The International Standard ISO 37001 was elaborated by the “Anti-Bribery Management System” Technical Committee and establishes requirements to define, update and improve a management system for corruption prevention that contains suitable measures for the identification and the assessment of the risk of corruption and to prevent, track and face this risk.


The ISO 37001 purpose is to allow the company to determine factors that affect its ability to achieve the objectives of the Anti-Bribery Management System identifying some general aspects, including:

  • Size, structure and delegated decision-making authority of the organization
  • Areas and company fields
  • Typology, entity and complexity of the activities carried out
  • Business model
  • Bodies affected by the organization control
  • Business partners
  • Nature and entity of interactions with public officials
  • Legal, regulatory, contractual and professional legislation and requirements, with strong focus on stakeholders.


  • Easier access to bank credit and general government borrowing
  • Possibility of relying on exempting elements from mechanisms of corporate responsibility
  • Adoption of a virtuous model to protect and improve reputation
  • Expenses restraint and related liability
  • Control of risks and penalties depending on damages caused
  • Increase of transparency and improved performances


ASACERT has supported companies for years, improving processes and achieving goals. Recognized and appreciated in the sector thanks to its specialised technicians, ASACERT makes of technology one of the key elements of all its services. In order to analyze and assess management systems ASACERT develops a personalised and sustainable approach for the organisations, avoiding unnecessary burdens and bureaucracy. ASACERT staff is always updated on new standard regulations and thanks to a continuous research and training, it is possible to stand out in the market and to represent a real advantage for our partners.


The risk-based thinking approach for the adoption and implementation of appropriate anti-bribery mechanisms applies – in favor of the company – methodologies already established for the construction of compliant models in accordance with national and international legislations regarding similar issues.During the analysis of its activities, the Organization must be able to carry out a criteria review in order to evaluate its level of risk, determining the relevant external and internal elements and indicating the activities that influence its ability to achieve the objectives. The Anti-Bribery Management System must therefore contain suitable measures, designed to identify and assess the risk of corruption with the purpose of preventing it, tracing it and dealing with it.

Offer, promise, provide, accept or request directly or indirectly and independently of the place an undue advantage in any value (which may be economic or non-economic), violating the law as an incentive or reward convincing someone to act or omit actions in connection to the performance of that person’s duties.

  1. Identification of risk areas and the analysis of existing control measures
  2. Definition and review of information flows to the bodies in charge (Supervisory Body and Corporate Management) and adoption of effective reporting facilities for verified or presumed violations (whistleblowing)
  3. Strengthening of the sanctions system
  4. Review of training process and decision-making system
  5. Review of the Code of Ethics and, more in general, adequate Corporate Social Responsibility programs
  6. Promotion of specific training courses and awareness campaigns
  7. Effective monitoring plans, verification of company rules’ violations and reporting

Management Models, Code of Ethics, attribution of a Legality Rating to companies as well as the implementation of increasingly restrictive management systems could be insufficient for the business protection. Such measures must be connected with virtuous systems of prevention and promotion of adequate ethical principles in business activities.

ISO 37001 Certification System implements, collects, manages and improves information collected daily by companies, identifies the roles involved and the human resources to be trained and implemented, monitoring the information, training and control activities essential in a business reality.