Module 10:  The benefits and requirements of ISO 37001

Requirements: (16) Reporting; (17) Investigating and dealing with bribery

(16)  Reporting

The organisation should implement procedures which enable personnel, business associates, or members of the public to report suspected or actual bribery, or breach of the ABMS.

Anonymous and confidential reporting should be permitted.

The organisation should take all reasonable steps to protect the identity of the whistleblower.

Provided that the whistleblower is reporting in good faith, or based on a reasonable belief, retaliation against the whistleblower should be prohibited, and the organisation should take all reasonable steps to protect the whistleblower from retaliation.

(17)  Investigating and dealing with bribery

In the event that any bribery, or any breach of the ABMS, is reported, detected or reasonably suspected, then the organisation should implement an investigation.

If the investigation establishes that any bribery or breach of the ABMS did occur, then the organisation should take effective action to deal with the situation.  This could include, for example:

  • terminating the employment of any personnel, or the contract of any business associate, who is responsible for the bribery or breach
  • claiming compensation from the responsible parties
  • reporting, if appropriate, to the criminal authorities
  • improving the ABMS if any weaknesses in it allowed the bribery or breach to occur.
  •  

                            15 of 22

January 2025
© GIACC