All you need to know about ISO 37001: Getting certified (7 of 7)

How is certification carried out?


Jean-Pierre Méan

By Jean-Pierre Méan 
Published on Tuesday February 6, 2018



Once the decision has been made to become certified for anti-corruption management systems, the first thing to do is to obtain a copy of the standard. Standards are available on-line from the ISO store ( or from national ISO member sites at a price of between $150 and $190. ISO is rather strict on affirming its copyright; the income from the sale of the standards is used to (partially) finance itself.

The standard and the attached guidance offer a comprehensive understanding of the measures to put into place in order to conform to the standard. However, the assistance of an individual or an organization with practical experience in implementing anti-corruption measures will greatly enhance the chances of successful certification.

Implementing ISO 37001 takes between 6 months to 2 years depending on the complexity of the organization, with most organizations requiring between 12 and 18 months to put the whole system in place.

The certification audit, from the first steps to the report and the decision on certification, takes between three weeks to three months depending on the organization. Once contractual arrangements have been concluded between the organization and the certification body, and the audit scope has been defined, the auditors will start their work by conducting a desk review of the policies and procedures of the organization.

The desk review will be followed by a site visit which includes:

  • An opening meeting with the organization’s management
  • Interviews of management, board members and selected employees and stakeholders, as appropriate
  • Consulting the documentation of the anti-corruption management system and obtaining copies of key documents
  • Documenting non-conformities
  • Discussing corrective action for non-conformities[1]
  • A closing meeting with management

The number of man/days for the site visit may vary from 2 days to 20 days or more depending on the size of the organization.

Once certification has been granted, two annual post-certification surveillance audits will be conducted. A renewal audit after three years is required to maintain the certification status.


[1] Non-conformities fall in two categories: minor non-conformities are those which need to be corrected but are not an obstacle to certification while major non-conformities need to be corrected before proceeding to certification.


Do you want to contribute to the blog?
Please have a look at our Blog Guidelines


Leave a Reply

Your e-mail address will not be published. Required fields are marked with an asterisk*


Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur la façon dont les données de vos commentaires sont traitées.