26).
3.18
monitoring
determining the status of a system, a process (3.15) or an activity

Note 1 to entry: To determine the status, there can be a need to check, supervise or critically observe.

3.19
measurement
process (3.15) to determine a value
4 © ISO 2016 – All rights reserved
---------------------- Page: 10 ----------------------
ISO 37001:2016(E)
3.20
audit

systematic, independent and documented process (3.15) for obtaining audit evidence and evaluating it

objectively to determine the extent to which the audit criteria are fulfilled

Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party),

and it can be a combined audit (combining two or more disciplines).

Note 2 to entry: An internal audit is conducted by the organization (3.2) itself, or by an external party on its behalf.

Note 3 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.
3.21
conformity
fulfilment of a requirement (3.4)
3.22
nonconformity
non-fulfilment of a requirement (3.4)
3.23
corrective actio
...

SLOVENSKI STANDARD
SIST ISO 37001:2016
01-december-2016
6LVWHPLYRGHQMD]DSUHSUHþHYDQMHNRUXSFLMH=DKWHYH]QDYRGLOL]DXSRUDER
Anti-bribery management systems - Requirements with guidance for use

Systèmes de management anti-corruption -- Exigences et recommandations de mise en

oeuvre
Ta slovenski standard je istoveten z: ISO 37001:2016
ICS:
03.100.02 Upravljanje in etika Governance and ethics
03.100.70 Sistemi vodenja Management systems
SIST ISO 37001:2016 en,fr

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST ISO 37001:2016
---------------------- Page: 2 ----------------------
SIST ISO 37001:2016
INTERNATIONAL ISO
STANDARD 37001
First edition
2016-10-15
Anti-bribery management systems —
Requirements with guidance for use
Systèmes de management anti-corruption — Exigences et
recommandations de mise en oeuvre
Reference number
ISO 37001:2016(E)
ISO 2016
---------------------- Page: 3 ----------------------
SIST ISO 37001:2016
ISO 37001:2016(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2016, Published in Switzerland

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form

or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior

written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of

the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2016 – All rights reserved
---------------------- Page: 4 ----------------------
SIST ISO 37001:2016
ISO 37001:2016(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Context of the organization ....................................................................................................................................................................... 6

4.1 Understanding the organization and its context ....................................................................................................... 6

4.2 Understanding the needs and expectations of stakeholders .......................................................................... 6

4.3 Determining the scope of the anti-bribery management system ................................................................ 6

4.4 Anti-bribery management system ......................................................................................................................................... 7

4.5 Bribery risk assessment .................................................................................................................................................................. 7

5 Leadership .................................................................................................................................................................................................................. 8

5.1 Leadership and commitment ..................................................................................................................................................... 8

5.1.1 Governing body ................................................................................................................................................................. 8

5.1.2 Top management ............................................................................................................................................................. 8

5.2 Anti-bribery policy .............................................................................................................................................................................. 9

5.3 Organizational roles, responsibilities and authorities.......................................................................................... 9

5.3.1 Roles and responsibilities ........................................................................................................................................ 9

5.3.2 Anti-bribery compliance function..................................................................................................................10

5.3.3 Delegated decision-making .................................................................................................................................10

6 Planning ......................................................................................................................................................................................................................10

6.1 Actions to address risks and opportunities ................................................................................................................10

6.2 Anti-bribery objectives and planning to achieve them .....................................................................................11

7 Support ........................................................................................................................................................................................................................11

7.1 Resources ..................................................................................................................................................................................................11

7.2 Competence ............................................................................................................................................................................................12

7.2.1 General...................................................................................................................................................................................12

7.2.2 Employment process .................................................................................................................................................12

7.3 Awareness and training ................................................................................................................................................................13

7.4 Communication ...................................................................................................................................................................................13

7.5 Documented information ............................................................................................................................................................14

7.5.1 General...................................................................................................................................................................................14

7.5.2 Creating and updating ..............................................................................................................................................14

7.5.3 Control of documented information ............................................................................................................14

8 Operation ..................................................................................................................................................................................................................15

8.1 Operational planning and control .......................................................................................................................................15

8.2 Due diligence .........................................................................................................................................................................................15

8.3 Financial controls ..............................................................................................................................................................................16

8.4 Non-financial controls ...................................................................................................................................................................16

8.5 Implementation of anti-bribery controls by controlled organizations and by

business associates ..........................................................................................................................................................................16

8.6 Anti-bribery commitments........................................................................................................................................................17

8.7 Gifts, hospitality, donations and similar benefits ...................................................................................................17

8.8 Managing inadequacy of anti-bribery controls ........................................................................................................17

8.9 Raising concerns .................................................................................................................................................................................17

8.10 Investigating and dealing with bribery ...........................................................................................................................18

9 Performance evaluation ............................................................................................................................................................................18

9.1 Monitoring, measurement, analysis and evaluation ............................................................................................18

9.2 Internal audit .........................................................................................................................................................................................19

9.3 Management review ........................................................................................................................................................................20

9.3.1 Top management review .......................................................................................................................................20

© ISO 2016 – All rights reserved iii
---------------------- Page: 5 ----------------------
SIST ISO 37001:2016
ISO 37001:2016(E)

9.3.2 Governing body review ...........................................................................................................................................20

9.4 Review by anti-bribery compliance function ............................................................................................................21

10 Improvement .........................................................................................................................................................................................................21

10.1 Nonconformity and corrective action ..............................................................................................................................21

10.2 Continual improvement ...............................................................................................................................................................22

Annex A (informative) Guidance on the use of this document ...............................................................................................23

Bibliography .............................................................................................................................................................................................................................46

iv © ISO 2016 – All rights reserved
---------------------- Page: 6 ----------------------
SIST ISO 37001:2016
ISO 37001:2016(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,

as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the

Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.

The committee responsible for this document is Project Committee ISO/PC 278, Anti-bribery

management systems.
© ISO 2016 – All rights reserved v
---------------------- Page: 7 ----------------------
SIST ISO 37001:2016
ISO 37001:2016(E)
Introduction

Bribery is a widespread phenomenon. It raises serious social, moral, economic and political concerns,

undermines good governance, hinders development and distorts competition. It erodes justice,

undermines human rights and is an obstacle to the relief of poverty. It also increases the cost of doing

business, introduces uncertainties into commercial transactions, increases the cost of goods and

services, diminishes the quality of products and services, which can lead to loss of life and property,

destroys trust in institutions and interferes with the fair and efficient operation of markets.

Governments have made progress in addressing bribery through international agreements such as the

Organization for Economic Co-operation and Development Convention on Combating Bribery of Foreign

[15]

Public Officials in International Business Transactions and the United Nations Convention against

[14]

Corruption and through their national laws. In most jurisdictions, it is an offence for individuals to

engage in bribery and there is a growing trend to make organizations, as well as individuals, liable for

bribery.

However, the law alone is not sufficient to solve this problem. Organizations have a responsibility to

proactively contribute to combating bribery. This can be achieved by an anti-bribery management

system, which this document is intended to provide, and through leadership commitment to establishing

a culture of integrity, transparency, openness and compliance. The nature of an organization’s culture

is critical to the success or failure of an anti-bribery management system.

A well-managed organization is expected to have a compliance policy supported by appropriate

management systems to assist it in complying with its legal obligations and commitment to integrity.

An anti-bribery policy is a component of an overall compliance policy. The anti-bribery policy and

supporting management system helps an organization to avoid or mitigate the costs, risks and damage

of involvement in bribery, to promote trust and confidence in business dealings and to enhance its

reputation.

This document reflects international good practice and can be used in all jurisdictions. It is applicable to

small, medium and large organizations in all sectors, including public, private and not-for-profit sectors.

The bribery risks facing an organization vary according to factors such as the size of the organization,

the locations and sectors in which the organization operates, and the nature, scale and complexity of the

organization’s activities. This document specifies the implementation by the organization of policies,

procedures and controls which are reasonable and proportionate according to the bribery risks the

organization faces. Annex A provides guidance on implementing the requirements of this document.

Conformity with this document cannot provide assurance that no bribery has occurred or will occur

in relation to the organization, as it is not possible to completely eliminate the risk of bribery. However,

this document can help the organization implement reasonable and proportionate measures designed

to prevent, detect and respond to bribery.
In this document, the following verbal forms are used:
— “shall” indicates a requirement;
— “should” indicates a recommendation;
— “may” indicates a permission;
— “can” indicates a possibility or a capability.

Information marked as “NOTE” is for guidance in understanding or clarifying the associated

requirement.

This document conforms to ISO’s requirements for management system standards. These requirements

include a high level structure, identical core text, and common terms with core definitions, designed to

benefit users implementing multiple ISO management system standards. This document can be used

in conjunction with other management system standards (e.g. ISO 9001, ISO 14001, ISO/IEC 27001 and

ISO 19600) and management standards (e.g. ISO 26000 and ISO 31000).
vi © ISO 2016 – All rights reserved
---------------------- Page: 8 ----------------------
SIST ISO 37001:2016
INTERNATIONAL STANDARD ISO 37001:2016(E)
Anti-bribery management systems — Requirements with
guidance for use
1 Scope

This document specifies requirements and provides guidance for establishing, implementing,

maintaining, reviewing and improving an anti-bribery management system. The system can be stand-

alone or can be integrated into an overall management system. This document addresses the following

in relation to the organization’s activities:
— bribery in the public, private and not-for-profit sectors;
— bribery by the organization;

— bribery by the organization’s personnel acting on the organization’s behalf or for its benefit;

— bribery by the organization’s business associates acting on the organization’s behalf or for its

benefit;
— bribery of the organization;

— bribery of the organization’s personnel in relation to the organization’s activities;

— bribery of the organization’s business associates in relation to the organization’s activities;

— direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party).

This document is applicable only to bribery. It sets out requirements and provides guidance for a

management system designed to help an organization to prevent, detect and respond to bribery and

comply with anti-bribery laws and voluntary commitments applicable to its activities.

This document does not specifically address fraud, cartels and other anti-trust/competition offences,

money-laundering or other activities related to corrupt practices, although an organization can choose

to extend the scope of the management system to include such activities.

The requirements of this document are generic and are intended to be applicable to all organizations

(or parts of an organization), regardless of type, size and nature of activity, and whether in the public,

private or not-for-profit sectors. The extent of application of these requirements depends on the factors

specified in 4.1, 4.2 and 4.5.
NOTE 1 See Clause A.2 for guidance.

NOTE 2 The measures necessary to prevent, detect and mitigate the risk of bribery by the organization can be

different from the measures used to prevent, detect and respond to bribery of the organization (or its personnel

or business associates acting on the organization’s behalf). See A.8.4 for guidance.

2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
© ISO 2016 – All rights reserved 1
---------------------- Page: 9 ----------------------
SIST ISO 37001:2016
ISO 37001:2016(E)

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at http://www.iso.org/obp
— IEC Electropedia: available at http://www.electropedia.org/
3.1
bribery

offering, promising, giving, accepting or soliciting of an undue advantage of any value (which could

be financial or non-financial), directly or indirectly, and irrespective of location(s), in violation of

applicable law, as an inducement or reward for a person acting or refraining from acting in relation to

the performance (3.16) of that person’s duties

Note 1 to entry: The above is a generic definition. The meaning of the term “bribery” is as defined by the anti-

bribery law applicable to the organization (3.2) and by the anti-bribery management system (3.5) designed by the

organization.
3.2
organization

person or group of people that has its own functions with responsibilities, authorities and relationships

to achieve its objectives (3.11)

Note 1 to entry: The concept of organization includes, but is not limited to sole-trader, company, corporation, firm,

enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated

or not, public or private.

Note 2 to entry: For organizations with more than one operating unit, one or more of the operating units can be

defined as an organization.
3.3
interested party (preferred term)
stakeholder (admitted term)

person or organization (3.2) that can affect, be affected by, or perceive itself to be affected by a decision

or activity
Note 1 to entry: A stakeholder can be internal or external to the organization.
3.4
requirement
need that is stated and obligatory

Note 1 to entry: The core definition of “requirement” in ISO management system standards is “need or

expectation that is stated, generally implied or obligatory”. “Generally implied requirements” are not applicable

in the context of anti-bribery management.

Note 2 to entry: “Generally implied” means that it is custom or common practice for the organization and

interested parties that the need or expectation under consideration is implied.

Note 3 to entry: A specified requirement is one that is stated, for example in documented information.

3.5
management system

set of interrelated or interacting elements of an organization (3.2) to establish policies (3.10) and

objectives (3.11) and processes (3.15) to achieve those objectives

Note 1 to entry: A management system can address a single discipline or several disciplines.

Note 2 to entry: The management system elements include the organization’s structure, roles and responsibilities,

planning and operation.

Note 3 to entry: The scope of a management system may include the whole of the organization, specific and

identified functions of the organization, specific and identified sections of the organization, or one or more

functions across a group of organizations.
2 © ISO 2016 – All rights reserved
---------------------- Page: 10 ----------------------
SIST ISO 37001:2016
ISO 37001:2016(E)
3.6
top management

person or group of people who directs and controls an organization (3.2) at the highest level

Note 1 to entry: Top management has the power to delegate authority and provide resources within the

organization.

Note 2 to entry: If the scope of the management system (3.5) covers only part of an organization, then top

management refers to those who direct and control that part of the organization.

Note 3 to entry: Organizations can be organized depending on which legal framework they are obliged to operate

under and also according to their size, sector, etc. Some organizations have both a governing body (3.7) and top

management, while some organizations do not have responsibilities divided into several bodies. These variations,

both in respect of organization and responsibilities, can be considered when applying the requirements in

Clause 5.
3.7
governing body

group or body that has the ultimate responsibility and authority for an organization’s (3.2) activities,

governance and policies and to which top management (3.6) reports and by which top management is

held accountable

Note 1 to entry: Not all organizations, particularly small organizations, will have a governing body separate from

top management (see 3.6, Note 3 to entry).

Note 2 to entry: A governing body can include, but is not limited to, board of directors, committees of the board,

supervisory board, trustees or overseers.
3.8
anti-bribery compliance function

person(s) with responsibility and authority for the operation of the anti-bribery management system (3.5)

3.9
effectiveness
extent to which planned activities are realized and planned results achieved
3.10
policy

intentions and direction of an organization (3.2), as formally expressed by its top management (3.6) or

its governing body (3.7)
3.11
objective
result to be achieved
Note 1 to entry: An objective can be strategic, tactical or operational.

Note 2 to entry: Objectives can relate to different disciplines (such as financial, sales and marketing, procurement,

health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-

wide, project, product and process (3.15)).

Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an

operational criterion, as an anti-bribery objective, or by the use of other words with similar meaning (e.g. aim,

goal, or target).

Note 4 to entry: In the context of anti-bribery management systems (3.5), anti-bribery objectives are set by the

organization (3.2), consistent with the anti-bribery policy (3.10), to achieve specific results.

3.12
risk
effect of uncertainty on objectives (3.11)

Note 1 to entry: An effect is a deviation from the expected — positive or negative.

© ISO 2016 – All rights reserved 3
---------------------- Page: 11 ----------------------
SIST ISO 37001:2016
ISO 37001:2016(E)

Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or

knowledge of, an event, its consequence or likelihood.

Note 3 to entry: Risk is often characterized by reference to potential “events” (as defined in ISO Guide 73:2009,

3.5.1.3) and “consequences” (as defined in ISO Guide 73:2009, 3.6.1.3), or a combination of these.

Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including

changes in circumstances) and the associated “likelihood” (as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.

3.13
competence
ability to apply knowledge and skills to achieve intended results
3.14
documented information

information required to be controlled and maintained by an organization (3.2) and the medium on

which it is contained

Note 1 to entry: Documented information can be in any format and media, and from any source.

Note 2 to entry: Documented information can refer to:
— the management system (3.5), including related processes (3.15);

— information created in order for the organization to operate (documentation);

— evidence of results achieved (records).
3.15
process

set of interrelated or interacting activities which transforms inputs into outputs

3.16
performance
measurable result

Note 1 to entry: Performance can relate either to quantitative or qualitative findings.

Note 2 to entry: Performance can relate to the management of activities, processes (3.15), products (including

services), systems or organizations (3.2).
3.17
outsource (verb)

make an arrangement where an external organization (3.2) performs part of an organization’s function

or process (3.14)

Note 1 to entry: An external organization is outside the scope of the management system (3.5), although the

outsourced function or process is within the scope.

Note 2 to entry: The core text of ISO management system standards contains a definition and requirement in

relation to outsourcing, which is not used in this document, as outsourcing providers are included within the

definition of business associate (3.26).
3.18
monitoring
determining the status of a system, a process (3.15) or an activity
Note 1 to entry: To determine the status
...

NORME ISO
INTERNATIONALE 37001
Première édition
2016-10-15
Systèmes de management anti-
corruption — Exigences et
recommandations de mise en oeuvre
Anti-bribery management systems — Requirements with guidance for
use
Numéro de référence
ISO 37001:2016(F)
ISO 2016
---------------------- Page: 1 ----------------------
ISO 37001:2016(F)
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO 2016, Publié en Suisse

Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite ni utilisée

sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie, l’affichage sur

l’internet ou sur un Intranet, sans autorisation écrite préalable. Les demandes d’autorisation peuvent être adressées à l’ISO à

l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2016 – Tous droits réservés
---------------------- Page: 2 ----------------------
ISO 37001:2016(F)
Sommaire Page

Avant-propos ................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Domaine d’application ................................................................................................................................................................................... 1

2 Références normatives ................................................................................................................................................................................... 1

3 Termes et définitions ....................................................................................................................................................................................... 2

4 Contexte de l’organisme ................................................................................................................................................................................ 6

4.1 Compréhension de l’organisme et de son contexte ................................................................................................. 6

4.2 Compréhension des besoins et attentes des parties intéressées ................................................................ 7

4.3 Détermination du périmètre d’application du système de management anti-corruption .... 7

4.4 Système de management anti-corruption ....................................................................................................................... 7

4.5 Évaluation des risques de corruption ................................................................................................................................. 8

5 Leadership .................................................................................................................................................................................................................. 8

5.1 Leadership et engagement............................................................................................................................................................ 8

5.1.1 Organe de gouvernance ............................................................................................................................................. 8

5.1.2 Direction.................................................................................................................................................................................. 9

5.2 Politique anti-corruption ............................................................................................................................................................... 9

5.3 Rôles, responsabilités et autorités au sein de l’organisme ............................................................................10

5.3.1 Rôles et responsabilités ..........................................................................................................................................10

5.3.2 Fonction de conformité anti-corruption ..................................................................................................10

5.3.3 Délégation de la prise de décision .................................................................................................................11

6 Planification ...........................................................................................................................................................................................................11

6.1 Actions à mettre en œuvre face aux risques et opportunités ......................................................................11

6.2 Objectifs anti-corruption et planification des actions pour les atteindre .........................................11

7 Support ........................................................................................................................................................................................................................12

7.1 Ressources ...............................................................................................................................................................................................12

7.2 Compétences ..........................................................................................................................................................................................12

7.2.1 Généralités .........................................................................................................................................................................12

7.2.2 Processus relatif à l’emploi ..................................................................................................................................12

7.3 Sensibilisation et formation......................................................................................................................................................13

7.4 Communication ...................................................................................................................................................................................14

7.5 Informations documentées .......................................................................................................................................................15

7.5.1 Généralités .........................................................................................................................................................................15

7.5.2 Création et mise à jour des informations documentées .............................................................15

7.5.3 Maîtrise des informations documentées ..................................................................................................15

8 Réalisation des activités opérationnelles ................................................................................................................................16

8.1 Planification et maîtrise opérationnelles ......................................................................................................................16

8.2 Diligences raisonnables ................................................................................................................................................................16

8.3 Moyens de contrôle financiers ...............................................................................................................................................17

8.4 Moyens de contrôle non financiers ....................................................................................................................................17

8.5 Mise en œuvre de moyens de contrôle anti-corruption par les entités sur

lesquelles l’organisme exerce un contrôle et par les partenaires commerciaux ........................17

8.6 Engagements anti-corruption .................................................................................................................................................18

8.7 Cadeaux, marques d’hospitalité, dons et avantages similaires ..................................................................18

8.8 Gestion de l’inadéquation des moyens de contrôle anti-corruption .....................................................18

8.9 Signalement des inquiétudes ...................................................................................................................................................18

8.10 Enquête et traitement des cas de corruption ............................................................................................................19

9 Évaluation des performances ...............................................................................................................................................................20

9.1 Surveillance, mesure, analyse et évaluation ...............................................................................................................20

9.2 Audit interne ..........................................................................................................................................................................................20

9.3 Revue de direction ............................................................................................................................................................................21

9.3.1 Revue de direction (à son plus haut niveau) ........................................................................................21

© ISO 2016 – Tous droits réservés iii
---------------------- Page: 3 ----------------------
ISO 37001:2016(F)

9.3.2 Revue de l’organe de gouvernance ................................................................................................................22

9.4 Revue par la fonction de conformité anti-corruption ........................................................................................22

10 Amélioration ..........................................................................................................................................................................................................22

10.1 Non-conformité et actions correctives ............................................................................................................................22

10.2 Amélioration continue ...................................................................................................................................................................23

Annexe A (informative) Lignes directrices pour l’utilisation du présent document .......................................24

Bibliographie ...........................................................................................................................................................................................................................50

iv © ISO 2016 – Tous droits réservés
---------------------- Page: 4 ----------------------
ISO 37001:2016(F)
Avant-propos

L’ISO (Organisation internationale de normalisation) est une fédération mondiale d’organismes

nationaux de normalisation (comités membres de l’ISO). L’élaboration des Normes internationales est

en général confiée aux comités techniques de l’ISO. Chaque comité membre intéressé par une étude

a le droit de faire partie du comité technique créé à cet effet. Les organisations internationales,

gouvernementales et non gouvernementales, en liaison avec l’ISO participent également aux travaux.

L’ISO collabore étroitement avec la Commission électrotechnique internationale (IEC) en ce qui

concerne la normalisation électrotechnique.

Les procédures utilisées pour élaborer le présent document et celles destinées à sa mise à jour sont

décrites dans les Directives ISO/IEC, Partie 1. Il convient, en particulier de prendre note des différents

critères d’approbation requis pour les différents types de documents ISO. Le présent document a été

rédigé conformément aux règles de rédaction données dans les Directives ISO/IEC, Partie 2 (voir www.

iso.org/directives).

L’attention est appelée sur le fait que certains des éléments du présent document peuvent faire l’objet de

droits de propriété intellectuelle ou de droits analogues. L’ISO ne saurait être tenue pour responsable

de ne pas avoir identifié de tels droits de propriété et averti de leur existence. Les détails concernant

les références aux droits de propriété intellectuelle ou autres droits analogues identifiés lors de

l’élaboration du document sont indiqués dans l’Introduction et/ou dans la liste des déclarations de

brevets reçues par l’ISO (voir www.iso.org/brevets).

Les appellations commerciales éventuellement mentionnées dans le présent document sont données

pour information, par souci de commodité, à l’intention des utilisateurs et ne sauraient constituer un

engagement.

Pour une explication de la signification des termes et expressions spécifiques de l’ISO liés à l’évaluation

de la conformité, ou pour toute information au sujet de l’adhésion de l’ISO aux principes de l’Organisation

mondiale du commerce (OMC) concernant les obstacles techniques au commerce (OTC), voir le lien

suivant: www.iso.org/iso/fr/avant-propos.html

Le comité chargé de l’élaboration du présent document est le Comité de projet ISO/PC 278, Systèmes de

management anti-corruption.
© ISO 2016 – Tous droits réservés v
---------------------- Page: 5 ----------------------
ISO 37001:2016(F)
Introduction

La corruption est un phénomène répandu. Elle donne lieu à des préoccupations d’ordre social, moral,

politique et économique sérieuses, entrave la bonne gouvernance, fait obstacle au développement et

fausse la concurrence. Elle affaiblit la justice, interfère avec les droits de l’Homme et nuit à la lutte

contre la pauvreté. Elle augmente en outre le coût des affaires, introduit des incertitudes au sein des

transactions commerciales, accroît le coût des biens et des services, amoindrit la qualité des produits

et des services, des répercussions qui peuvent causer des décès ou des handicaps, décrédibiliser les

institutions et interférer avec l’équité et le fonctionnement efficace des marchés.

Les gouvernements ont fait des progrès dans la lutte contre la corruption grâce à la signature d’accords

internationaux, tels que la Convention sur la lutte contre la corruption d’agents publics étrangers dans

les transactions commerciales internationales de l’Organisation de Coopération et de Développement

[15] [14]

Économiques et la Convention des Nations Unies contre la corruption, et leur législation locale.

Dans la plupart des pays, la corruption est considérée comme un délit pour les individus. Les autorités

tendent par ailleurs de façon croissante à inclure des dispositions pour les personnes morales.

Cependant, la loi seule ne suffit pas pour résoudre ce problème. Les organismes ont la responsabilité

de contribuer de façon proactive à la lutte contre la corruption. Ils peuvent y parvenir au moyen d’un

système de management anti-corruption, que le présent document vise à fournir, et en s’engageant à

établir une culture d’intégrité, de transparence, d’ouverture et de conformité. La nature de la culture

d’un organisme est un facteur essentiel à la réussite ou à l’échec d’un système de management anti-

corruption.

On s’attend à ce qu’un organisme bien géré dispose d’une politique de conformité qui s’appuie sur

des systèmes de management appropriés qui l’assistent dans le respect de ses obligations légales et

de ses engagements en matière d’intégrité. Une politique anti-corruption fait partie d’une politique

de conformité globale. La politique anti-corruption et le système de management sous-jacent aident

les organismes à éviter ou à atténuer les coûts, les risques et les dommages de la corruption afin de

promouvoir la confiance dans le cadre de ses négociations commerciales et d’améliorer sa réputation.

Le présent document reflète les bonnes pratiques internationales et peut être utilisé dans tous les pays.

Il concerne les organismes de petite, moyenne et grande taille de tous les secteurs, dont les secteurs

public, privé et à but non lucratif. Les risques de corruption auxquels un organisme est exposé varient

en fonction de facteurs tels que la taille de l’organisme, les lieux et les secteurs dans lesquels l’organisme

opère, et la nature, l’échelle et la complexité des activités de l’organisme. Le présent document décrit

la mise en œuvre par l’organisme de politiques, de procédures et de moyens de contrôle raisonnables

et proportionnés aux risques de corruption auxquels l’organisme est exposé. L’Annexe A fournit des

préconisations sur la mise en œuvre des exigences du présent document.

La conformité au présent document ne garantit pas qu’aucun acte de corruption n’a ou n’aura lieu en

rapport avec l’organisme, car il n’est pas possible d’éliminer complètement le risque de corruption.

Néanmoins, le présent document peut aider les organismes à mettre en œuvre des mesures raisonnables

et proportionnées conçues pour prévenir, détecter et lutter contre la corruption.

Dans le présent document, les formes verbales suivantes sont utilisées:
— «doit» indique une exigence;
— «il convient que» indique une recommandation;
— «peut» indique une permission, une possibilité ou une capacité.

Les informations sous forme de «NOTE» sont fournies pour clarifier l’exigence associée ou en faciliter la

compréhension.

Le présent document est conforme aux exigences de l’ISO relatives aux normes de systèmes de

management. Ces exigences incluent une structure-cadre, un texte de base identique et des termes

communs avec des définitions de base, élaborés à l’attention des utilisateurs mettant en œuvre plusieurs

normes ISO de systèmes de management. Le présent document peut être utilisé conjointement avec

vi © ISO 2016 – Tous droits réservés
---------------------- Page: 6 ----------------------
ISO 37001:2016(F)

d’autres normes de systèmes de management (par exemple l’ISO 9001, l’ISO 14001, l’ISO/IEC 27001 et

l’ISO 19600) et d’autres normes de management (par exemple l’ISO 26000 et l’ISO 31000).

© ISO 2016 – Tous droits réservés vii
---------------------- Page: 7 ----------------------
NORME INTERNATIONALE ISO 37001:2016(F)
Systèmes de management anti-corruption — Exigences et
recommandations de mise en oeuvre
1 Domaine d’application

Le présent document définit des exigences et fournit des préconisations pour l’établissement, la mise

en œuvre, la tenue à jour, la revue et l’amélioration d’un système de management anti-corruption. Le

système peut être autonome ou intégré à un système de management global. Le présent document

couvre les aspects suivants en ce qui concerne les activités de l’organisme:
— corruption dans les secteurs public, privé et à but non lucratif;
— corruption par l’organisme;

— corruption par le personnel de l’organisme agissant pour le compte de l’organisme ou dans son

intérêt;

— corruption par les partenaires commerciaux de l’organisme agissant pour le compte de l’organisme

ou dans son intérêt;
— corruption de l’organisme;

— corruption du personnel de l’organisme dans le cadre des activités de l’organisme;

— corruption des partenaires commerciaux de l’organisme dans le cadre des activités de l’organisme;

— corruption directe et indirecte (par exemple, un pot-de-vin offert ou accepté par une tierce partie).

Le présent document est applicable à la corruption uniquement. Il définit des exigences et fournit des

préconisations pour les systèmes de management conçus pour aider les organismes à prévenir, détecter

et lutter contre la corruption, et à respecter les lois anti-corruption et leurs engagements volontaires

applicables à leurs activités.

Le présent document n’aborde pas spécifiquement la fraude, les ententes et autres délits anti-trust/de

concurrence, le blanchiment d’argent ou autres activités liées à des manœuvres frauduleuses, même

si l’organisme peut choisir d’étendre le périmètre du système de management afin d’inclure de telles

activités.

Les exigences du présent document sont génériques et destinées à s’appliquer à tous les organismes (ou

parties d’organisme), indépendamment du type, de la taille et de la nature de l’activité, qu’ils évoluent

dans le secteur public, privé ou à but non lucratif. L’étendue de l’application de ces exigences dépend des

facteurs décrits en 4.1, 4.2 et 4.5.
NOTE 1 Voir A.2 pour des préconisations.

NOTE 2 Les mesures nécessaires pour prévenir, détecter et atténuer le risque de corruption par l’organisme

peuvent différer des mesures utilisées pour prévenir, détecter et lutter contre la corruption de l’organisme (ou

de son personnel ou de ses partenaires commerciaux agissant pour le compte de l’organisme). Voir A.8.4 pour des

préconisations.
2 Références normatives
Le présent document ne contient aucune référence normative.
© ISO 2016 – Tous droits réservés 1
---------------------- Page: 8 ----------------------
ISO 37001:2016(F)
3 Termes et définitions

Pour les besoins du présent document, les termes et définitions suivants s’appliquent.

L’ISO et l’IEC tiennent à jour des bases de données terminologiques destinées à être utilisées en

normalisation, consultables aux adresses suivantes:
— ISO Online browsing platform: disponible à l’adresse http://www.iso.org/obp.
— IEC Electropedia: disponible à l’adresse http://www.electropedia.org/.
3.1
corruption

offre, promesse, don, acceptation ou sollicitation d’un avantage indu de toute valeur (financière ou

non financière), directement ou indirectement, indépendamment du ou des lieux, en violation des lois

applicables, pour inciter ou récompenser une personne à agir ou à ne pas agir dans le cadre de ses

fonctions

Note 1 à l’article: La définition ci-dessus est générique. Le sens du terme «corruption» est tel que défini par les

lois anti-corruption applicables à l’organisme (3.2) et par le système de management (3.5) anti-corruption conçu

par l’organisme.
3.2
organisme

personne ou groupe de personnes ayant un rôle avec les responsabilités, l’autorité et les relations lui

permettant d’atteindre ses objectifs (3.11)

Note 1 à l’article: Le concept d’organisme englobe sans s’y limiter, les travailleurs indépendants, les compagnies,

les sociétés, les firmes, les entreprises, les administrations, les partenariats, les organisations caritatives ou les

institutions, ou bien une partie ou une combinaison des entités précédentes, à responsabilité limitée ou ayant un

autre statut, de droit public ou privé.

Note 2 à l’article: Pour les organismes composés de plusieurs unités opérationnelles, une ou plusieurs de ces

unités opérationnelles peuvent être définies comme un organisme.
3.3
partie intéressée (terme recommandé)
partie prenante (terme admis)

personne ou organisme (3.2) qui peut soit influer sur une décision ou une activité, soit être influencé(e)

ou s’estimer influencé(e) par une décision ou une activité

Note 1 à l’article: Une partie intéressée peut être interne ou externe à l’organisme.

3.4
exigence
besoin formulé et obligatoire

Note 1 à l’article: La définition principale d’«exigence» dans les normes ISO de systèmes de management est

«besoin ou attente formulé, généralement implicite ou obligatoire». La notion d’«exigences généralement

implicites» n’est pas applicable dans le contexte du management anti-corruption.

Note 2 à l’article: «Généralement implicite» signifie qu’il est habituel ou courant, pour l’organisme et les parties

intéressées, que le besoin ou l’attente en question soit implicite.

Note 3 à l’article: Une exigence spécifiée est une exigence formulée, par exemple une information documentée.

3.5
système de management

ensemble d’éléments corrélés ou en interaction d’un organisme (3.2), utilisés pour établir des politiques

(3.10), des objectifs (3.11) et des processus (3.15) de façon à atteindre lesdits objectifs

Note 1 à l’article: Un système de management peut traiter d’un seul ou de plusieurs domaines.

2 © ISO 2016 – Tous droits réservés
---------------------- Page: 9 ----------------------
ISO 37001:2016(F)

Note 2 à l’article: Les éléments du système de management comprennent la structure, les rôles et responsabilités,

la planification et le fonctionnement de l’organisme.

Note 3 à l’article: Le périmètre d’un système de management peut comprendre l’ensemble de l’organisme, des

fonctions ou des sections spécifiques et identifiées de l’organisme, ou une ou plusieurs fonctions dans un groupe

d’organismes.
3.6
direction

personne ou groupe de personnes qui oriente et dirige un organisme (3.2) au plus haut niveau

Note 1 à l’article: La direction a le pouvoir de déléguer son autorité et de fournir des ressources au sein de

l’organisme.

Note 2 à l’article: Si le périmètre du système de management (3.5) ne couvre qu’une partie de l’organisme, alors la

direction s’adresse à ceux qui orientent et dirigent cette partie de l’organisme.

Note 3 à l’article: La structure des organismes peut dépendre du cadre légal qu’ils sont obligés de respecter,

mais aussi de leur taille, secteur, etc. Certains organismes disposent d’un organe de gouvernance (3.7) et d’une

direction, tandis que d’autres ne répartissent pas les responsabilités entre plusieurs organes. Ces variations, à

la fois en termes d’organisation et de responsabilités, peuvent être prises en compte lors de l’application des

exigences de l’Article 5.
3.7
organe de gouvernance

groupe ou organe qui détient la responsabilité et l’autorité ultimes des activités, de la gouvernance et

des politiques d’un organisme (3.2), à qui la direction (3.6) rend compte de ses décisions et par lequel

celle-ci est tenue responsable

Note 1 à l’article: Tous les organismes, particulièrement les petits organismes, ne disposeront pas d’un organe de

gouvernance distinct de la direction (voir 3.6, Note 3 à l’article).

Note 2 à l’article: Un organe de gouvernance peut notamment comprendre le conseil d’administration, les comités

du conseil, le conseil de surveillance, les administrateurs ou les superviseurs.
3.8
fonction de conformité anti-corruption

personne(s) qui détien(en)t la responsabilité et l’autorité du fonctionnement du système de management

(3.5) anti-corruption
3.9
efficacité

niveau de réalisation des activités planifiées et d’obtention des résultats escomptés

3.10
politique

intentions et orientations d’un organisme (3.2), telles qu’elles sont officiellement formulées par sa

direction (3.6) ou son organe de gouvernance (3.7)
3.11
objectif
résultat à atteindre
Note 1 à l’article: Un objectif peut être stratégique, tactique ou opérationnel.

Note 2 à l’article: Les objectifs peuvent se rapporter à différents domaines (tels que finance, ventes et marketing,

achats, santé, sécurité, et environnement) et peuvent s’appliquer à divers niveaux [au niveau stratégique, à un

niveau concernant l’organisme dans son ensemble ou afférant à un projet, un produit ou un processus (3.15), par

exemple].

Note 3 à l’article: Un objectif peut être exprimé de différentes manières, par exemple par un résultat escompté,

un besoin, un critère opérationnel, en tant qu’objectif anti-corruption ou par l’utilisation d’autres termes ayant la

même signification (par exemple finalité, but ou cible).
© ISO 2016 – Tous droits réservés 3
---------------------- Page: 10 ----------------------
ISO 37001:2016(F)

Note 4 à l’article: Dans le contexte des systèmes de management (3.5) anti-corruption, les objectifs anti-corruption

sont fixés par l’organisme (3.2), en cohérence avec sa politique (3.10) anti-corruption, en vue d’obtenir des

résultats spécifiques.
3.12
risque
effet de l’incertitude sur l’atteinte des objectifs (3.11)

Note 1 à l’article: Un effet est un écart, positif ou négatif, par rapport à une attente.

Note 2 à l’article: L’incertitude est l’état, même partiel, de manque d’information qui entrave la compréhension ou

la connaissance d’un événement, de ses conséquences ou de sa vraisemblance.

Note 3 à l’article: Un risque est souvent caractérisé par référence à des «événements» potentiels (tels que définis

dans le Guide ISO 73:2009, 3.5.1.3) et à des «conséquences» également potentielles (telles que définies dans le

Guide ISO 73:2009, 3.6.1.3), ou par référence à une combinaison des deux.

Note 4 à l’article: Un risque est souvent exprimé en termes de combinaison des conséquences d’un événement (y

compris des changements de circonstances) et de la «vraisemblance» de son occurrence (telle que définie dans le

Guide ISO 73:2009, 3.6.1.1).
3.13
compétence

aptitude à mettre en pratique des connaissances et des savoir-faire pour obtenir les résultats escomptés

3.14
information documentée

information devant être maîtrisée et tenue à jour par un organisme (3.2) ainsi que le support sur lequel

elle figure

Note 1 à l’article: Les informations documentées peuvent se présenter sous n’importe quel format et sur tous

supports et peuvent provenir de toute source.
Note 2 à l’article: Les informations documentées peuvent se rapporter:
— au système de management (3.5), y compris les processus (3.15) connexes;

— aux informations créées en vue du fonctionnement de l’organisme (documentation);

— aux preuves des résultats obtenus (enregistrements).
3.15
processus

ensemble d’activités corrélées ou en interaction qui transforme des éléments d’entrée en éléments

de sortie
3.16
performance
résultat mesurable
Note 1 à l’article: Les per
...

NORMA ISO
INTERNACIONAL 37001
Primera edición
Traducción oficial
2016-10-15
Official translation
Traduction officielle
Sistemas de gestión antisoborno —
Requisitos con orientación para su uso
Anti-bribery management systems — Requirements with guidance for
use
Systèmes de management anti-corruption — Exigences et
recommandations de mise en oeuvre
Publicado por la Secretaría Central de ISO en Ginebra, Suiza, como
traducción oficial en español avalada por el Grupo de Trabajo Spanish
Translation Task Force (STTF), que ha certificado la conformidad en
relación con las versiones inglesa y francesa.
Número de referencia
ISO 37001:2016 (traducción oficial)
ISO 2016
---------------------- Page: 1 ----------------------
ISO 37001:2016 (traducción oficial)
DOCUMENTO PROTEGIDO POR COPYRIGHT
© ISO 2016, Publicado en Suiza

Reservados los derechos de reproducción. Salvo prescripción diferente, no podrá reproducirse ni utilizarse ninguna parte de

esta publicación bajo ninguna forma y por ningún medio, electrónico o mecánico, incluidos el fotocopiado, o la publicación en

Internet o una Intranet, sin la autorización previa por escrito. La autorización puede solicitarse a ISO en la siguiente dirección o

al organismo miembro de ISO en el país solicitante.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
Traducción oficial/Official translation/Traduction officielle
ii © ISO 2016 – Todos los derechos reservados
---------------------- Page: 2 ----------------------
ISO 37001:2016 (traducción oficial)
Índice Página

Prólogo ...............................................................................................................................................................................................................................................v

Introducción .............................................................................................................................................................................................................................vii

1 Objeto y campo de aplicación.................................................................................................................................................................. 1

2 Referencias normativas ................................................................................................................................................................................. 1

3 Términos y definiciones ................................................................................................................................................................................ 2

4 Contexto de la organización ...................................................................................................................................................................... 6

4.1 Comprensión de la organización y de su contexto ................................................................................................... 6

4.2 Comprensión de las necesidades y expectativas de las partes interesadas ....................................... 7

4.3 Determinación del alcance del sistema de gestión antisoborno .................................................................. 7

4.4 Sistema de gestión antisoborno ............................................................................................................................................... 7

4.5 Evaluación del riesgo de soborno ........................................................................................................................................... 7

5 Liderazgo ...................................................................................................................................................................................................................... 8

5.1 Liderazgo y compromiso ................................................................................................................................................................ 8

5.1.1 Órgano de gobierno ....................................................................................................................................................... 8

5.1.2 Alta dirección ...................................................................................................................................................................... 8

5.2 Política antisoborno ........................................................................................................................................................................... 9

5.3 Roles, responsabilidades y autoridades en la organización .........................................................................10

5.3.1 Roles y responsabilidades ....................................................................................................................................10

5.3.2 Función de cumplimiento antisoborno .....................................................................................................10

5.3.3 Delegación de la toma de decisiones ...........................................................................................................10

6 Planificación...........................................................................................................................................................................................................11

6.1 Acciones para tratar riesgos y oportunidades ..........................................................................................................11

6.2 Objetivos antisoborno y planificación para lograrlos ........................................................................................11

7 Apoyo .............................................................................................................................................................................................................................12

7.1 Recursos.....................................................................................................................................................................................................12

7.2 Competencia ...........................................................................................................................................................................................12

7.2.1 Generalidades ..................................................................................................................................................................12

7.2.2 Proceso de contratación .........................................................................................................................................12

7.3 Toma de conciencia y formación ..........................................................................................................................................13

7.4 Comunicación ........................................................................................................................................................................................14

7.5 Información documentada ........................................................................................................................................................14

7.5.1 Generalidades ..................................................................................................................................................................14

7.5.2 Creación y actualización .........................................................................................................................................15

7.5.3 Control de la información documentada .................................................................................................15

8 Operación ..................................................................................................................................................................................................................15

8.1 Planificación y control operacional ....................................................................................................................................15

8.2 Debida diligencia ................................................................................................................................................................................16

8.3 Controles financieros ......................................................................................................................................................................16

8.4 Controles no financieros ..............................................................................................................................................................16

8.5 Implementación de los controles antisoborno por organizaciones controladas y

por socios de negocios...................................................................................................................................................................16

8.6 Compromisos antisobornos ......................................................................................................................................................17

8.7 Regalos, hospitalidad, donaciones y beneficios similares ..............................................................................17

8.8 Gestión de los controles antisoborno inadecuados ..............................................................................................17

8.9 Planteamiento de inquietudes ................................................................................................................................................18

8.10 Investigar y abordar el soborno ............................................................................................................................................18

9 Evaluación del desempeño......................................................................................................................................................................19

9.1 Seguimiento, medición, análisis y evaluación ...........................................................................................................19

9.2 Auditoría interna ................................................................................................................................................................................19

9.3 Revisión por la dirección .............................................................................................................................................................20

9.3.1 Revisión por la alta dirección .............................................................................................................................20

Traducción oficial/Official translation/Traduction officielle
© ISO 2016 – Todos los derechos reservados iii
---------------------- Page: 3 ----------------------
ISO 37001:2016 (traducción oficial)

9.3.2 Revisión por el órgano de gobierno .............................................................................................................21

9.4 Revisión por la función de cumplimiento antisoborno .....................................................................................21

10 Mejora ...........................................................................................................................................................................................................................22

10.1 No conformidades y acciones correctivas ....................................................................................................................22

10.2 Mejora continua ..................................................................................................................................................................................22

Anexo A (informativo) Orientación sobre el uso de esta Norma Internacional ....................................................23

Bibliografía ................................................................................................................................................................................................................................48

Traducción oficial/Official translation/Traduction officielle
iv © ISO 2016 – Todos los derechos reservados
---------------------- Page: 4 ----------------------
ISO 37001:2016 (traducción oficial)
Prólogo

ISO (Organización Internacional de Normalización) es una federación mundial de organismos

nacionales de normalización (organismos miembros de ISO). El trabajo de preparación de las normas

internacionales normalmente se realiza a través de los comités técnicos de ISO. Cada organismo

miembro interesado en una materia para la cual se haya establecido un comité técnico, tiene el derecho

de estar representado en dicho comité. Las organizaciones internacionales, públicas y privadas, en

coordinación con ISO, también participan en el trabajo. ISO colabora estrechamente con la Comisión

Electrotécnica Internacional (IEC) en todas las materias de normalización electrotécnica.

En la Parte 1 de las Directivas ISO/IEC se describen los procedimientos utilizados para desarrollar

esta norma y para su mantenimiento posterior. En particular debería tomarse nota de los diferentes

criterios de aprobación necesarios para los distintos tipos de documentos ISO. Esta norma se redactó

de acuerdo a las reglas editoriales de la Parte 2 de las Directivas ISO/IEC. www .iso .org/ directives.

Se llama la atención sobre la posibilidad de que algunos de los elementos de este documento puedan

estar sujetos a derechos de patente. ISO no asume la responsabilidad por la identificación de cualquiera

o todos los derechos de patente. Los detalles sobre cualquier derecho de patente identificado durante

el desarrollo de esta norma se indican en la introducción y/o en la lista ISO de declaraciones de patente

recibidas. www .iso .org/ patents.

Cualquier nombre comercial utilizado en esta norma es información que se proporciona para comodidad

del usuario y no constituye una recomendación.

Para obtener una explicación sobre el significado de los términos específicos de ISO y expresiones

relacionadas con la evaluación de la conformidad, así como información de la adhesión de ISO a los

principios de la Organización Mundial del Comercio (OMC) respecto a los Obstáculos Técnicos al

Comercio (OTC), véase la siguiente dirección: http:// www .iso .org/ iso/ foreword .html.

El comité responsable de esta norma es Comité de Proyecto ISO/PC 278, Sistemas de gestión antisoborno.

Traducción oficial/Official translation/Traduction officielle
© ISO 2016 – Todos los derechos reservados v
---------------------- Page: 5 ----------------------
ISO 37001:2016 (traducción oficial)
Prólogo de la versión en español

Esta Norma Internacional ha sido traducida por el Grupo de Trabajo Spanish Translation Task Force

(STTF) del Comité Técnico ISO/PC 278, Sistemas de gestión antisoborno, en el que participan represen-

tantes de los organismos nacionales de normalización y representantes del sector empresarial de los

siguientes países:

Argentina, Colombia, Costa Rica, Cuba, Ecuador, España, Guatemala, México, Perú y Uruguay.

Durante la labor del Grupo de Trabajo no se llegó al consenso para la traducción de los términos bribery

risk evaluation y bribery risk assesment. Se resolvió que la traducción en español de la norma se acoja a la

traducción oficial de la norma en francés, en la que se utiliza una sola traducción para ambos términos.

Traducción oficial/Official translation/Traduction officielle
vi © ISO 2016 – Todos los derechos reservados
---------------------- Page: 6 ----------------------
ISO 37001:2016 (traducción oficial)
Introducción

El soborno es un fenómeno generalizado que plantea serias inquietudes sociales, morales, económicas

y políticas, socava el buen gobierno, obstaculiza el desarrollo y distorsiona la competencia. Erosiona la

justicia, socava los derechos humanos y es un obstáculo para el alivio de la pobreza. También aumenta

el costo al hacer negocios, introduce incertidumbres en las transacciones comerciales, aumenta el costo

de los bienes y servicios, disminuye la calidad de los productos y servicios, lo que puede conducir a

la pérdida de vidas y bienes, destruye la confianza en las instituciones e interfiere con el correcto y

eficiente funcionamiento de los mercados.

Los gobiernos han hecho progresos en el tratamiento del soborno a través de acuerdos internacionales

tales como la Convención para Combatir el Cohecho de Funcionarios Públicos Extranjeros en

Transacciones Comerciales Internacionales de la Organización para la Cooperación y el Desarrollo

[15] [14]

Económicos y la Convención de las Naciones Unidas contra la Corrupción y a través de sus

leyes nacionales. En la mayoría de las jurisdicciones, constituye un delito el hecho de que las personas

participen en sobornos y hay una tendencia cada vez mayor para hacer que las organizaciones, así como

las personas, sean responsables de los sobornos.

Sin embargo, la ley por sí sola no es suficiente para resolver este problema. Por lo tanto, las organiza-

ciones tienen la responsabilidad de contribuir proactivamente en la lucha contra el soborno. Esto se

puede lograr a través de un sistema de gestión antisoborno, el cual se pretende proporcionar por medio

de este documento y a través del compromiso de liderazgo para el establecimiento de una cultura de

integridad, transparencia, honestidad y cumplimiento. La naturaleza de la cultura de una organización

es crítica para el éxito o el fracaso de un sistema de gestión antisoborno.

Una organización bien gestionada debe tener una política de cumplimiento que se apoye en sistemas

de gestión adecuados que le ayuden a cumplir sus obligaciones legales y sus compromisos con la

integridad. Una política antisoborno es un componente de una política global de cumplimiento. La

política antisoborno y el sistema de gestión de apoyo ayudan a la organización a evitar o mitigar los

costos, riesgos y daños de involucrarse en el soborno, a promover la confianza y la seguridad en las

transacciones comerciales y a mejorar su reputación.

Este documento refleja las buenas prácticas internacionales y puede ser utilizado en todas las juris-

dicciones. Es aplicable a las organizaciones pequeñas, medianas y grandes en todos los sectores,

incluidos los sectores público, privado y sin fines de lucro. Los riesgos de soborno que enfrenta una

organización varían en función de factores tales como el tamaño de la organización, los lugares y

sectores en los que opera la organización y la naturaleza, magnitud y complejidad de sus actividades.

Este documento especifica la implementación por parte de la organización de las políticas, procedi-

mientos y controles que sean razonables y proporcionales de acuerdo con los riesgos de soborno a los

que se enfrenta la organización. El Anexo A proporciona orientación sobre la implementación de los

requisitos de este documento.

La conformidad con este documento no garantiza que el soborno no haya ocurrido o no vaya a ocurrir

en relación con la organización, ya que no es posible eliminar por completo el riesgo de soborno. Sin

embargo, este documento puede ayudar a la organización a implementar medidas razonables y

proporcionales para prevenir, detectar y enfrentar el soborno.
En este documento, se utilizan las siguientes formas verbales:
— “debe” indica un requisito;
— “debería” indica una recomendación;
— “puede” indica un permiso, una posibilidad o una capacidad;

La información identificada como “NOTA” se presenta a modo de orientación para la compresión o

clarificación del requisito correspondiente.

Este documento es conforme con los requisitos de ISO para normas de sistemas de gestión. Estos

requisitos incluyen una estructura de alto nivel, texto esencial idéntico y términos comunes con

Traducción oficial/Official translation/Traduction officielle
© ISO 2016 – Todos los derechos reservados vii
---------------------- Page: 7 ----------------------
ISO 37001:2016 (traducción oficial)

definiciones esenciales diseñados para beneficiar a los usuarios en la implementación de múltiples

normas ISO de sistemas de gestión. Este documento puede ser usado en conjunto con otras normas

de sistemas de gestión (por ejemplo, ISO 9001, ISO 14001, ISO/IEC 27001 e ISO 19600), y normas de

gestión (por ejemplo, ISO 26000 e ISO 31000).
Traducción oficial/Official translation/Traduction officielle
viii © ISO 2016 – Todos los derechos reservados
---------------------- Page: 8 ----------------------
NORMA INTERNACIONAL ISO 37001:2016 (traducción oficial)
Sistemas de gestión antisoborno — Requisitos con
orientación para su uso
1 Objeto y campo de aplicación

Este documento especifica los requisitos y proporciona una guía para establecer, implementar,

mantener, revisar y mejorar un sistema de gestión antisoborno. El sistema puede ser independiente

o puede estar integrado en un sistema de gestión global. En este documento se aborda lo siguiente en

relación con las actividades de la organización:
— soborno en los sectores público, privado y sin fines de lucro;
— soborno por parte de la organización;

— soborno por parte de personal de la organización que actúa en nombre de la organización o para su

beneficio;

— soborno por parte de socios de negocios de la organización que actúan en nombre de la organiza ción

o para su beneficio;
— soborno a la organización;

— soborno del personal de la organización en relación con las actividades de la organización;

— soborno de los socios de negocios de la organización en relación con las actividades de la organización;

— soborno directo e indirecto (por ejemplo, un soborno ofrecido o aceptado por o a través de un

tercero.

Este documento es aplicable solo para el soborno. En él se establecen los requisitos y se proporciona

una guía para un sistema de gestión diseñado para ayudar a una organización a prevenir, detectar y

enfrentar al soborno y cumplir con las leyes antisoborno y los compromisos voluntarios aplicables a sus

actividades.

Este documento no aborda específicamente de fraude, carteles y otros delitos de antimonopolio y

competencia, el lavado de dinero u otras actividades relacionadas con las prácticas corruptas a pesar de

que una organización puede optar por ampliar el alcance del sistema de gestión para incluir este tipo de

actividades.

Los requisitos de este documento son genéricos y se pretende que sean aplicables a todas las organiza-

ciones (o partes de una organización), independientemente del tipo, tamaño y naturaleza de la actividad,

ya sea en los sectores público, privado o sin fines de lucro. El grado de aplicación de estos requisitos

depende de los factores especificados en 4.1, 4.2 y 4.5.
NOTA 1 Véase el Capítulo A.2 para orientación.

NOTA 2 Las medidas necesarias para prevenir, detectar y mitigar el riesgo de soborno por parte de la organi-

zación pueden ser diferentes de las medidas utilizadas para prevenir, detectar y enfrentar al soborno de la

organización (de su personal, o socios de negocios que actúan en nombre de la organización). Véase el aparta-

do A.8.4 para recibir orientación.
2 Referencias normativas
No se citan referencias normativas en este documento.
Traducción oficial/Official translation/Traduction officielle
© ISO 2016 – Todos los derechos reservados 1
---------------------- Page: 9 ----------------------
ISO 37001:2016 (traducción oficial)
3 Términos y definiciones

Para los fines de este documento, se aplican los siguientes términos y definiciones.

ISO e IEC mantienen bases de datos de términos para su uso en normalización en las siguientes

direcciones:

— Plataforma de navegación en línea ISO: disponible en http:// www .iso .org/ obp

— IEC Electropedia: disponible en http:// www .electropedia .org/
3.1
soborno

oferta, promesa, entrega, aceptación o solicitud de una ventaja indebida de cualquier valor (que puede

ser de naturaleza financiera o no financiera), directamente o indirectamente, e independiente de su

ubicación, en violación de la ley aplicable, como incentivo o recompensa para que una persona actúe o

deje de actuar en relación con el desempeño (3.16) de las obligaciones de esa persona

Nota 1 a la entrada: Lo anterior es una definición genérica. El significado del término “soborno” es el definido por

las leyes antisoborno aplicables a la organización (3.2) y por el sistema de gestión (3.5) antisoborno diseñado por

la organización.
3.2
organización

persona o grupo de personas que tienen sus propias funciones con responsabilidades, autoridades y

relaciones para el logro de sus objetivos (3.11)

Nota 1 a la entrada: El concepto de organización incluye, entre otros, un trabajador independiente, compañía,

corporación, firma, empresa, autoridad, sociedad, organización benéfica o institución, o una parte o combinación

de estas, ya estén constituidas o no, públicas o privadas.

Nota 2 a la entrada: Para organizaciones con más de una unidad operativa, una o más de ellas pueden ser definidas

como una organización.
3.3
parte interesada

persona u organización (3.2) que puede afectar, verse afectada, o percibirse como afectada por una

decisión o actividad

Nota 1 a la entrada: Una parte interesada puede ser interna o externa a la organización.

3.4
requisito
necesidad que está establecida y es obligatoria

Nota 1 a la entrada: La definición esencial de “requisito” en normas ISO de sistemas de gestión es “necesidad

o expectativa establecida, generalmente implícita u obligatoria”. La parte de los “requisitos generalmente

implícitos” no es aplicable en el contexto de gestión antisoborno.

Nota 2 a la entrada: “Generalmente implícita” significa que es una costumbre o una práctica común de la organi-

zación o partes interesadas que la necesidad o expectativa bajo consideración es implícita.

Nota 3 a la entrada: Un requisito específico es aquel que es establecido, por ejemplo, en la información docu-

mentada.
3.5
sistema de gestión

conjunto de elementos de una organización (3.2) interrelacionados o que interactúan para establecer

políticas (3.10) , objetivos (3.11) y procesos (3.15) para lograr estos objetivos

Nota 1 a la entrada: Un sistema de gestión puede tratar una sola disciplina o varias disciplinas.

Traducción oficial/Official translation/Traduction officielle
2 © ISO 2016 – Todos los derechos reservados
---------------------- Page: 10 ----------------------
ISO 37001:2016 (traducción oficial)

Nota 2 a la entrada: Los elementos del sistema de gestión establecen la estructura de la organización, los roles y

las responsabilidades, la planificación y la operación.

Nota 3 a la entrada: El alcance de un sistema de gestión puede incluir la totalidad de la organización, funciones

específicas e identificadas de la organización, secciones específicas e identificadas de la organización, o una o

más funciones dentro de un grupo de organizaciones.
3.6
alta dirección

persona o grupo de personas que dirigen y controlan una organización (3.2) al más alto nivel

Nota 1 a la entrada: La alta dirección tiene el poder para delegar autoridad y proporcionar recursos dentro de la

organización.

Nota 2 a la entrada: Si el alcance del sistema de gestión (3.5) comprende solo una parte de la organización,

entonces la alta dirección se refiere a quienes dirigen y controlan esa parte de la organización.

Nota 3 a la entrada: Las organizaciones pueden organizarse dependiendo del marco legal bajo el cual están

obligadas a operar y también de acuerdo a su tamaño, sector, etc. Algunas organizaciones poseen un órgano de

gobierno (3.7) como alta dirección (3.6), mientras que algunas organizaciones no tienen divididas las responsabi-

lidades en varios órganos. Estas variaciones, tanto en lo que se refiere a la organización como a las responsabi-

lidades, pueden ser consideradas cuando se aplican los requisitos en el Capítulo 5.

3.7
órgano de gobierno

grupo u órgano que tiene la responsabilidad y autoridad final respecto de las actividades, la gobernanza

y las políticas de una organización (3.2), y al cual la alta dirección (3.6) informa y por el cual rinde cuentas

Nota 1 a la entrada: No todas las organizaciones, especialmente las organizaciones pequeñas, tendrán un órgano

de gobierno independiente de la alta dirección (véase 3.6, Nota 3 a la entrada).

Nota 2 a la entrada: Un órgano de gobierno puede incluir pero no está limitado a un consejo directivo, comités de

control, consejo de control, directores y supervisores.
3.8
función de cumplimiento antisoborno

personas con responsabilidad y autoridad para la operación del sistema de gestión (3.5) antisoborno

3.9
eficacia

grado en el cual se realizan las actividades planificadas y se logran los resultados planificados

3.10
política

intenciones y dirección de una organización (3.2), como las expresa formalmente su alta dirección (3.6)

o su órgano de gobierno (3.7)
3.11
objetivo
resultado a lograr
Nota 1 a la entrada: Un objetivo puede ser estratégico, táctico u operativo.

Nota 2 a la entrada: Los objetivos pueden referirse a diferentes disciplinas (tales como objetivos financieros,

ventas y marketing, compras, de salud y seguridad y ambientales), y se pueden aplicar en diferentes niveles

[como estratégicos, para toda la organización, para el proyecto, el producto y el proceso (3.15)].

Nota 3 a la entrada: Un objetivo se puede expresar de otras maneras, por ejemplo, como un resultado previsto,

un propósito, un criterio operativo, un objetivo antisoborno, o mediante el uso de términos con un significado

similar (por ejemplo, fin o meta).

Nota 4 a la entrada: En el contexto de sistemas de gestión (3.5) antisoborno, la organización (3.2) establece los

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.