Contribute to International Efforts to Combat Bribery

ISO 37001 is an internationally recognised standard that defines requirements for establishing, implementing, maintaining, reviewing and improving an Anti-Bribery Management System (ABMS). This standard is designed for all types of organisations from any sector and for any type of bribery they may face. Apart from this, ISO 37001 can also be implemented as a standalone standard or be integrated with other management systems.

ISO 37001 serves as a framework in the precaution of organisational integrity and helps combat bribery and any other associated risks. It helps organisations prevent, identify and respond to bribery and comply with anti-bribery laws and voluntary commitments applicable to its activities.

Become an ISO 37001 certified professional helps you differentiate yourself with demonstrated anti-bribery expertise and at the same time differentiate your organisation from competitors.

This standard is intended to guide, identify, detect and respond to possible bribery risks. The requirements of this standard enable the organisations to implement an anti-bribery framework and put in place effective anti-bribery policies and processes.

ISO 37001 (Anti-Bribery Management System) certifications will enable organisations to:

  • Reduce bribery risks by implementing financial controls in early stages
  • Perform continuous improvement of anti-bribery practices
  • Gain competitive advantages
  • Ensure that business associates and customers are devoted to positive anti-bribery processes
  • Attract new business
  • Prevent, detect and address bribery risks
  • Increase international recognition
  • Promote trust and confidence
  • Reduce cost
  • Prevent conflict of interest
  • Promote an anti-bribery culture

What is the ISO 37001 certification?

PECB LogoISO 37001 is an international standard that specifies requirements and provides guidance for establishing, implementing, maintaining, reviewing and improving an Anti-Bribery Management System (ABMS). ISO 37001 can be used internationally and adopted in organisations to implement reasonable and proportionate measures designed to prevent bribery. ISO 37001 will be the most effective if its implementation by an organisation is independently certified. ISO 37001 is applicable only to bribery, but not to other criminal offences such as fraud, cartels, and money laundering, although the organisation may choose to extend the scope of its anti-bribery programme to include these offences.

Target Audience

The ISO 37001 certification is designed for candidates:

  • who are senior managers or senior consultants responsible for the ABMS of an enterprise;
  • who are portfolio managers, programme managers, project manager or senior consultants responsible for managing and/or mastering the implementation process of an ABMS;
  • who are auditors responsible for performing and leading the audit process of an ABMS;
  • who are staff members responsible for maintaining conformance with ABMS requirements in the organisation;
  • who are team members of information security, risk management, legal and compliance, governance and controls or relevant departments in the organisations; or
  • who are experts responsible for providing advice about anti-bribery management.

Course Outline

ISO 37001 Introduction

PECB ISO 37001 Introduction

This one-day training course enables participants to be familiar with the basic concepts of the implementation and management of Anti-Bribery Management System (ABMS) as specified in ISO 37001. Participants will learn the different components of ABMS, including ABMS policies, procedures, performance, management’s commitment, internal audit, management review and continual improvement.

  • Introduction to the ISO 37001 standard and its parts and other frameworks related to ABMS
  • Introduction to management systems and the process approach
  • General requirements
  • Implementation phases of the ISO 37001 framework
  • Continual improvement of ABMS
  • Basic steps of conducting an ISO 37001 certification audit

ISO 37001 Foundation

PECB ISO 37001 Foundation

This two-day course enables participants to learn about the best practices for implementing and managing essential components of Anti-Bribery Management System (ABMS) as specified in ISO 37001. Participants will learn the different components of ABMS, including ABMS scope and boundaries, policies, required procedures, records, measuring performance, management’s commitment, internal audit, management review and continual improvement.

  • All the concepts covered in the ISO 37001 Introduction course
  • Introduction to the Anti-Bribery Management System (ABMS) concepts as required by ISO 37001
  • ISO 37001 Foundation exam, covering 2 domains:
    • Domain 1: Fundamental Principles and Concepts of an Anti-Bribery Management System (ABMS)
    • Domain 2: Anti-Bribery Management System (ABMS)

ISO 37001 Lead Auditor

PECB ISO 37001 Lead Auditor

This five-day intensive course enables participants to develop the necessary expertise to audit an Anti-Bribery Management System (ABMS) based on ISO 37001:2016 and ensures that the organisation is competent in maintaining its management system. The Lead Auditor training will equip each participant with the skills and ability to perform audits by applying widely recognised audit principles, procedures and techniques. During the training, participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011; the certification process according to ISO 17021. Based on practical exercises, participants will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit.

Day 1: Introduction to Anti-Bribery Management System (ABMS) concepts as required by ISO 37001

  • Introduction to management system and the process approach
  • Normative frameworks and methodologies related to anti-bribery
  • Fundamental principles of ABMS
  • The ISO 37001 certification process
  • Detailed presentation of the clauses of ISO 37001

Day 2: Planning and Initiating an ISO 37001 Audit

  • Fundamental audit concepts and principles
  • Audit approach based on evidence and on risk
  • Preparation of an ISO 37001 certification audit
  • Documenting of an ABMS audit
  • Conducting an opening meeting

Day 3: Conducting an ISO 37001 Audit

  • Communication during the audit
  • Audit procedures observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation
  • Drafting audit test plans
  • Formulation of audit findings
  • Drafting of non-conformity reports

Day 4: Concluding and Ensuring the Follow-up of an ISO 37001 Audit

  • Documentation of the audit and anti-bribery review
  • Conducting a closing meeting and conclusion of an ISO 37001 audit
  • Evaluation of a corrective action plans
  • ISO 37001 surveillance audit
  • ISO 37001 internal audit management program

Day 5: Certification Exam

The ISO 37001 Lead Auditor exam covers the following domains:

  • Domain 1: Fundamental principles and concepts of Anti-Bribery Management System (ABMS)
  • Domain 2: Anti-Bribery Management System (ABMS)
  • Domain 3: Fundamental audit concepts and principles
  • Domain 4: Preparation of an ISO 37001 audit
  • Domain 5: Conduct of an ISO 37001 audit
  • Domain 6: Conclusion and Follow-up of an ISO 37001 audit
  • Domain 7: Management of an ISO 37001 audit program

ISO 37001 Lead Implementer

PECB ISO 37001 Lead Implementer

This five-day intensive course enables participants to develop the knowledge and skills necessary to support an organisation in implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001. Participants will also be given a thorough grounding in best practices used to implement information security controls from all areas of ISO/IEC 27002.

Day 1: Concepts of Information Security Management System (ISMS) as required by ISO/IEC 27001 and Initiating an ISMS

  • Introduction to management systems and the process approach
  • Presentation of the ISO/IEC 27000 family and regulatory framework
  • Fundamental principles of information security
  • Preliminary analysis and determining the level of maturity based on ISO/IEC 21827
  • Writing a business case and a project plan for the implementation of an ISMS

Day 2: Planning the Implementation of an ISMS based on ISO/IEC 27001

  • Defining the scope of an ISMS
  • Drafting an ISMS and information security policies
  • Selection of the approach and methodology for risk assessment
  • Risk management: identification, analysis and treatment of risk (based on ISO/IEC 27005)
  • Drafting the statement of applicability

Day 3: Implementing an ISMS based on ISO/IEC 27001

  • Implementation of a document management framework
  • Design of and implementation of controls
  • Information security training, awareness and communication program
  • Incident management (drawing on guidance from ISO/IEC 27005)
  • Operations management of an ISMS

Day 4: Control, Monitoring and Measuring an ISMS and the Certification Audit of an ISMS in accordance with ISO/IEC 27001

  • Monitoring the ISMS controls
  • Development of metrics, performance indicators and dashboards in accordance with ISO/IEC 27004
  • ISO/IEC 27001 internal audit
  • Management review of an ISMS
  • Implementation of a continual improvement program
  • Preparing for an ISO/IEC 27001 certification audit

Day 5: Certification Exam

The ISO/IEC 27001 Lead Implementer exam covers the following domains:

  • Domain 1: Fundamental principles and concepts of Information Security
  • Domain 2: Information Security Control Best Practice based on ISO/IEC 27002
  • Domain 3: Planning an ISMS based on ISO/IEC 27001
  • Domain 4: Implementing an ISMS based on ISO/IEC 27001
  • Domain 5: Performance evaluation, monitoring and measurement of an ISMS based on ISO/IEC 27001
  • Domain 6: Continual improvement of an ISMS based on ISO/IEC 27001
  • Domain 7: Preparation for an ISMS certification audit

ISO 37001 Exam Format

 ISO 37001 FoundationISO 37001 Lead AuditorISO 37001 Lead Implementer
Question TypeEssay; short and long questionsEssay; short and long questionsEssay; short and long questions
No. of Questions41212
Duration60 minutes3 hours3 hours
Passing Score (%)70%70%70%

Requirements for ISO 37001

Participant(s) can apply for the ISO 37001 certification(s) if the following requirements are fulfilled.

CredentialExamProfessional ExperienceManagement System Audit / Assessment ExperienceISO 37001 ABMS Project ExperienceOther Requirements
ISO 37001 FoundationPECB Certified ISO 37001 Foundation Exam or equivalentNoneNoneNoneSigning the PECB code of ethics
ISO 37001 Provisional AuditorPECB Certified ISO 37001 Lead Auditor Exam or equivalentNoneNoneNoneSigning the PECB code of ethics
ISO 37001 AuditorPECB Certified ISO 37001 Lead Auditor Exam or equivalentTwo years: One year of work experience in Anti-Bribery ManagementAudit activities totalling 200 hoursNoneSigning the PECB code of ethics
ISO 37001 Lead AuditorPECB Certified ISO 37001 Lead Auditor Exam or equivalentFive years: Two years of work experience in Anti-Bribery ManagementAudit activities totalling 300 hoursNoneSigning the PECB code of ethics
ISO 37001 Provisional ImplementerPECB Certified ISO 37001 Lead Implementer Exam or equivalentNoneNoneNoneSigning the PECB code of ethics
ISO 37001 ImplementerPECB Certified ISO 37001 Lead Implementer Exam or equivalentTwo years: One year of work experience in Anti-Bribery ManagementNoneProject activities totalling 200 hoursSigning the PECB code of ethics
ISO 37001 Lead ImplementerPECB Certified ISO 37001 Lead Implementer Exam or equivalentFive years: Two years of work experience in Anti-Bribery ManagementNoneProject activities totalling 300 hoursSigning the PECB code of ethics
ISO 37001 MasterPECB Certified ISO 37001 Lead Auditor Exam or equivalent and PECB Certified ISO 37001 Lead Implementer Exam or equivalentTen years: Six years of work experience in Anti-Bribery ManagementAudit activities totalling 500 hoursProject activities totalling 500 hoursSigning the PECB code of ethics

"The whole is more than the sum of its parts."

~ Aristotle

CONNECT WITH US