Saturday, December 21 2024

ISO 37001 requirements anti-bribery management systems version 2016

28/05/2023 

Quiz requirements ISO 37001 version 2016

You want to familiarize yourself with the structure of the standard, identify and understand the requirements of ISO 37001 version 2016, then it's up to you to play!

Start

The quiz "ISO 37001 Requirements version 2016" will help you understand the main requirements of the standard.

The questions (requirements) for this quiz are 102, don't panic. The requirements of the standard are 223 but these 102 requirements are among the most important, so don't hesitate to learn in a fun way!

Don't think that you can complete this quiz in less than an hour, or even two hours, unless of course you are a little genius!

 

News on the anti-bribery standard ISO 37001 version 2016

 

The 223 requirements (shall, shall) of clauses 4 to 10 of ISO 37001 are broken down as follows:

ISO 37001 requirements version 2016 copyleft
No
Clause
PDCA cycle
Requirement No
Quantity
4
Context Plan
1 ÷ 21
21
5 Leadership Plan, Do, Check, Act
22 ÷ 65
44
6 Planning Plan
66 ÷ 87
22
7 Support Do
88 ÷ 134
47
8 Operation Do
135 ÷ 169
35
9 Performance Check 170 ÷ 211 42
10 Improvement Act 212 ÷ 223 12
Total
223

requirements iso 37001

Requirements in ISO 37001 clauses and sub-clauses

 

PDCA

Deming PDCA cycle

 

Note. Any requirement normally begins with "The organization shall ...". For simplicity we present the requirements directly starting with the verb.

ISO 37001 - Requirements and comments version 2016 copyleft
No
Clause
(sub-clause)
Requirement
PDCA cycle, links, comments
4
Context
 
4.1
The organization and its context
 
1
4.1
Document external and internal issues Everything that influences the achievement of objectives, cf. sub-clause 6.2. The issues are related to the nature of the management, the scope, the activities, the economic model, the partners, the relations with public representatives, the legal obligations
 
4.2
Stakeholders
 
2
4.2
Document stakeholders List of stakeholders who may have an influence on the ABMS or be influenced by the ABMS (anti-bribery management system)
3 4.2 b Document requirements of the stakeholders Mandatory and non-mandatory requirements, as well as voluntary commitments
 
 4.3
Scope
 up
4
4.3
Document the boundaries and applicability of the ABMS In order to establish the scope of the ABMS
5  4.3 a Take into account external and internal issues Internal and external issues, cf. sub-clause 4.1
6  4.3 b Take into account the requirements of the stakeholders Requirements, see sub-clause 4.2
7 4.3 c Take into account the bribery risk assessment Results of risk assessment, cf. sub-clause 4.5
8 4.3 Make the scope available As documented information, cf. sub-clause 7.5
4.4
Information security management system
 
9  4.4 Establish, document, implement, maintain and improve the ABMS

Including the processes used and their interactions

Processes : processus

  • delegate decision-making (sub-clause 5.3.3)
  • manage operational requirements (sub-clause 8.1)
  • conduct internal audits (sub-clause 9.2.2)
10  4.4 Include anti-bribery specific indicators In order to identify and assess any risk of bribery. And prevent and detect any act of bribery and find remedies 
11  4.4 Implement a reasonable and proportionate ABMS The measures are based on recognized international good practices
12  4.4 Take into account the factors related to the scope of the ABMS Such as internal and external issues, requirements of the stakeholders, anti-bribery risk assessment, cf. sub-clause 4.3
4.5
Bribery risk assessment
up
13 4.5.1 Undertake regular bribery risk assessment

Based on the standard ISO 31000 Risk management

14 4.5.1 a Identify the bribery risks Risks that can reasonably be anticipated, cf. the issues of sub-clause 4.1
15 4.5.1 b Analyze and assess the bribery risks And establish and prioritize identified risks
16 4.5.1 c Evaluate the adequacy and effectiveness of the controls put in place In order to mitigate the identified and assessed risks
17 4.5.2 Define criteria In order to evaluate the level of bribery risk in the organization
18 4.5.2

Take into account the anti-bribery policy and objectives

Cf. sub-clauses 5.2 and 6.2
19 4.5.3 a Review the bribery risk assessment On a regular basis, in order to take into account changes and new information available
20 4.5.3 b Review the bribery risk assessment In the event of a significant change in the structure or activities of the company
21 4.5.4 Retain documented information of realized assessments In order to improve the ABMS, cf. sub-clause 7.5.3
 
5
Leadership
Plan, Do, Check, Act
 
5.1
Leadership and commitment
 
22 5.1.1 a Approve the anti-bribery policy In order to demonstrate the leadership and commitment of top management (or governing body), cf. sub-clause 5.2
23 5.1.1 b  Ensure that the strategy and anti-bribery policy are aligned Cf. sub-clause 5.2
24 5.1.1 c Review relevant ABMS information Top management receives this information at intervals that are planned
25 5.1.1 d Require the allocation and assignment of necessary resources In order to achieve efficient operation of the ABMS
26 5.1.1 e Exercise oversight over the implementation of the ABMS Top management reasonably manages the implementation of the ABMS
27 5.1.1 Carry out these activities by top management When the company does not have a governing body
28 5.1.2 a Ensure that the ANMS is established, implemented, maintained and reviewed In order to take into account the risks of bribery. In this way top management demonstrates its leadership and commitment
29 5.1.2 b Ensure that the anti-bribery requirements are met And integrated into business processes. In this way top management demonstrates its leadership and commitment
30 5.1.2 c Deploy the necessary resources In order to guarantee the efficient operation of the ABMS. In this way top management demonstrates its leadership and commitment
31 5.1.2 d Communicate on the anti-bribery policy Internally and externally. In this way top management demonstrates its leadership and commitment
32 5.1.2 e Communicate the importance of having an effective ABMS And to comply with ABMS requirements. In this way top management demonstrates its leadership and commitment
33 5.1.2 f Ensure that the ABMS is appropriate In order to achieve the objectives set. In this way top management demonstrates its leadership and commitment
34 5.1.2 g Support personnel In order for personnel to contribute to the control of the ABMS. In this way top management demonstrates its leadership and commitment
35 5.1.2 h Promote anti-bribery culture Culture appropriate to the specificities of the company. In this way top management demonstrates its leadership and commitment
36 5.1.2 i Promote continual improvement In this way, top management demonstrates its leadership and commitment. See sub-clause 10.2
37 5.1.2 j Support management roles So that they manage the prevention and detection of bribery. In this way top management demonstrates its leadership and commitment
38 5.1.2 k Encourage reporting procedures On suspicious or proven cases of bribery. In this way top management demonstrates its leadership and commitment
39 5.1.2 l Ensure that no personnel will suffer For reporting a violation of the anti-bribery policy. In this way top management demonstrates its leadership and commitment
40 5.1.2 m Report regularly on the operation of the ABMS And allegations of bribery, cf. sub-clause 7.2.2.1 d. In this way top management demonstrates its leadership and commitment
 
5.2
Anti-bribery policy
 
41 5.2 a Prohibit any form of bribery Include in the updated anti-bribery policy, politique
42 5.2 b Enforce compliance with applicable anti-bribery laws Include in the updated anti-bribery policy
43 5.2 c Ensure that the policy is appropriate to the purpose of the organization Include in the updated anti-bribery policy
44 5.2 d Provide a framework for achieving the anti-bribery objectives Include in the updated anti-bribery policy
45 5.2 e Commit to satisfy anti-bribery requirements Include in the updated anti-bribery policy
46 5.2 f Encourage raising concerns in good faith Include in the updated anti-bribery policy, cf. sub-clause 8.9
47 5.2 g Commit to continual improvement Include in the updated anti-bribery policy, cf. sub-clause 10.2
48 5.2 h Promote the anti-bribery compliance function Include in the updated anti-bribery policy, cf. sub-clause 5.3.2
49 5.2 i Explain in detail the consequences of not complying with the anti-bribery policy Include in the updated anti-bribery policy
50 5.2 Document the anti-bribery policy Cf. sub-clause 7.5
51 5.2 Communicate the anti-bribery policy appropriately within the company And to business associates
52 5.2 Ensure that the anti-bribery policy is available Including stakeholders
5.3
Roles
 
53 5.3.1 Assume overall responsibility for the implementation of, and compliance with the ABMS On behalf of top management, cf. sub-clause 5.1.2
54 5.3.1 Ensure that the responsibilities and authorities are assigned and communicated For all relevant levels of the organization
55 5.3.1 Enforce compliance with ABMS requirements in each department On behalf of every manager at every level of the organization
56 5.3.1 Understand and comply with the ABMS requirements at every level On behalf of top management and all other personnel
57 5.3.2 a Assign responsibility and authority to an anti-bribery compliance function (anti-bribery manager) In order to oversee the design and implementation of the ABMS
58 5.3.2 b Assign responsibility and authority to an anti-bribery compliance function (anti-bribery manager) In order to provide advice to personnel on the ABMS and everything related to bribery
59 5.3.2 c Assign responsibility and authority to an anti-bribery compliance function (anti-bribery manager) In order to ensure that the ABMS conforms to ISO 37001 requirements
60 5.3.2 d Assign responsibility and authority to an anti-bribery compliance function (anti-bribery manager) in order to report on the performance of the ABMS
61 5.3.2 Provide the anti-bribery manager with the necessary resources The anti-bribery manager is competent, has the appropriate authority and independence
62 5.3.2 Have direct and prompt access to top management From the anti-bribery manager in the event that any issue has to be reported
63 5.3.2 Ensure that the necessary responsibilities and authorities are assigned to persons external to the organization In the event that the function or part of the anti-bribery manager function is outsourced
64 5.3.3 Establish and maintain a decision-making process In case top management delegates decision-making to personnel free from conflicts of interest
65 5.3.3 Ensure that this process is reviewed periodically On behalf of top management, cf. sub-clause 5.3.1
 
6
Planning
 
6.1
Actions 
 
66 6.1 a Ensure the achievement of objectives Take into account issues, requirements and identified risks and opportunities, cf. sub-clauses 4.14.2, 4.5 and 10.2
67 6.1 b Prevent and reduce undesired effects of the ABMS Take into account issues, requirements and identified risks and opportunities, cf. sub-clauses 4.14.24.5 and 10.2
68  6.1 c Monitor the effectiveness of the ABMS Take into account issues, requirements and identified risks and opportunities, cf. sub-clauses 4.14.24.5 and 10.2
69 6.1 d Achieve continual improvement Take into account issues, requirements and identified risks and opportunities, cf. sub-clauses 4.14.24.5 and 10.2
70 6.1 Plan actions to address bribery threats And improvement opportunities
71 6.1 Plan how to integrate the actions In the ABMS processes
72 6.1 Plan how to evaluate the effectiveness of the actions Cf. sub-clauses 9.1 and 9.3
 
6.2
Objectives
up
73 6.2 Establish anti-bribery management system objectives At all levels in the organization
74 6.2 a Ensure that the ABMS objectives are consistent With the anti-bribery policy
75 6.2 b Ensure that the ABMS objectives are measurable If practicable
76 6.2 c Ensure that the ABMS objectives take into account issues, requirements and risks Cf. sub-clauses 4.14.24.5 and 10.2
77 6.2 d Ensure that the ABMS objectives can be achieved In reasonable limits
78 6.2 e Ensure that the ABMS objectives are monitored

Cf. sub-clause 9.1

79 6.2 f Ensure that the ABMS objectives are communicated

Cf. sub-clause 7.4

80 6.2 g Ensure that the ABMS objectives are updated At a reasonable frequency
81 6.2 Retain documented information on ABMS objectives Cf. sub-clause 7.5
82 6.2 Document what will be done When planning how to achieve the ABMS objectives
83 6.2 Document the necessary resources When planning how to achieve the ABMS objectives
84 6.2 Document who will be responsible for implementing the objectives When planning how to achieve the ABMS objectives
85 6.2 Document when this will be done When planning how to achieve the ABMS objectives
86 6.2 Document how the objectives will be evaluated and reported When planning how to achieve the ABMS objectives
87 6.2 Document who will be responsible in imposing sanctions or penalties  When planning how to achieve the ABMS objectives
 7
Support
 
7.1
Resources
up
88
7.1
Identify and provide personnel, physical and financial resources needed In order to establish, apply, maintain and improve the ABMS
 
7.2
Competence
 
89  7.2 a Document the necessary competence Of those that can affect anti-bribery performance
90 7.2 b Ensure that the persons are competent On the basis of initial and professional training and experience
91 7.2 c Take training actions And evaluate the effectiveness of these actions
92 7.2 d Retain documented information on competence As evidence of competence
93 7.2.2.1 a Comply with the anti-bribery policy and the requirements of the ABMS, in relation to personnel Included in a documented procedure, cf. sub-clause 7.5
94 7.2.2.1 b Make the anti-bribery policy available and train staff on the policy Included in a documented procedure, cf. sub-clause 7.5
95 7.2.2.1 c Take disciplinary action for non-compliance with anti-bribery policy or requirements of the ABMS  Included in a documented procedure, cf. sub-clause 7.5
96 7.2.2.1 d 1 Guarantee the absence of reprisals when refusing to participate in an activity with risk of bribery Included in a documented procedure, cf. sub-clause 7.5
97 7.2.2.1 d 2 Guarantee the absence of reprisals when reporting an activity with a risk of bribery Included in a documented procedure, cf. sub-clause 7.5
98 7.2.2.2 a Conduct due diligence to ensure that staff will comply with the anti-bribery policy and the requirements of the ABMS Included in a documented procedure, cf. sub-clause 7.5
99 7.2.2.2 b Ensure that reasonable anti-bribery preventive measures are in place Included in a documented procedure, cf. sub-clause 7.5
100 7.2.2.2 c File a declaration confirming compliance with the anti-bribery policy Included in a documented procedure, cf. sub-clause 7.5
 
7.3
Awareness
 
101
7.3
Ensure awareness and training to personnel

On anti-bribery activities

"Prevention is better than cure"

102 7.3 a Include in the training the anti-bribery policy, procedures, ABMS and their duty to comply Taking into account the bribery risk assessment, cf. sub-clause 4.5
103 7.3 b Include in the training the bribery risk and the damage to them Taking into account the bribery risk assessment, cf. sub-clause 4.5
104 7.3 c Include in the training the circumstancies in which bribery can occur Taking into account the bribery risk assessment, cf. sub-clause 4.5
105 7.3 d Include in the training how to recognize and respond to solicitations Taking into account the bribery risk assessment, cf. sub-clause 4.5
106 7.3 e Include in the training how to prevent and avoid bribery and recognize bribery risk indicators Taking into account the bribery risk assessment, cf. sub-clause 4.5
107 7.3 f  Include in the training the benefits of the contribution of personnel in the improvement of the ABMS Taking into account the bribery risk assessment, cf. sub-clause 4.5
108 7.3 g Include in the training the consequences of not conforming with the ABMS requirements Taking into account the bribery risk assessment, cf. sub-clause 4.5
109 7.3 h Include in the training how and to whom report any concerns Taking into account the bribery risk assessment, cf. sub-clauses 4.5 and 8.9
110 7.3 i Include in the training information on available training and resources Taking into account the bribery risk assessment, cf. sub-clause 4.5
111 7.3 Provide personnel with anti-bribery risk awareness and training Depending on the function and the identified and potential risks, cf. sub-clause 4.5
112 7.3 Update regularly the awareness programs And training programs
113 7.3 Implement procedures addressing anti-bribery awareness and training for business associates Relating to anti-bribery activities
114 7.3 Identify business associates And document the content and form of the training
115 7.3 Retain documented information on training Their content, date and list of participants
 
7.4
Communication
up
116 7.4.1 a Document on which subjects to communicate Included in the ABMS
117 7.4.1 b Document when to communicate Included in the ABMS
118 7.4.1 c Document with whom to communicate Included in the ABMS
119 7.4.1 d Document how to communicate Included in the ABMS
120 7.4.1 e Document who will communicate Included in the ABMS
121 7.4.1 f Document the language which will be used Included in the ABMS
122 7.4.2 Make available the anti-bribery policy To personnel and business associates
 
7.5
Documented information
 
 
7.5.1
General
 up
123 7.5.1 a Include in the ABMS the documented information required by ISO 37001

In the ABMS:

Documented information to maintain (procedures):procédure

  • employment (sub-clause 7.2.2)
  • disciplinary actions (sub-clause 7.2.2)
  • personnel (sub-clause 7.2.2.2)
  • training (sub-clause 7.3)
  • documentation (sub-clause 7.5)
  • due diligence (sub-clause 8.2)
  • entities and partners (sub-clause 8.5, 8.6)
  • gifts and similar (sub-clause 8.7)
  • reporting (sub-clause 8.9)
  • investigation and treatment (sub-clause 8.10)
  • internal audit (sub-clause 9.2.3)
Documented information to retain (records):enregistrement
  • scope (sub-clause 4.3)
  • bribery risk register (sub-clause 4.5.4)
  • anti-bribery policy (sub-clause 5.2)
  • anti-bribery objectives (sub-clause 6.2)
  • competence (sub-clause 7.2.1)
  • training (sub-clause 7.3)
  • operational control (sub-clause 8.1)
  • evaluation results (sub-clause 9.1)
  • internal audit report (sub-clause 9.2)
  • management review report (sub-clause 9.3)
  • governing body review report (sub-clause 9.4)
  • non-conformities and corrective actions (sub-clause 10.1)
124 7.5.1 b Include documented information deemed necessary for the effectiveness of the ABMS

In the ABMS

 
7.5.2
Creating and updating
up
125 7.5.2 a Identify and describe the documented information appropriately Such as title, author, date, codification
126 7.5.2 b Ensure that the format and media of the documented information is appropriate Such as language, version, electronic, paper
127 7.5.2 c Review and validate documented information appropriately In order to determine their relevance and suitability
 
7.5.3
Control of documented information
 
128 7.5.3 a Control documented information so that it is available and suitable for use Where and when needed
129 7.5.3 b Control documented information so that it is properly protected As loss of confidentiality, improper use or loss of integrity
130 7.5.3 Apply distribution, access, retrieval and usage activities In order to control the documented information
131 7.5.3 Apply storage and preservation activities In order to control the documented information
132 7.5.3 Apply change control activities In order to control the documented information
133 7.5.3 Apply retention and disposition activities In order to control the documented information
134 7.5.3 Identify and control documented information of external origin In order to control the documented information
8
Operation
Do
 
8.1 
Planning and control
up
135
8.1 a Establish criteria for the processes The processes of the ABMS are planned, implemented, monitored and under control, cf. sub-clause 6.1
136 8.1 b Implement control of the processes The processes of the ABMS are planned, implemented, monitored and under control, cf. sub-clause 6.1
137 8.1 c Retain documented information to the extent necessary In order to ensure that the processes are carried out as planned. Cf. sub-clause 7.5.1
138 8.1 Include the specific controls Cf. sub-clauses 8.2 to 8.10
139 8.1 Control planned and unintended changes And undertake actions to mitigate any adverse effects
140 8.1 Ensure control of outsourced processes Including business associates
 
8.2
Due diligence
 
141 8.2 Assess the nature and extent of risk related to transactions, activities, partners and personnel Cf. sub-clauses 4.5 and 7.2.2.2
142 8.2 Include any due diligence In order to obtain sufficient information to assess the bribery risk
143 8.2 Review due diligence regularly In order to take into account the changes
 
8.3
Financial controls
 
144 8.3 Implement financial controls In order to manage bribery risk
 
8.4
Non-financial controls
 
145 8.4 Implement non-financial controls In order to manage the risk of bribery such as purchasing, operations, sales, personnel, legal and regulatory activities
 
8.5
Business associates
 
146 8.5.1 a Implement a procedure for business associates In order that business associates implement an ABMS
147 8.5.1 b Implement a procedure for business associates In order that business associates implement their own anti-bribery controls
148 8.5.2 a Implement a procedure for business associates In order to determine whether the business associate has implemented the applicable anti-bribery controls
149 8.5.2 b 1 Implement a procedure for business associates In order to require the business associate to put in place anti-bribery controls in relation to the project, transaction or activity concerned
150 8.5.2 b 2 Implement a procedure for business associates In order to take into account the impossibility of requiring the business associate to put in place anti-bribery controls, cf. sub-clauses 4.5, 8.2, 8.3, 8.4 and 8.5
 
8.6
Anti-bribery commitments
 
151 8.6 a Implement a procedure for business associates In order that business associates commit to preventing bribery
152 8.6 b Implement a procedure for business associates In order to terminate the relationship in event of bribery
153 8.6 Consider, where requirements 8.6 a) and b) cannot be met, this factor when assessing bribery risks And the way the organization manages such risks
 
8.7
Gifts, and similar benefits
 
154 8.7 Implement a procedures for gifts and similar benefits In order to prevent what could reasonably be perceived as an act of bribery
 
8.8
Managing inadequacy of anti-bribery controls
 
155 8.8 a Suspend the relationship with business associates when bribery risks cannot be managed Because the anti-bribery controls are not adequate
156 8.8 b Decline to continue the relationship with business associates for any new project when bribery risks cannot be managed Because the anti-bribery controls are not adequate
 
8.9
Rainsing concerns
 
157 8.9 a Implement a reporting procedure In order to encourage persons to report their concerns about attempted bribery, proven cases of bribery or suspected cases
158 8.9 b Implement a reporting procedure In order to protect the identity of the reporting person
159 8.9 c Implement a reporting procedure In order to allow anonymous reporting
160 8.9 d Implement a reporting procedure in order to prohibit retaliation the persons making reports
161 8.9 e Implement a reporting procedure In order to receive advice in the face of a concern or a suspicion of bribery
162 8.9 Ensure that all personnel are informed about the reporting procedure And know how to use whistleblowing reports, knows their rights and applicable protections
 
8.10
Investigating and dealing with bribery
 
163 8.10 a Implement a procedure for investigation In order to require the assessment or investigation of any reported, detected or suspected bribery, or violation of the anti-bribery policy or the ABMS
164 8.10 b Implement a procedure for investigation In order to implement appropriate actions if the investigation is positive
165 8.10 c Implement a procedure for investigation In order to empower and enable investigators
166 8.10 d Implement a procedure for investigation In order to require co-operation by relevant personnel
167 8.10 e Implement a procedure for investigation In order to require that the status of the investigation is reported to the anti-bribery manager
168 8.10 f Implement a procedure for investigation In order to require the confidentiality of the investigation
169 8.10 Conduct the investigation by non-involved personnel A business associate can be appointed to conduct the investigation
 
9
Performance
 
9.1
Inspection
up
170 9.1 a Document what needs to be monitored And be measured
171 9.1 b Document who is responsible for monitoring Cf. sub-clause 5.3
172 9.1 c Document the methods for inspection (monitoring, measurement, analysis and evaluation) In order to ensure valid results
173 9.1 d Document when to perform the monitoring And the measurement
174 9.1 e Document when the results from monitoring and measurement shall be analyzed And evaluated
175 9.1 f Document to whom this information shall be reported And it will be reported
176 9.1 Retain documented information on inspection  As evidence of the methods and the results obtained, cf. sub-clause 7.5
177 9.1 Evaluate the anti-bribery performance And the effectiveness and efficiency of the ABMS
 
9.2
Internal audit
up
178 9.2.1 a Conduct internal audits at scheduled intervals  In order to provide information on whether the ABMS is compliant, cf. ISO 19011
179 9.2.1 a 1 Conduct internal audits at scheduled intervals  In order to provide evidence whether the ABMS conforms to the organization's own requirements
180 9.2.1 a 2 Conduct internal audits at scheduled intervals  In order to provide evidence whether the ABMS conforms to the requirements of ISO 27001
181 9.2.1 b Conduct internal audits at scheduled intervals  In order to provide evidence whether the ABMS is effectively implemented and maintained
182 9.2.2 a Plan, establish, apply and maintain the audit program Program that includes frequency, methods, responsibilities, requirements and reporting
183 9.2.2 b Define the audit criteria And the scope of the audit
184 9.2.2 c Select competent auditors And conduct audits to ensure objective and impartial audits
185 9.2.2 d Ensure that audit results are reported to relevant managers And top management
186 9.2.2 e Retain documented information on audit results As evidence of the implementation of the audit program
187 9.2.3 Conduct reasonable and appropriate internal audits Audits are risk-based, cf. sub-clause 4.5
188 9.2.3 a Include processes that analyze procedures, controls and systems  Related to bribery and suspected bribery
189 9.2.3 b Include processes that analyze procedures, controls and systems  Related to violation of the anti-bribery policy and ABMS requirements
190 9.2.3 c Include processes that analyze procedures, controls and systems  Related to failure of business associates to conform to anti-bribery requirements of the organization
191 9.2.3 d Include processes that analyze procedures, controls and systems  Related to weaknesses and opportunities of the ABMS
192 9.2.4 a Ensure that audits are undertaken by a person independent of the process In order to ensure the objectivity and impartiality of the audit program
193 9.2.4 b Ensure that audits are undertaken by the anti-bribery manager In order to ensure the objectivity and impartiality of the audit program
194 9.2.4 c Ensure that audits are undertaken by an appropriate person from another department In order to ensure the objectivity and impartiality of the audit program
195 9.2.4 d Ensure that audits are carried out by an appropriate third party In order to ensure the objectivity and impartiality of the audit program
196 9.2.4 e Ensure that the audits are undertaken by a group comprising persons from sub-clauses 9.2.4 a) to d) In order to ensure the objectivity and impartiality of the audit program
197 9.2.4 Ensure that no auditor audits his own department "No-one should be a judge in his own case. Latin proverb"
 
9.3
Management review
up
 
9.3.1
Top management review
up
198 9.3.1 Conduct top management reviews at planned intervals In order to ensure that the ABMS continues to be suitable, adequate and effective
199 9.3.1 a Take into account The status of actions from the previous management review
200 9.3.1 b Take into account Changes in external and internal issues, cf. sub-clause 4.1
201 9.3.1 c Take into account ABMS performance information, including nonconformities and corrective actions, inspections, audit results, bribery reports, investigations, bribery risks
202 9.3.1 d Take into account The effectiveness of actions undertaken
203 9.3.1 e Take into account Improvement opportunities of the ABMS, cf. sub-clause 10.2
204 9.3.1 Include in the outputs of the top management review Decisions related to improvement opportunities of the ABMS
205 9.3.1 Report to the governing body (if any) A summary of the results of the top management review
206 9.3.1 Retain documented information on the results As evidence of the results of top management review, cf. sub-clause 7.5
 
9.3.2
Governing body review
 
207 9.3.2 Undertake regular reviews of the ABMS based on information provided by top management On behalf of the governing body (if any)
208 9.3.2 Take into consideration the modifications of the relevant issues for the AABMS As evidence of the results of governing body review, cf. sub-clause 7.5
 
9.4
Review by anti-bribery compliance function
 
209 9.4 a Assess on a continual base whether the ABMS is adequate In order to manage effectively the bribery risks by the anti-bribery manager
210 9.4 b Assess on a continual base whether the ABMS is effectively implemented By the anti-bribery manager
211 9.4 Report, at planned intervals (at least once a year), to the governance body (if any) or to top management, on the adequacy and implementation of the ABMS Including the results of investigations and audits
10
Improvement
Act 
 
10.1
Nonconformity
up
212 10.1 a 1

React promptly to the nonconformity 

In order to control and correct it
213 10.1 a 2

React promptly to the nonconformity

In order to deal with the consequences
214 10.1 b 1

Evaluate if corrective action is needed 

By reviewing the nonconformity
215 10.1 b 2

Evaluate if corrective action is needed 

By determining the causes of the nonconformity
216 10.1 b 3

Evaluate if corrective action is needed 

By determining if similar nonconformities exist or could occur
217 10.1 c

Implement any action needed 

When it is necessary
218 10.1 d

Review the effectiveness of corrective actions 

Undertaken
219 10.1 e

Make changes to the ABMS 

If it is necessary
220 10.1

Perform corrective actions 

Appropriate to the effects of the nonconformities
221 10.1

Retain documented information on the nature of the nonconformities

Cf. sub-clause 7.5
222 10.1

Retain documented information on the results of the corrective actions

Cf. sub-clause 7.5
 
10.2
Continual improvement
 
223 10.2 Continue to improve the ABMS Implementing opportunities identified, cf. sub-clause 9.3
 
 
 
up