• Anti-Bribery I Risk I Compliance Management

What are ISO 37001 Certification Process Steps?

June 28, 2021
What are ISO 37001 Certification Process Steps?

ISO 37001:2016 Anti-Bribery Management System Certification is critical for organisations in the public, private and non-profit sectors. After all, consider the benefits: Certification adds a distinct level of credibility to the organisation’s management systems and ensures that the organisation implements a viable anti-bribery management program utilising widely accepted controls and systems.

It assures management, investors, business associates, personnel and other stakeholders that the organisation is actively pursuing internationally recognised and accepted processes to prevent bribery and corruption. ISO 37001:2016 certification also protects the organisation, its assets, shareholders and directors from the effects of bribery. But what, exactly, is the process for getting ISO 37001:2016 certified by ABAC Group? Once your organisation has submitted questionnaire information and completed the approval and contract stage, the certification cycle is ready to begin.

Step 1: Audit confirmation

An audit plan will be developed with your organisation and confirmed to the Certification’s Body Assessment Team at least three months before the organisation’s first audit.

Step 2: Pre-assessment audit (optional)

The organisation can opt to perform a pre-assessment audit to identify any possible gaps between its current management system and the standard requirements. This audit is optional and helps the organisation check its preparedness for the stage 1 and 2 assessments by identifying any major non-conformities that have not been addressed.

Step 3: Stage 1 audit

Review the results of the audit, including:

  • General observations
  • Non-conformities (major or minor, see below)

Minor non-conformities: These are not seen as serious. The organisation must complete an internal Corrective Action Plan (CAP) before Stage 2. CAP is not required to be sent to the Assessment Team at Stage 1.

Major non-conformities: These are more serious. The organisation will need to submit a CAP within ten days of receiving the audit report, with all actions scheduled to be completed before Stage 2. The CAP should be sent to the Assessment Team. The major non-conformities raised during Stage 1 will be re-assessed during Stage 2 Audit.

Step 4: Stage 2 audit

This is an on-site audit and takes place after the organisation has successfully completed Stage 1 and corrected any major non-conformities identified during the Stage 1 audit. Stage 2 confirms that the organisation’s management system is fully aligned to the standard. The evaluation is of management system implementation and its effectiveness.

Outcome: The audit report will detail the following:

  • Any positive observations
  • Opportunities for improvement – suggestions for improvement and any findings that could lead to potential non-conformities.
  • Non-conformities (Major or Minor)
  • Recommendation for Certification

Minor non-conformities: The organisation must complete an internal Corrective Action Plan (CAP) and submit this to the Assessment Team within 45 working days of receiving the audit report. The Assessment Team will review the CAP; it must detail the non-conformity, the cause, the proposed corrective action, who is responsible and the date the action will be implemented. Based on the evaluation of CAP, the recommendation for certification will be made.

For minor non-conformities, if an organisation has a corrective action procedure, this will not delay the certificate.

Major non-conformities: The organisation must complete an internal Corrective Action Plan (CAP) and submit it within 90 days (or 180 days depending on the number and risk of major non-conformities) of receiving the audit report be sent to the auditor.

Step 5: Follow up Audit (optional)

If a major non-conformity is raised or remains outstanding from Stage 1, an additional visit will need to be booked. For major non-conformity raised during Stage 2, a revisit will be required within 30 days of submitting the CAP to confirm the implementation of an effective CAP.

Step 6: Awarding of Certificate

If the organisation is compliant with the conditions of the standard, a recommendation for certification will be made.

  • For minor non-conformities: If an organisation has a CAP in place, this will not delay the certificate. The certificate is granted within 04 weeks from the time of CAP submission.
  • For major non-conformities: the organisation needs to submit and implement CAP within 180 days maximum. Once the auditor has verified the CAP, the certificate is granted within 6 weeks (from the time of CAP submission by the Client). However, all major non-conformities will need to be addressed before a certificate can be published.

Step 7: Continual improvement and surveillance audits

Surveillance is planned over three years and will ensure that the organisation still complies with the standard.

Step 8: Re-certification Audit

The registration period is three years from the date on the certificate. After the initial registration period is completed, renewing your Anti-Bribery Management System Certification is relatively seamless. Once the second surveillance visit has been completed, you will be sent a proposal for registration renewal/re-certification detailing the process and associated costs along with assessment days for the next three years. Re-certification audit will require Stage 1 and Stage 2 audit. The depth of the audit and time required would be determined as per your performance (during the certification period) and any planned changes to your system. It’s that easy. Now is the time to move forward with ISO 37001:2016 certification.

What comes next?

ISO 37001:2016 Anti-Bribery Management System certification is offered under CRI Group’s ABAC® Centre of Excellence, an independent certification body established for Anti-Bribery Management System training and certification, Compliance Management System and Risk Management System certification. The program will be tailored to your organisation’s needs and requirements. For assistance in developing and implementing a fraud prevention strategy, contact ABAC today or get a FREE QUOTE now!

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification