BS ISO 37001-2016 Anti-bribery management systems Requirements with guidance for use《反贿赂管理体系 使用指南要求》.pdf

1、BS ISO 37001:2016Anti-bribery managementsystems Requirements withguidance for useBSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06BS ISO 37001:2016 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of ISO 37001:2016. It supersedes BS 1050

2、0:2011 which is withdrawn.The UK participation in its preparation was entrusted to Technical Committee G/3, Anti bribery.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a co

3、ntract. Users are responsible for its correct application. The British Standards Institution 2016.Published by BSI Standards Limited 2016ISBN 978 0 580 88355 2 ICS 03.100.01; 13.310 Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published u

4、nder the authority of the Standards Policy and Strategy Committee on 31 October 2016.Amendments/corrigenda issued since publicationDate T e x t a f f e c t e dBS ISO 37001:2016 ISO 2016Anti-bribery management systems Requirements with guidance for useSystmes de management anti-corruption Exigences e

5、t recommandations de mise en oeuvreINTERNATIONAL STANDARDISO37001First edition2016-10-15Reference numberISO 37001:2016(E)BS ISO 37001:2016ISO 37001:2016(E)ii ISO 2016 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO 2016, Published in SwitzerlandAll rights reserved. Unless otherwise specified, no

6、 part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs membe

7、r body in the country of the requester.ISO copyright officeCh. de Blandonnet 8 CP 401CH-1214 Vernier, Geneva, SwitzerlandTel. +41 22 749 01 11Fax +41 22 749 09 47copyrightiso.orgwww.iso.orgBS ISO 37001:2016ISO 37001:2016(E)Foreword vIntroduction vi1 Scope . 12 Normative references 13 Terms and defin

8、itions . 14 Context of the organization . 64.1 Understanding the organization and its context . 64.2 Understanding the needs and expectations of stakeholders 64.3 Determining the scope of the anti-bribery management system 64.4 Anti-bribery management system . 74.5 Bribery risk assessment 75 Leaders

9、hip 85.1 Leadership and commitment . 85.1.1 Governing body . 85.1.2 Top management . 85.2 Anti-bribery policy 95.3 Organizational roles, responsibilities and authorities 95.3.1 Roles and responsibilities 95.3.2 Anti-bribery compliance function105.3.3 Delegated decision-making . 106 Planning 106.1 Ac

10、tions to address risks and opportunities 106.2 Anti-bribery objectives and planning to achieve them .117 Support 117.1 Resources 117.2 Competence 127.2.1 General. 127.2.2 Employment process .127.3 Awareness and training 137.4 Communication . 137.5 Documented information 147.5.1 General. 147.5.2 Crea

11、ting and updating 147.5.3 Control of documented information 148 Operation 158.1 Operational planning and control . 158.2 Due diligence . 158.3 Financial controls 168.4 Non-financial controls . 168.5 Implementation of anti-bribery controls by controlled organizations and by business associates 168.6

12、Anti-bribery commitments 178.7 Gifts, hospitality, donations and similar benefits .178.8 Managing inadequacy of anti-bribery controls 178.9 Raising concerns . 178.10 Investigating and dealing with bribery . 189 Performance evaluation 189.1 Monitoring, measurement, analysis and evaluation 189.2 Inter

13、nal audit . 199.3 Management review 209.3.1 Top management review . 20 ISO 2016 All rights reserved iiiContents PageBS ISO 37001:2016ISO 37001:2016(E)9.3.2 Governing body review .209.4 Review by anti-bribery compliance function 2110 Improvement .2110.1 Nonconformity and corrective action 2110.2 Cont

14、inual improvement . 22Annex A (informative) Guidance on the use of this document .23Bibliography .46iv ISO 2016 All rights reservedBS ISO 37001:2016ISO 37001:2016(E)ForewordISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bod

15、ies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and

16、 non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.The procedures used to develop this document and those intended for its further maintenance are des

17、cribed in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).Attention is drawn

18、to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the

19、 ISO list of patent declarations received (see www.iso.org/patents).Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,

20、as well as information about ISOs adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.The committee responsible for this document is Project Committee ISO/PC 278, Anti-bribery management systems. ISO

21、 2016 All rights reserved vBS ISO 37001:2016ISO 37001:2016(E)IntroductionBribery is a widespread phenomenon. It raises serious social, moral, economic and political concerns, undermines good governance, hinders development and distorts competition. It erodes justice, undermines human rights and is a

22、n obstacle to the relief of poverty. It also increases the cost of doing business, introduces uncertainties into commercial transactions, increases the cost of goods and services, diminishes the quality of products and services, which can lead to loss of life and property, destroys trust in institut

23、ions and interferes with the fair and efficient operation of markets.Governments have made progress in addressing bribery through international agreements such as the Organization for Economic Co-operation and Development Convention on Combating Bribery of Foreign Public Officials in International B

24、usiness Transactions15and the United Nations Convention against Corruption14and through their national laws. In most jurisdictions, it is an offence for individuals to engage in bribery and there is a growing trend to make organizations, as well as individuals, liable for bribery.However, the law al

25、one is not sufficient to solve this problem. Organizations have a responsibility to proactively contribute to combating bribery. This can be achieved by an anti-bribery management system, which this document is intended to provide, and through leadership commitment to establishing a culture of integ

26、rity, transparency, openness and compliance. The nature of an organizations culture is critical to the success or failure of an anti-bribery management system.A well-managed organization is expected to have a compliance policy supported by appropriate management systems to assist it in complying wit

27、h its legal obligations and commitment to integrity. An anti-bribery policy is a component of an overall compliance policy. The anti-bribery policy and supporting management system helps an organization to avoid or mitigate the costs, risks and damage of involvement in bribery, to promote trust and

28、confidence in business dealings and to enhance its reputation.This document reflects international good practice and can be used in all jurisdictions. It is applicable to small, medium and large organizations in all sectors, including public, private and not-for-profit sectors. The bribery risks fac

29、ing an organization vary according to factors such as the size of the organization, the locations and sectors in which the organization operates, and the nature, scale and complexity of the organizations activities. This document specifies the implementation by the organization of policies, procedur

30、es and controls which are reasonable and proportionate according to the bribery risks the organization faces. Annex A provides guidance on implementing the requirements of this document.Conformity with this document cannot provide assurance that no bribery has occurred or will occur in relation to t

31、he organization, as it is not possible to completely eliminate the risk of bribery. However, this document can help the organization implement reasonable and proportionate measures designed to prevent, detect and respond to bribery.In this document, the following verbal forms are used: “shall” indic

32、ates a requirement; “should” indicates a recommendation; “may” indicates a permission; “can” indicates a possibility or a capability.Information marked as “NOTE” is for guidance in understanding or clarifying the associated requirement.This document conforms to ISOs requirements for management syste

33、m standards. These requirements include a high level structure, identical core text, and common terms with core definitions, designed to benefit users implementing multiple ISO management system standards. This document can be used in conjunction with other management system standards (e.g. ISO 9001

34、, ISO 14001, ISO/IEC 27001 and ISO 19600) and management standards (e.g. ISO 26000 and ISO 31000).vi ISO 2016 All rights reservedBS ISO 37001:2016Anti-bribery management systems Requirements with guidance for use1 ScopeThis document specifies requirements and provides guidance for establishing, impl

35、ementing, maintaining, reviewing and improving an anti-bribery management system. The system can be stand-alone or can be integrated into an overall management system. This document addresses the following in relation to the organizations activities: bribery in the public, private and not-for-profit

36、 sectors; bribery by the organization; bribery by the organizations personnel acting on the organizations behalf or for its benefit; bribery by the organizations business associates acting on the organizations behalf or for its benefit; bribery of the organization; bribery of the organizations perso

37、nnel in relation to the organizations activities; bribery of the organizations business associates in relation to the organizations activities; direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party).This document is applicable only to bribery. It sets out requirem

38、ents and provides guidance for a management system designed to help an organization to prevent, detect and respond to bribery and comply with anti-bribery laws and voluntary commitments applicable to its activities.This document does not specifically address fraud, cartels and other anti-trust/compe

39、tition offences, money-laundering or other activities related to corrupt practices, although an organization can choose to extend the scope of the management system to include such activities.The requirements of this document are generic and are intended to be applicable to all organizations (or par

40、ts of an organization), regardless of type, size and nature of activity, and whether in the public, private or not-for-profit sectors. The extent of application of these requirements depends on the factors specified in 4.1, 4.2 and 4.5.NOTE 1 See Clause A.2 for guidance.NOTE 2 The measures necessary

41、 to prevent, detect and mitigate the risk of bribery by the organization can be different from the measures used to prevent, detect and respond to bribery of the organization (or its personnel or business associates acting on the organizations behalf). See A.8.4 for guidance.2 Normative referencesTh

42、ere are no normative references in this document.3 Terms and definitionsFor the purposes of this document, the following terms and definitions apply.INTERNATIONAL STANDARD ISO 37001:2016(E) ISO 2016 All rights reserved 1BS ISO 37001:2016ISO 37001:2016(E)ISO and IEC maintain terminological databases

43、for use in standardization at the following addresses: ISO Online browsing platform: available at http:/www.iso.org/obp IEC Electropedia: available at http:/www.electropedia.org/3.1briberyoffering, promising, giving, accepting or soliciting of an undue advantage of any value (which could be financia

44、l or non-financial), directly or indirectly, and irrespective of location(s), in violation of applicable law, as an inducement or reward for a person acting or refraining from acting in relation to the performance (3.16) of that persons dutiesNote 1 to entry: The above is a generic definition. The m

45、eaning of the term “bribery” is as defined by the anti-bribery law applicable to the organization (3.2) and by the anti-bribery management system (3.5) designed by the organization.3.2organizationperson or group of people that has its own functions with responsibilities, authorities and relationship

46、s to achieve its objectives (3.11)Note 1 to entry: The concept of organization includes, but is not limited to sole-trader, company, corporation, firm, enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated or not, public or private.Note 2 to

47、 entry: For organizations with more than one operating unit, one or more of the operating units can be defined as an organization.3.3interested party (preferred term)stakeholder (admitted term)person or organization (3.2) that can affect, be affected by, or perceive itself to be affected by a decisi

48、on or activityNote 1 to entry: A stakeholder can be internal or external to the organization.3.4requirementneed that is stated and obligatoryNote 1 to entry: The core definition of “requirement” in ISO management system standards is “need or expectation that is stated, generally implied or obligator

49、y”. “Generally implied requirements” are not applicable in the context of anti-bribery management.Note 2 to entry: “Generally implied” means that it is custom or common practice for the organization and interested parties that the need or expectation under consideration is implied.Note 3 to entry: A specified requirement is one that is stated, for example in documented information.3.5management systemset of interrelated or interacting elements of an organization (3.2) to establish policies (3.10) and objectives (3.11) an