All you need to know about ISO 37001: Going for certification (6 of 7)

How does one get certified under ISO 37001?

By Jean-Pierre Méan 
Published on Tuesday January 23, 2018

One of the features of ISO 37001 is that it is a requirements standard and, as such, certifiable. This requires, however, some explanation as ISO 37001 may be used in different ways, viz:

• for a first party audit or self-assessment;
• for a second party audit or assessment by e.g. a supplier or the member of an association, by a business partner or the officers of the association;
• for a third party audit by an independent third party.

Only a third party audit by an independent party can lead to certification.

All standards, including ISO 37001, can be used in these various ways. However, while a self-assessment may serve to prepare a second party audit or a certification, its value is limited to that of a statement by the assessed organization on itself. A second party audit carries more weight, but its value depends on the credibility of the second party and generally has a specific, limited purpose such as the verification by a business association that its members conform to association standards

Accredited or Non-Accredited

Third party audits may be carried out by both accredited or non-accredited auditing bodies. However, in the case of certifications by a non-accredited body, known as private certifications, the independence and qualifications of the auditor rest entirely on the reputation and credibility of the auditing body. Therefore, candidates for certification by a non-accredited body should themselves verify that that body’s auditors fulfill the competency requirements for auditing and certification of anti-bribery management systems (see below).

Competence Requirements for Accredited Bodies

Only accredited certification bodies assure the auditors’ independence and qualifications by a neutral authority because their accreditation requires them to conform to a number of standards related to the certification process issued by ISO’s Committee on Conformity Assessment (CASCO). Of particular relevance to the certification of anti-bribery management systems are the following:

– ISO/IEC 17021-1:2015 – Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 1: Requirements; and

– ISO/IEC TS 17021-9:2016   ISO/IEC TS 17021-9:2016 – Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 9: Competence requirements for auditing and certification of anti-bribery management systems. It is worth noting that specific requirements have only been issued for a few standards; in the specific case of anti-bribery it was considered necessary since auditing anti-bribery management systems requires specific knowledge and skills that an auditor of other management systems may not necessarily possess.

Accreditation authorities must check that these requirements are met and continue to be met by accredited certification bodies. Accreditation is granted not by ISO or its members but by national accreditation bodies which provide information on accredited certifiers. A list of national accreditation bodies can be found on the website of the International Accreditation Forum.

Submitting to the certification process brings the direct benefits of certification. Moreover, experience shows that an audit by a competent auditor experienced in anti-bribery management and knowledgeable about the practices of other companies (especially in similar industries or locations) can lead to a valuable and profitable exchange with the company’s compliance and management personnel and its management.

Do you want to contribute to the blog?
Please have a look at our Blog Guidelines