Glossary
ISO 37001
The international standard for anti-bribery management systems, published by ISO in 2016. ISO 37001 specifies requirements for an anti-bribery management system with a documented policy, due diligence on third parties, training, and a 'raise concerns' procedure that maps directly to a whistleblowing channel. An effective whistleblowing channel is widely treated as a prerequisite for certification.
Full definition
ISO 37001:2016 specifies requirements and provides guidance for establishing, implementing, maintaining, and improving an anti-bribery management system. The standard is closely related to whistleblowing: a substantial portion of bribery cases come to light through internal reports, and an effective whistleblowing channel is widely treated as a prerequisite for ISO 37001 certification. The standard requires a documented anti-bribery policy, due diligence on third parties, training, and, crucially for our domain, a 'raise concerns' procedure that maps directly to a whistleblowing channel.
Related terms
- ISO 37002 The international standard for whistleblowing management systems, published by ISO in 2021. Unlike EU Directive 2019/1937, ISO 37002 is voluntary, but certification signals to regulators, customers, and investors that the organisation treats whistleblowing as a core compliance function. It is often combined with ISO 37001 (anti-bribery) and ISO 37301 (compliance management).
- ISO 37301 The international standard for compliance management systems, published in 2021. ISO 37301 defines requirements for organisations to identify their compliance obligations, manage compliance risk, and maintain a culture that enables compliance. Whistleblowing channels are explicitly listed as a control. Organisations often pursue triple certification across ISO 37001 (anti-bribery), ISO 37002 (whistleblowing), and ISO 37301.
- Compliance Officer The senior executive accountable for an organisation's compliance management system. In whistleblowing, the compliance officer is most often the designated person under EU Directive 2019/1937 Article 8(5), operating the internal channel, training case handlers, and reporting to the board on volume and outcomes. The role is regulated in finance and increasingly expected at 250+ employees.