Accredited ISO 37001:2016 certification issued by Guardian Assessment Pvt Ltd under UAF/IAS accreditation, with local operations in Doha managed by Guardian Middle East LLC.
Demonstrate your organisation’s commitment to preventing, detecting, and responding to bribery — supported by structured anti-bribery culture, due diligence, financial and non-financial controls, and training. Aligned with Qatar Penal Code anti-bribery provisions, QFC AML/CFT framework, and international compliance frameworks (UN Convention Against Corruption, OECD Anti-Bribery Convention, FCPA, UK Bribery Act).
URGENT — Successor Edition Published with SHORT 2-Year Transition Window. ISO 37001:2025 was published on 3 February 2025, superseding ISO 37001:2016. Transition deadline is 3 February 2027 — only a 2-year window (shorter than the standard 3-year transition for most ISO standards).
For full transition guidance, see → [ISO 37001:2025 Transition]
ISO 37001:2016 is the international standard for Anti-Bribery Management Systems (ABMS). It specifies requirements and provides guidance for establishing, implementing, maintaining, reviewing, and improving an anti-bribery management system that helps organisations prevent, detect, and respond to bribery and comply with anti-bribery laws and voluntary commitments.
Developed by ISO Project Committee PC 278 and now maintained by ISO Technical Committee TC 309 (Governance of organisations), ISO 37001 was the first international standard dedicated to anti-bribery management.
Bribery scope addressed by ISO 37001:
Key concepts of ISO 37001:2016:
Important note on scope: ISO 37001:2016 specifically addresses bribery, not other forms of corruption (fraud, money laundering, theft, embezzlement). Organisations may extend scope to address other corrupt practices but the standard’s certifiable scope is bribery only.
Qatar has substantially strengthened its anti-bribery and anti-corruption framework over the past decade, with ISO 37001 increasingly relevant for both regulated entities and organisations operating in international supply chains.
Qatar’s Administrative Control and Transparency Authority (ACTA) — established under Emiri Decree — combined with Qatar Penal Code provisions on bribery (Articles 140-143 covering bribery of public officials and Articles 392-393 on commercial bribery), establishes the legal framework. ISO 37001 provides structured management system support for compliance with these legal obligations.
The Qatar Financial Centre (QFC) Authority and Regulatory Authority operate a robust AML/CFT and anti-bribery framework that QFC-licensed entities must comply with. ISO 37001 provides systematic management system support that aligns with QFC compliance expectations and international banking and financial services anti-bribery standards.
Qatar organisations operating in international supply chains face anti-bribery requirements from extraterritorial laws including the US Foreign Corrupt Practices Act (FCPA), UK Bribery Act 2010, and various other jurisdictions’ anti-bribery laws. ISO 37001 provides recognised evidence of structured anti-bribery management — often considered a positive factor in compliance defence.
Particular sectors face heightened anti-bribery scrutiny in Qatar: financial services (QFC Authority oversight), construction and EPC (high-value tendering), healthcare (interactions with public sector and pharmaceutical suppliers), legal and consulting services (gatekeeper roles), and organisations with public-sector-facing operations. ISO 37001 certification provides external verification of structured anti-bribery management for these sectors.
ISO 37001:2016 organizes its requirements across seven main clauses, with several distinctive anti-bribery requirements:
Clause | Title | Key Requirements |
4 | Context of the Organization | Internal/external bribery risk issues · Interested parties · ABMS scope · Bribery risk assessment · Climate change relevance (Amd 1:2024) |
5 | Leadership | Top management commitment · Anti-bribery policy · Roles, responsibilities, authorities · Anti-bribery compliance function with independence and authority |
6 | Planning | Actions to address risks/opportunities · Anti-bribery objectives · Planning of changes |
7 | Support | Resources · Employment processes (anti-bribery in recruitment, vetting) · Awareness and training · Communication · Documented information |
8 | Operation | Due diligence (personnel, projects, business associates) · Financial controls · Non-financial controls (procurement, commercial, HR, legal) · Anti-bribery controls by controlled organisations and business associates · Anti-bribery commitments · Gifts, hospitality, donations · Raising concerns · Investigating and dealing with bribery |
9 | Performance Evaluation | Monitoring, measurement, analysis, evaluation · Internal audit · Management review · Review by top management and governing body · Review by anti-bribery compliance function |
10 | Improvement | Continual improvement · Nonconformity and corrective action |
Distinctive ISO 37001 requirements: Anti-bribery compliance function (Clause 5.3), comprehensive due diligence (Clause 8.2), financial and non-financial controls (Clauses 8.3-8.4), and dedicated raising concerns/whistleblowing provisions (Clause 8.9) are unique to ISO 37001.
ISO 37001:2016 applies to any organisation regardless of size, sector, or geography. In practice, certification is most relevant to:
Sector | ISO 37001 Relevance |
Financial Services | Critical for QFC-licensed entities. Banks, asset managers, insurance, professional services. ISO 37001 aligns with QFC AML/CFT requirements and supports correspondent banking relationships. |
Construction & EPC | Strong fit for tier-1 contractors. High-value tendering with public-sector clients creates bribery risk exposure. ISO 37001 increasingly specified in pre-qualification. |
Oil & Gas | Important for service providers and equipment suppliers. Sector with global FCPA enforcement attention. Supply chain anti-bribery requirements increasingly common. |
Healthcare | Growing relevance for hospitals, pharmaceutical distributors, medical device suppliers. Interactions with prescribers, regulators, public-sector buyers create risk. |
Legal Services | Specific applicability for law firms. Gatekeeper role and exposure to client transactions create unique anti-bribery considerations. |
Consulting & Professional Services | Strong fit for management consulting, accounting firms, audit firms. Professional independence and gatekeeper considerations. |
Government Suppliers | Increasingly required for organisations selling to government. Public-sector contracting creates inherent bribery risk requiring management. |
Real Estate & Development | Relevant for developers and large real estate operators. Land-use approvals, permitting, public-private partnerships create exposure. |
Logistics & Customs Brokerage | Important for customs agents and freight forwarders. Cross-border activities with regulatory interactions create bribery risk. |
Listed Companies (QSE) | Growing ESG-driven adoption. Qatar Stock Exchange listed companies face investor expectations for governance credentials. |
Guardian follows the ISO/IEC 17021-1:2015 certification process, with anti-bribery sector-specific competence requirements:
Stage | Activity | Outcome |
1 | Application & Contract | Application form. Guardian reviews scope, sector, geography, business associates. Contract signed. 3-year audit programme. |
2 | Stage 1 Audit | On-site readiness review. Auditor verifies ABMS documentation, bribery risk assessment, anti-bribery compliance function, due diligence procedures, financial/non-financial controls. Findings issued. |
3 | Stage 2 Audit | On-site full audit. Auditor samples evidence across all clauses, reviews due diligence files, financial controls, gift/hospitality records, training records, whistleblowing system. Interviews including anti-bribery compliance function. |
4 | Certification Decision | Guardian’s certification committee reviews audit report. Certificate issued (3-year validity) upon positive decision. |
5 | Surveillance & Recertification | Annual surveillance audits. Recertification before Year 3. Cycle repeats. |
Auditor competence: ISO 37001 audits require auditors with anti-bribery management system competence and sector experience. Multi-language capability often essential for whistleblowing system review.
Typical end-to-end implementation timeline is 6 to 9 months — longer than ISO 9001 due to bribery risk assessment, due diligence framework development, and culture change requirements:
Phase | Duration | Activities |
Gap Analysis | 4-6 weeks | Review existing anti-bribery framework against ISO 37001:2016. Conduct preliminary bribery risk assessment. |
System Design | 8-10 weeks | Develop ABMS Manual, anti-bribery policy, due diligence procedures, financial/non-financial controls, whistleblowing system. |
Implementation | 8-12 weeks | Roll out controls. Conduct anti-bribery training for all relevant personnel. Begin due diligence on existing business associates. Operate whistleblowing system. |
Internal Audit & Review | 3-4 weeks | Internal audit cycle. Anti-bribery compliance function review. Management review. Address findings. |
Certification Audit | 3-4 weeks | Stage 1 readiness review. Stage 2 full audit. Address any nonconformities. |
Anti-bribery culture change is often the rate-limiting factor. Senior management commitment and visible cultural alignment must be demonstrated, not just documented.
Indicative pricing range: QAR 5,000 – 20,000 depending on organisation size, complexity, scope, geography, and business associate population. The figure above is the indicative range for the initial certification audit (Stage 1 + Stage 2 combined) for typical small-to-medium organisations.
Audit time and corresponding fee is calculated per IAF Mandatory Document 5 (IAF MD 5) with anti-bribery sector adjustments which consider:
For an exact quotation, contact Guardian directly. We provide a fixed-fee proposal based on a brief organisational profile call.
Issued by Guardian Assessment Pvt Ltd (India) under United Accreditation Foundation (UAF) / International Accreditation Service (IAS accreditation, recognized under IAF MLA. Local representation in Qatar by Guardian Middle East LLC (QFC 03870). IAF MLA Recognized under transition to GAC MRA. UAF/IAS aligning with GAC Inc. operational from 01 January 2026.
Note: ISO 37001 is not currently within the scope of Guardian Assessment’s QS Certification Body Registration RB066-26 (which covers ISO 9001/14001/45001). All ISO 37001 certifications are issued under UAF/IAS accreditation only.
ISO 37001:2016 was the certifiable edition until 3 February 2025, when ISO 37001:2025 was published. Important: ISO 37001 has a 2-year transition window (NOT the standard 3-year) — meaning the transition deadline is 3 February 2027.
During the transition window (until 3 February 2027):
See §13b for full transition guidance and link to dedicated ISO 37001:2025 Transition Page.
URGENT — Successor Edition PUBLISHED with SHORT 2-Year Transition Window. ISO 37001:2025 was published on 3 February 2025, superseding ISO 37001:2016. The transition window closes on 3 February 2027 — only 2 years (shorter than the standard 3-year transition for most ISO standards). After this date, only the new edition will be valid for certification.
Why the shorter transition? ISO/TC 309 determined that changes in ISO 37001:2025 are limited in scope (no major changes to Annex A, no amendments to Chapter 8 Operation), enabling a shorter transition period. However, this still means existing certificate holders must act decisively — particularly given the substantive cultural and leadership changes in the new edition.
→ [ISO 37001:2025 Transition Page](/standards/iso-37001-2025-transition/) Detailed coverage of: confirmed changes (anti-bribery culture, climate change, anti-bribery function, governing body role, conflicts of interest), side-by-side comparison, transition timeline, transition audit options, implementation plan, common pitfalls, and 10-question FAQ.
Important: Visit the [ISO 37001:2025 Transition Page](/standards/iso-37001-2025-transition/) for full detail and act now given the 2-year deadline.
Reality: Certification demonstrates a structured anti-bribery management system. It does not guarantee absence of bribery — neither rogue employees nor sophisticated schemes can be entirely prevented. What ISO 37001 provides is risk-proportionate prevention, detection, and response capability — and recognised evidence of due diligence in compliance defence.
Reality: ISO 37001 specifically addresses bribery, not other forms of corruption (fraud, embezzlement, money laundering, theft). Organisations may extend management system scope to address these but the certified scope of ISO 37001 is bribery only. ISO 37301 (Compliance Management Systems) provides broader coverage.
Reality: ISO 37001 applies to organisations of all sizes. Small organisations facing public-sector contracting, regulated sector exposure, or international supply chain participation may benefit significantly. The standard is risk-proportionate — small organisations implement smaller, simpler ABMS than large corporations.
Reality: ISO 37001:2025 was published 3 February 2025 with 2-year transition window (deadline 3 February 2027). For new applicants, certifying directly to ISO 37001:2025 is strongly recommended. For existing certified clients, transition planning should begin immediately given the short window.
Reality: Gifts and hospitality controls are one element of ISO 37001 (Clause 8.7) but the standard goes much further: bribery risk assessment, due diligence on personnel and business associates, financial and non-financial controls, anti-bribery compliance function, training and awareness, whistleblowing systems, investigation and response. A gifts-and-hospitality policy alone is not ABMS implementation.
Integration | Why & When |
37001 + 37301 | ABMS + Compliance MS — Most natural pairing. ISO 37301 provides broader compliance management framework; ISO 37001 provides anti-bribery specifics. |
37001 + 9001 | ABMS + Quality — Common foundation pairing. Both Harmonised Structure standards. |
37001 + 27001 | ABMS + InfoSec — Important for organisations where bribery and information security risks intersect (financial services, professional services). |
37001 + 31000 | ABMS + Risk Management Guidance — ISO 31000 is guidance not certifiable, but principles align with ISO 37001 risk-based approach. |
37001 + 37008 | ABMS + Internal Investigations — ISO/TS 37008 provides guidance on internal investigations including bribery-related. |
37001 + 19600 / 37000 | ABMS + Governance — ISO 37000 (Governance of organizations) provides board-level governance framework supporting anti-bribery culture. |
Integrated audit benefits: ISO 37001 + ISO 37301 integration delivers strongest synergies (both governance-focused, both Harmonized Structure).
Verify CB accreditation directly on UAF/IAS register. Specifically verify accreditation scope includes ISO 37001:2016 / ISO 37001:2025.
ISO 37001 audits require auditors with demonstrated anti-bribery management system experience. Generic auditors without anti-bribery competence often miss critical issues. Ask CB for auditors’ anti-bribery qualifications and experience.
Auditors who understand Qatar Penal Code anti-bribery provisions, ACTA framework, and QFC AML/CFT requirements add value beyond generic auditing. Multi-language capability often essential.
ISO 37001 audit time per IAF MD 5 with anti-bribery sector adjustments. Be cautious of CBs proposing audit times below MD 5 minimums — particularly common with non-accredited CBs.
CB must not have provided anti-bribery consultancy services to the client within 2 years prior. Particularly important in compliance markets where consultancy is densely populated.
With ISO 37001:2025 published 3 February 2025 and only 2-year transition window, CB must have transition-trained auditors NOW. Guardian offers combined transition + surveillance audits.
Anti-bribery audits involve sensitive information (whistleblowing reports, due diligence files, investigation records). CB confidentiality protections must be robust. Verify confidentiality policy and personnel vetting.
Audit | Timing & Scope |
Surveillance 1 | Within 12 months of Stage 2. ~30% of Stage 2 duration. Mandatory: management review, internal audit, anti-bribery compliance function review, complaints/concerns raised, due diligence updates, corrective actions. |
Surveillance 2 | Within 24 months of Stage 2. Same scope, different process sample. Critical timing for ISO 37001:2025 transition (combined transition + surveillance). |
Recertification | Before 3-year anniversary. ~70% of Stage 2 duration. Re-evaluation of full ABMS. Issues new 3-year certificate. |
Special audits triggered by: substantiated bribery incident, regulatory enforcement, significant scope change, certificate transfer.
Certified organisations may use Guardian Approved Mark and UAF/IAS accreditation mark on documents, marketing, websites, and tender submissions — subject to Guardian’s Use of Marks Policy.
Permitted: Letterhead, business cards, websites, marketing materials, tender submissions.
Prohibited: Use that implies certification of activities outside scope · Continued use after suspension/withdrawal · Use suggesting certification eliminates bribery risk.
Full policy: → /use-of-marks/
Guardian operates an independent complaints and appeals process compliant with ISO/IEC 17021-1:2015.
Full process: → /complaints-appeals/
**Ready to begin your ISO 37001 certification journey?** Contact Guardian Middle East LLC for a no-obligation initial consultation. **Already certified to ISO 37001:2016?** URGENT — only 2-year transition window. Ask about combined transition audit options. |
Guardian Middle East LLC
QFC Licence 03870 · Doha, Qatar
→ /contact/
ISO 37001:2025 is already published (3 February 2025) with SHORT 2-year transition window:
Your situation | Guardian recommendation |
New applicant, audit-ready Q3 2025 or later | ISO 37001:2025 — certify directly to new edition. Avoid wasted effort. |
New applicant, audit-ready before Q3 2025 | ISO 37001:2025 strongly preferred — only 2-year window means 2016 cert has limited useful life. |
Tender deadline drives urgency | ISO 37001:2016 immediately, plan urgent transition. Tenders cannot wait, but transition must follow rapidly. |
Existing ISO 37001:2016 certified, normal cycle | URGENT — plan transition NOW. Only 2-year window. Combine with next surveillance. |
Existing ISO 37001:2016 certified, recertification 2025-2027 | Combine transition with recertification audit. Most efficient. |
Integrated with ISO 37301 | Coordinate transition planning. ISO 37001:2025 changes align with ISO 37301:2021 framework. |
Bottom line: ISO 37001:2025 is the future, with short 2-year transition window. Plan transition urgently.
Certification is not legal immunity. However, ISO 37001 certification provides structured evidence of anti-bribery due diligence — typically considered a positive factor in regulatory enforcement decisions, prosecutorial discretion, and sentencing. UK Serious Fraud Office and US DOJ have both acknowledged structured anti-bribery management systems as relevant compliance defence factors.
ISO 37001:2016 is specifically anti-bribery management. ISO 37301:2021 is broader compliance management (any compliance domain — anti-bribery, antitrust, data protection, environmental, etc.). Many organisations implement both — ISO 37301 as the umbrella compliance framework, ISO 37001 for anti-bribery specifics.
ISO 37001:2025 was published 3 February 2025 with 2-year transition deadline (3 February 2027). For most new applicants today, ISO 37001:2025 is strongly recommended. Tender-driven urgency may justify ISO 37001:2016 certification, but transition planning must begin immediately. See [Transition Page](/standards/iso-37001-2025-transition/).
3 February 2027 — exactly 2 years from publication of ISO 37001:2025. Note this is shorter than the standard 3-year transition window for most ISO management system standards. Plan transition with urgency.
Guardian's indicative range for typical small-to-medium organizations is QAR 5,000–20,000 for initial certification. Calculated per IAF MD 5 with anti-bribery sector adjustments. Multi-jurisdictional operations or complex business associate networks at upper end of range.
Yes — and this is recommended. ISO 37301 (Compliance MS) provides the broader framework, with ISO 37001 as the anti-bribery component. Both share Harmonized Structure enabling integrated documentation. Many organizations implement both with significant audit synergies.
Per ISO 37001:2016 Clause 5.3, organisations must designate a function (person or team) responsible for ABMS oversight with appropriate independence and authority. This function reports to top management and the governing body, and operates with sufficient resources. Note: ISO 37001:2025 renames this 'anti-bribery function' with clarified scope.
Yes — Clause 8.9 (Raising concerns) requires organizations to implement procedures enabling personnel and others to raise concerns about actual or suspected bribery. The system must include confidentiality protections, prohibition of retaliation, and effective response procedures. Anonymous reporting mechanisms are common.
Clause 8.7 requires organizations to implement controls over gifts, hospitality, donations, and similar benefits — both giving and receiving. Controls include thresholds, approval processes, documentation, and review. Political contributions are addressed similarly. The aim is not prohibition but transparent, controlled, and documented activity proportionate to risk.
Guardian's certification programme requires clients to notify the CB of significant bribery incidents (substantiated cases, regulatory enforcement, criminal proceedings). Depending on circumstances, Guardian may conduct a special audit to verify ABMS continues to function effectively. Certificates may be suspended pending corrective action — but a single incident does not automatically result in withdrawal if the ABMS detected and responded effectively.
