ISO 37001

International

v2016

10 domains

42 controls

Anti-bribery management systems

Unverified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (10)

Context

4 controls

Controls in the Context domain of ISO 37001 — 4 controls
Code	Title	Description
ISO37001-4.1	Understanding the Organization and Its Context	Determine external and internal issues relevant to the anti-bribery management system and its ability to achieve outcome...
ISO37001-4.2	Interested Parties	Identify interested parties relevant to the ABMS and their relevant requirements regarding anti-bribery.
ISO37001-4.3	Scope of the ABMS	Define the boundaries and applicability of the anti-bribery management system including controlled entities.
ISO37001-4.5	Bribery Risk Assessment	Conduct regular bribery risk assessment to identify, analyze, evaluate, and prioritize bribery risks the organization fa...

ISO 37001: Improvement

3 controls

Continual improvement of quality management system (ISO 37001)

Controls in the ISO 37001: Improvement domain of ISO 37001 — 3 controls
Code	Title	Description
ISO37001-16	Continual improvement methodology	Continual improvement methodology. Control from ISO 37001 framework, domain: ISO 37001: Improvement.
ISO37001-17	Corrective and preventive actions	Corrective and preventive actions. Control from ISO 37001 framework, domain: ISO 37001: Improvement.
ISO37001-18	Innovation and change management	Innovation and change management. Control from ISO 37001 framework, domain: ISO 37001: Improvement.

ISO 37001: Leadership & Planning

5 controls

Quality management leadership and planning (ISO 37001)

Controls in the ISO 37001: Leadership & Planning domain of ISO 37001 — 5 controls
Code	Title	Description
ISO37001-01	Quality policy and objectives	Quality policy and objectives. Control from ISO 37001 framework, domain: ISO 37001: Leadership & Planning.
ISO37001-02	Leadership commitment to quality	Leadership commitment to quality. Control from ISO 37001 framework, domain: ISO 37001: Leadership & Planning.
ISO37001-03	Risk-based thinking and planning	Risk-based thinking and planning. Control from ISO 37001 framework, domain: ISO 37001: Leadership & Planning.
ISO37001-04	Resource management for quality	Resource management for quality. Control from ISO 37001 framework, domain: ISO 37001: Leadership & Planning.
ISO37001-05	Organizational roles and responsibilities	Organizational roles and responsibilities. Control from ISO 37001 framework, domain: ISO 37001: Leadership & Planning.

ISO 37001: Operational Controls

5 controls

Quality controls in operations (ISO 37001)

Controls in the ISO 37001: Operational Controls domain of ISO 37001 — 5 controls
Code	Title	Description
ISO37001-06	Operational planning and control	Operational planning and control. Control from ISO 37001 framework, domain: ISO 37001: Operational Controls.
ISO37001-07	Requirements for products and services	Requirements for products and services. Control from ISO 37001 framework, domain: ISO 37001: Operational Controls.
ISO37001-08	Design and development controls	Design and development controls. Control from ISO 37001 framework, domain: ISO 37001: Operational Controls.
ISO37001-09	Control of externally provided processes	Control of externally provided processes. Control from ISO 37001 framework, domain: ISO 37001: Operational Controls.
ISO37001-10	Production and service provision controls	Production and service provision controls. Control from ISO 37001 framework, domain: ISO 37001: Operational Controls.

ISO 37001: Performance Evaluation

5 controls

Measuring and evaluating quality performance (ISO 37001)

Controls in the ISO 37001: Performance Evaluation domain of ISO 37001 — 5 controls
Code	Title	Description
ISO37001-11	Monitoring, measurement, and analysis	Monitoring, measurement, and analysis. Control from ISO 37001 framework, domain: ISO 37001: Performance Evaluation.
ISO37001-12	Internal audit program	Internal audit program. Control from ISO 37001 framework, domain: ISO 37001: Performance Evaluation.
ISO37001-13	Management review process	Management review process. Control from ISO 37001 framework, domain: ISO 37001: Performance Evaluation.
ISO37001-14	Customer satisfaction measurement	Customer satisfaction measurement. Control from ISO 37001 framework, domain: ISO 37001: Performance Evaluation.
ISO37001-15	Nonconformity and corrective action	Nonconformity and corrective action. Control from ISO 37001 framework, domain: ISO 37001: Performance Evaluation.

Improvement

1 controls

Controls in the Improvement domain of ISO 37001 — 1 controls
Code	Title	Description
ISO37001-10.2	Nonconformity and Corrective Action	Address nonconformities through correction, root cause analysis, and corrective actions to prevent recurrence.

Leadership

4 controls

Controls in the Leadership domain of ISO 37001 — 4 controls
Code	Title	Description
ISO37001-5.1.1	Governing Body Leadership	Governing body demonstrates leadership and commitment by approving anti-bribery policy and providing oversight.
ISO37001-5.1.2	Top Management Leadership	Top management ensures ABMS integration into business processes and provides resources for effectiveness.
ISO37001-5.2	Anti-Bribery Policy	Establish, approve, and communicate an anti-bribery policy that prohibits bribery and commits to legal compliance and co...
ISO37001-5.3.2	Anti-Bribery Compliance Function	Assign a compliance function with appropriate competence, status, authority, and independence to oversee the ABMS.

Operation

9 controls

Controls in the Operation domain of ISO 37001 — 9 controls
Code	Title	Description
ISO37001-8.10	Investigating and Dealing with Bribery	Investigate and respond to suspected or actual bribery including documenting findings and corrective actions.
ISO37001-8.2	Business Associate Due Diligence	Conduct risk-based due diligence on business associates posing more than low bribery risk before engagement and during t...
ISO37001-8.3	Financial Controls	Implement financial controls that manage bribery risk including segregation of duties, approvals, and accurate books.
ISO37001-8.4	Non-Financial Controls	Implement non-financial controls such as procurement, operations, and sales controls to manage bribery risk.
ISO37001-8.5	Anti-Bribery Commitments by Controlled Parties	Require controlled organizations and where feasible business associates to implement anti-bribery controls or commit to...
ISO37001-8.6	Commitments to Anti-Bribery by Business Associates	Implement procedures requiring business associates to commit to anti-bribery in proportion to risk.
ISO37001-8.7	Gifts, Hospitality, Donations, Sponsorships	Implement procedures controlling gifts, hospitality, donations, sponsorships, and similar benefits to prevent bribery.
ISO37001-8.8	Managing Inadequate Anti-Bribery Controls	Where controls cannot be implemented, manage residual risk including declining or terminating engagements.
ISO37001-8.9	Raising Concerns	Provide accessible reporting channels that allow personnel and external parties to report bribery concerns confidentiall...

Performance

3 controls

Controls in the Performance domain of ISO 37001 — 3 controls
Code	Title	Description
ISO37001-9.1	Monitoring, Measurement, Analysis, Evaluation	Determine what needs monitoring and measurement and evaluate ABMS performance and effectiveness.
ISO37001-9.2	Internal Audit of ABMS	Conduct internal audits at planned intervals to provide information on whether the ABMS conforms and is effectively impl...
ISO37001-9.3	Management Review	Top management reviews ABMS at planned intervals to ensure continuing suitability, adequacy, and effectiveness.

Support

3 controls

Controls in the Support domain of ISO 37001 — 3 controls
Code	Title	Description
ISO37001-7.2.1	Employee Competence	Ensure persons doing work under the ABMS are competent based on education, training, and experience.
ISO37001-7.2.2.1	Employee Due Diligence	Conduct pre-employment due diligence on personnel exposed to more than low bribery risk.
ISO37001-7.3	Anti-Bribery Awareness and Training	Provide awareness and training on bribery risks, ABMS, and personal obligations to all personnel.

Your Compliance Coverage

If you comply with ISO 37001, you already cover:

ISO 30401

2 controls mapped

Compare →

IEC 62304:2015 Medical Device Software Lifecycle Processes

2 controls mapped

Compare →

ISO 19011

2 controls mapped

Compare →

+ 105 more: ISO 20000-1 (5%), ISO 55001 (5%)

See all 108 mapped frameworks ↓

Maps to 108 other frameworks

42 total controls

ISO 30401

2 source controls mapped|2 target controls covered

IEC 62304:2015 Medical Device Software Lifecycle Processes

2 source controls mapped|4 target controls covered

ISO 19011

2 source controls mapped|2 target controls covered

ISO 20000-1

2 source controls mapped|2 target controls covered

ISO 55001

2 source controls mapped|2 target controls covered

ICH Q10 - Pharmaceutical Quality System

2 source controls mapped|2 target controls covered

ISO 9001

2 source controls mapped|4 target controls covered

TISAX - Trusted Information Security Assessment Exchange

2 source controls mapped|2 target controls covered

ISO 37301

2 source controls mapped|2 target controls covered

ICH E6(R2) Good Clinical Practice - Data Integrity and Electronic Systems

1 source controls mapped|2 target controls covered

SQF Code Edition 9 - Safe Quality Food

1 source controls mapped|1 target controls covered

ISO 22000

1 source controls mapped|1 target controls covered

ISO/IEC 17025:2017 - General Requirements for Testing and Calibration Laboratories

1 source controls mapped|3 target controls covered

ISO 15189:2022 - Medical Laboratories Requirements for Quality and Competence

1 source controls mapped|3 target controls covered

ILO Declaration on Fundamental Principles and Rights at Work (Core Conventions)

1 source controls mapped|1 target controls covered

EASA Part-IS - Information Security in Aviation

1 source controls mapped|1 target controls covered

Voluntary Principles on Security and Human Rights (VPs)

1 source controls mapped|1 target controls covered

AS9100D - Aerospace Quality Management System

1 source controls mapped|3 target controls covered

ISO/IEC 27003:2017

1 source controls mapped|3 target controls covered

BRCGS Global Standard for Food Safety Issue 9

1 source controls mapped|2 target controls covered

SWIFT CSCF

1 source controls mapped|2 target controls covered

SWIFT CSCF v2024

1 source controls mapped|2 target controls covered

IATF 16949:2016 - Quality Management System for Automotive Production

1 source controls mapped|2 target controls covered

ICAO Annex 17 - Aviation Security (AVSEC)

1 source controls mapped|1 target controls covered

ISO 20400:2017 - Sustainable Procurement

1 source controls mapped|1 target controls covered

NATO AQAP 2110 - Quality Assurance Requirements for Design, Development, and Production

1 source controls mapped|3 target controls covered

Aged Care Quality Standards (Australia)

1 source controls mapped|1 target controls covered

ISO/IEC 27014:2020

1 source controls mapped|1 target controls covered

ISO 56002

1 source controls mapped|3 target controls covered

ISO 41001:2018 - Facility Management Systems

1 source controls mapped|3 target controls covered

ISO 39001:2012 - Road Traffic Safety Management

1 source controls mapped|3 target controls covered

ISO 37002:2021 - Whistleblowing Management Systems

1 source controls mapped|3 target controls covered

ISO 50001:2018 - Energy Management Systems

1 source controls mapped|3 target controls covered

ISO 22313:2020 - Guidance on Business Continuity Management Systems

1 source controls mapped|3 target controls covered

NIST Special Publication 800-34 Revision 1, Contingency Planning Guide for Federal Information Systems

1 source controls mapped|1 target controls covered

IMO Maritime Cybersecurity Guidelines (MSC-FAL.1/Circ.3/Rev.2)

1 source controls mapped|1 target controls covered

GLOBALG.A.P. Integrated Farm Assurance (IFA) Standard v6

1 source controls mapped|1 target controls covered

ISO 31000

1 source controls mapped|1 target controls covered

NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements

1 source controls mapped|1 target controls covered

ICH E6(R3) - Good Clinical Practice

1 source controls mapped|1 target controls covered

DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition)

1 source controls mapped|1 target controls covered

ISO 27005

1 source controls mapped|2 target controls covered

ISO 14064 - Greenhouse Gas Accounting and Verification (Parts 1-3)

1 source controls mapped|1 target controls covered

South Korea ISMS-P

1 source controls mapped|1 target controls covered

AS9100D:2016 - Quality Management Systems for Aviation, Space, and Defence

1 source controls mapped|1 target controls covered

ISO 14001

1 source controls mapped|1 target controls covered

ISO 45001:2018

1 source controls mapped|1 target controls covered

ISO 14001:2015

1 source controls mapped|1 target controls covered

ISO 9001:2015

1 source controls mapped|1 target controls covered

SA8000:2014 - Social Accountability Standard

1 source controls mapped|1 target controls covered

ITAR - International Traffic in Arms Regulations

1 source controls mapped|1 target controls covered

NIST SP 800-30

1 source controls mapped|1 target controls covered

UK FCA/PRA Operational Resilience Framework

1 source controls mapped|1 target controls covered

PIC/S Guide to Good Manufacturing Practice for Medicinal Products

1 source controls mapped|2 target controls covered

NFPA 1600 - Standard on Continuity, Emergency, and Crisis Management

1 source controls mapped|2 target controls covered

NIST SP 800-39

1 source controls mapped|1 target controls covered

ISO 45001

1 source controls mapped|1 target controls covered

NIST SP 800-37

1 source controls mapped|1 target controls covered

German Supply Chain Due Diligence Act (LkSG)

1 source controls mapped|1 target controls covered

IRS Publication 1075 - Tax Information Security Guidelines

1 source controls mapped|1 target controls covered

AICPA Privacy Management Framework (PMF)

1 source controls mapped|1 target controls covered

ISPE GAMP 5 - A Risk-Based Approach to Compliant GxP Computerised Systems

1 source controls mapped|1 target controls covered

ISO 27001:2022

1 source controls mapped|2 target controls covered

NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI)

1 source controls mapped|1 target controls covered

Spain ENS

1 source controls mapped|1 target controls covered

BSI IT-Grundschutz

1 source controls mapped|1 target controls covered

AWS Well-Architected Security Pillar

1 source controls mapped|1 target controls covered

ISO 27019

1 source controls mapped|1 target controls covered

FISMA

1 source controls mapped|1 target controls covered

Annex 11 to EU GMP - Computerised Systems

1 source controls mapped|1 target controls covered

IEC 62443

1 source controls mapped|1 target controls covered

IEEE 1686

1 source controls mapped|1 target controls covered

ISO 27017

1 source controls mapped|1 target controls covered

ISMAP (Japan)

1 source controls mapped|1 target controls covered

API 1164

1 source controls mapped|1 target controls covered

ISO 27018

1 source controls mapped|1 target controls covered

Ghana Cybersecurity Act

1 source controls mapped|1 target controls covered

FTC Safeguards Rule (16 CFR Part 314)

1 source controls mapped|1 target controls covered

ISO 26262:2018 - Functional Safety for Road Vehicles

1 source controls mapped|1 target controls covered

Azure Security Benchmark

1 source controls mapped|1 target controls covered

NIST SP 800-82 Revision 3: Guide to Industrial Control Systems (ICS) Security

1 source controls mapped|2 target controls covered

NERC CIP

1 source controls mapped|1 target controls covered

UK Gambling Commission - Cyber Resilience Requirements

1 source controls mapped|1 target controls covered

NRF Cybersecurity and Data Privacy Framework (National Retail Federation)

1 source controls mapped|1 target controls covered

Oman National Cybersecurity Framework

1 source controls mapped|1 target controls covered

SSAE 18 - Attestation Standards (SOC Reporting)

1 source controls mapped|2 target controls covered

MTCS (Singapore)

1 source controls mapped|1 target controls covered

NIST SP 800-53 Rev 5

1 source controls mapped|1 target controls covered

SOC 2

1 source controls mapped|1 target controls covered

NIST SP 800-190

1 source controls mapped|1 target controls covered

ITIL 4

1 source controls mapped|1 target controls covered

Saudi NCA ECC

1 source controls mapped|1 target controls covered

TSA Pipeline Security

1 source controls mapped|1 target controls covered

SASB Standards (ISSB Integrated)

1 source controls mapped|1 target controls covered

SASB Standards

1 source controls mapped|1 target controls covered

NIST SP 800-145

1 source controls mapped|1 target controls covered

NIS2 Directive

1 source controls mapped|1 target controls covered

FTC GLBA Safeguards Rule (16 CFR Part 314)

1 source controls mapped|1 target controls covered

NIST SP 800-144

1 source controls mapped|1 target controls covered

NIST SP 800-146

1 source controls mapped|1 target controls covered

NIST SP 1800-32

1 source controls mapped|1 target controls covered

NIST Privacy Framework 1.0

1 source controls mapped|1 target controls covered

SOC for Cybersecurity - Cybersecurity Risk Management Examination

1 source controls mapped|1 target controls covered

PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments

1 source controls mapped|1 target controls covered

New Zealand Information Security Manual (NZISM)

1 source controls mapped|1 target controls covered

MARS-E - Minimum Acceptable Risk Standards for Exchanges

1 source controls mapped|1 target controls covered

South Korea Cloud Security Assurance Program (CSAP)

1 source controls mapped|1 target controls covered

NRC 10 CFR 73.54 - Nuclear Facility Cybersecurity

1 source controls mapped|1 target controls covered

Compare ISO 37001 with ISO 30401

Frequently Asked Questions

What is ISO 37001?

ISO 37001 is a compliance framework from International with 10 domains and 42 controls. Anti-bribery management systems It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does ISO 37001 have?

ISO 37001 has 42 controls organised across 10 domains. The largest domains are Operation (9 controls), ISO 37001: Leadership & Planning (5 controls), ISO 37001: Operational Controls (5 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does ISO 37001 map to?

ISO 37001 maps to 108 other compliance frameworks. The top mapping partners are ISO 30401 (5% coverage), IEC 62304:2015 Medical Device Software Lifecycle Processes (5% coverage), ISO 19011 (5% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with ISO 37001 compliance?

Start your ISO 37001 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about ISO 37001 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 42 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 700 frameworks.

Get Started Free →

Free forever — no credit card required