ISO 37001:2025 — Anti-bribery management systems — Requirements with guidance for use was published on 3 February 2025, replacing ISO 37001:2016. All ISO 37001:2016 certified organisations must transition to the new edition before the deadline of 3 February 2027 — only a 2-year window, shorter than the standard 3-year transition for most ISO management system standards.
Guardian Middle East LLC offers comprehensive transition support — combined transition + surveillance audits, standalone transition audits, and integrated transition planning for organisations holding ISO 37001 alongside ISO 37301 (Compliance MS) or other certifications
Why the shorter transition? ISO/TC 309 determined that changes in ISO 37001:2025 are limited in scope (Chapter 8 Operation NOT amended, no major changes to Annex A), enabling a shorter 2-year transition. However, the substantive cultural and leadership changes (new anti-bribery culture clause, governing body emphasis, anti-bribery function rename) still require deliberate transition action.
Cross-reference: This is the dedicated Transition Page. For ISO 37001 fundamentals, certification pathway, sector applicability, and pricing,
see → /standards/iso-37001-anti-bribery-qatar/
Item | Status |
Previous edition | ISO 37001:2016 + Amendment 1:2024 (Climate Action — consolidated into 2025 edition) |
Current edition (NEW) | ISO 37001:2025 — published 3 February 2025 |
ISO publication stage | Stage 60 (Publication) — current edition |
Publication date | 3 February 2025 |
Transition deadline | 3 February 2027 — ONLY 2 YEARS (shorter than standard 3-year transition) |
Existing 2016 certificates | Valid until 3 February 2027, OR earlier expiry of 3-year cycle, whichever is sooner |
Affected organisations | All ISO 37001:2016 certificate holders globally |
Issuing technical committee | ISO/TC 309 — Governance of organisations |
Edition number | Second edition (replaces first edition 2016) |
Guardian transition service | Available now — combined audits, standalone transition |
Tier | Tier 2 — UAF/IAS via Guardian Assessment under IAF MLA |
URGENCY | HIGH — only 2-year window. Plan transition immediately. |
ISO 37001:2025 retains the overall framework and clause structure of ISO 37001:2016 but introduces several meaningful enhancements. Importantly, Chapter 8 (Operation) has NOT been amended and Annex A has no major changes — the changes focus on culture, leadership, climate, and harmonisation.
Most significant addition. New explicit Clause 5.1.3 states: “The organization shall develop, maintain and promote an anti-bribery culture at all levels within the organization.”
Climate change considerations consolidated into main standard text (replacing standalone Amendment 1:2024):
Terminology updated from ‘anti-bribery compliance function’ (2016) to ‘anti-bribery function’ (2025) with clearer description:
Greater emphasis on the role of the governing body and top management in overseeing the anti-bribery management system:
Awareness and training repositioned as fundamental asset for ABMS effectiveness, not merely a support function:
More comprehensive definition of conflict of interest, with strengthened procedures:
Text harmonised with related ISO standards in the governance ecosystem:
Clause | ISO 37001:2016 (previous) | ISO 37001:2025 (current) |
4.1 Context | Internal/external bribery risk issues | Same · Climate change relevance added (consolidating Amd 1:2024) |
4.2 Interested Parties | Identification of interested parties | Same · Climate-related needs and expectations identified |
5.1 Leadership | Leadership and commitment · Top management commitment | Same · NEW Clause 5.1.3: Anti-bribery culture · Strengthened governing body role |
5.2 Anti-bribery Policy | Anti-bribery policy | Same · Refined wording |
5.3 Roles & Authorities | Roles, responsibilities, authorities · ‘Anti-bribery compliance function’ | Same · ‘Anti-bribery function’ rename · Clearer description and independence |
6 Planning | Risks/opportunities · Anti-bribery objectives | Same · No significant change |
7 Support | Resources · Competence · Awareness · Training · Communication | Same · Awareness and training strengthened as fundamental asset |
8 Operation | Due diligence · Financial controls · Non-financial controls · Gifts/hospitality · Whistleblowing · Investigation | NOT AMENDED — same as 2016 |
9 Performance | Monitoring · Internal audit · Management review · Anti-bribery compliance function review | Same · Conflicts of interest reporting expanded |
10 Improvement | Continual improvement · Nonconformity and corrective action | Same · No significant change |
Annex A | Implementation guidance | NO MAJOR CHANGES |
Yellow shading indicates clauses with notable changes requiring transition action. Green shading indicates unchanged elements.
Date | Milestone |
February 2024 | ISO 37001:2016/Amd 1 (Climate Action) published |
3 February 2025 | ISO 37001:2025 PUBLISHED 2-year transition window begins |
Q3-Q4 2025 | Guardian offers ISO 37001:2025 transition audits combined with surveillance visits |
3 February 2026 | Mid-window milestone. Half of transition period elapsed. Most early-adopter clients should have completed transition. |
Q3-Q4 2026 | Last practical window for transition audits — CB capacity tightens |
3 February 2027 | TRANSITION DEADLINE — ONLY 2-YEAR WINDOW After this date, ISO 37001:2016 certificates expire |
TIME-CRITICAL. Plan transition with urgency. Guardian recommends scheduling transition audits before Q4 2026 to avoid end-of-window capacity constraints. The 2-year window is shorter than most ISO transitions you may have experienced.
The following organisations must complete transition before 3 February 2027:
|
Scenario |
Recommended Edition |
|
New applicant, audit-ready Q3 2025 or later |
ISO 37001:2025 — certify directly to new edition. Strong recommendation. |
|
New applicant, audit-ready before Q3 2025 |
ISO 37001:2025 strongly preferred — only 2-year window means 2016 cert has very limited useful life. |
|
Tender deadline drives urgency |
ISO 37001:2016 immediately, plan urgent transition. Both editions valid through 3 Feb 2027 but transition must follow rapidly. |
|
Long-term strategic certification (12+ months runway) |
ISO 37001:2025 — implementation aligned to current edition from start. |
|
Integrated with ISO 37301 |
ISO 37001:2025 — better HS alignment with ISO 37301:2021. Coordinated implementation. |
Recommended for most clients. Lowest cost, minimum disruption.
Optimal for clients due for recertification within 2-year transition window
Available where surveillance/recertification timing doesn’t align with 2-year window.
Element | Impact |
Audit time | Combined: +0.5-1 day on top of surveillance · Standalone: ~30-50% of original Stage 2 (lighter due to Chapter 8 unchanged) |
Audit fee (Guardian) | Combined: ~10-20% premium over surveillance · Standalone: full audit fee per IAF MD 5 |
Internal preparation | Typically 80-150 person-hours for SME · 200-400 for large organisation · Lighter than other ISO transitions due to focused changes |
Documentation revisions | ABMS Manual update · Anti-Bribery Culture Statement (new) · Terminology updates · Conflicts of interest framework |
New procedures | Anti-bribery culture initiatives · Strengthened governing body engagement · Climate change assessment · Expanded conflicts of interest |
Training | Leadership briefing · Anti-bribery function refresh · All-staff awareness refresh · Governing body engagement |
Indicative pricing for Guardian transition audit only: QAR 3,000 – 12,000. Combined audits most cost-effective.
Risk: Organisations accustomed to standard 3-year ISO transitions may delay action assuming similar timing. Mitigation: Plan transition NOW. Begin gap analysis by mid-2026 at latest. The 2-year window goes faster than expected.
Risk: Updating ABMS Manual to add Anti-Bribery Culture Statement without genuine cultural action. Mitigation: Anti-bribery culture (new Clause 5.1.3) is substantive — auditors will assess actual cultural indicators (leadership messaging, ethical decision-making patterns, training engagement) not just documents.
Risk: ISO 37001:2025 strengthens governing body role. Organisations whose boards have minimal ABMS engagement face audit findings. Mitigation: Brief governing body on ABMS responsibilities. Schedule periodic ABMS oversight items on board agenda.
Risk: Continuing to refer to ‘anti-bribery compliance function’ in policies, job descriptions, and training materials creates audit findings. Mitigation: Systematic terminology update across all ABMS documentation.
Risk: Organisations holding ISO 37001 alongside ISO 37301 (Compliance) and/or ISO 37000 (Governance) may face inconsistent terminology and frameworks. Mitigation: Coordinate transition planning across related certifications. ISO 37001:2025 HS-aligned with these standards.
Risk: ISO 37001:2025 expands conflicts of interest definition and reporting. Organisations with informal conflict management may face findings. Mitigation: Strengthen conflicts of interest procedures including disclosure forms, registers, and management protocols.
For clients holding integrated certifications (ISO 37001 + ISO 37301, ISO 37001 + ISO 9001), Guardian offers integrated transition planning. Contact Guardian as early as possible given the 2-year window.
ISO/TC 309 determined that changes in ISO 37001:2025 are limited in scope (Chapter 8 Operation NOT amended, no major changes to Annex A), enabling a shorter 2-year transition. The substantive changes are in culture, leadership, climate, and harmonization — important but more focused than typical ISO revisions.
3 February 2027 — exactly 2 years from publication date of 3 February 2025.
Technically yes, but with strong caveats. New initial certifications can still be issued during the transition window. However, given the only 2-year window, you would need to transition very quickly. For most new applicants, certifying directly to ISO 37001:2025 is strongly recommended.
Yes — Clause 5.1.3 is a normative requirement. Auditors will assess substantive cultural indicators including: leadership messaging frequency and tone, training engagement metrics, ethical decision-making evidence, anti-bribery integration into performance management, and absence of contradictory cultural signals. Documentation alone will not satisfy this requirement.
Three options: (A) Combined transition + surveillance — recommended for most clients · (B) Combined transition + recertification — optimal if recertification falls within 2-year transition window · (C) Standalone transition audit — for urgent timing or where surveillance/recertification doesn't align.
ISO 37001:2025 is HS-aligned with ISO 37301:2021. The 2025 edition explicitly references ISO 37301 as related compliance management framework. Organizations holding both certifications benefit from coordinated transition and integrated implementation.
Functionally similar but ISO 37001:2025 uses 'anti-bribery function' to: (1) Avoid confusion with broader 'compliance function' as defined in ISO 37301; (2) Provide clearer description of responsibilities and operational independence; (3) Better align with governance frameworks. Existing 'anti-bribery compliance officers' should update titles and reference materials.
Yes, throughout the 2-year transition window. Both editions valid until 3 February 2027. Towards end of window, tenders may begin specifying 2025 edition — recommend transitioning before Q4 2026 for tender flexibility.
Generally no. Scope statements are independent of standard edition. The transition audit verifies compliance to new edition; scope itself stays unchanged unless you elect to modify.
Guardian provides: (1) Pre-audit gap analysis · (2) Combined audit options for cost efficiency · (3) Trained auditors with anti-bribery sector competence · (4) Coordination with related certifications (ISO 37301, ISO 9001, etc.) · (5) Direct client engagement throughout 2-year transition window. Recommendation: contact Guardian Q4 2025 - Q1 2026 to begin transition planning.
