The rise of ISO 37001 – in numbers

The International Organization for Standardization (ISO) conducts an annual survey to report on the number of valid certificates for ISO management systems worldwide. The Survey of Certifications provides insights into current certificates per country as at 31 December 2023.

In this article, we will provide our observations from the survey, placing a special focus on ISO 37001 anti-bribery certifications.

In 2023, there were 7,894 valid ISO 37001 certificates covering 15,952 sites. This is a significant increase over the 5,969 certificates and 12,837 sites registered in 2022. ISO 37001 continues to be one of the top ten most certified standards under ISO.

As mentioned in previous posts, compliance experts had expressed reservations around the significance of getting certified against ISO 37001, questioning its value or defensibility in the event of an investigation by a government authority or regulator. However, it appears that certification against ISO 37001 is becoming a commonly accepted business certification around the globe, in line with other standards such as quality, health and safety and environmental management. We believe that organisations that choose to wait and see how regulators deal with ISO 37001 risk losing out on the business benefits of certification, such as acknowledgement by customers, increased brand value, and acceptance by supply chain partners.

General observations

The top certified standards remain unchanged from last year’s survey. The value of a commonly accepted business practice is demonstrated by the numbers of organisations certifying against ISO 9001 (quality management systems), ISO 14001 (environmental management systems) and ISO 45001 (occupational health and safety management systems).

- ISO 9001:2015

837,052 certificates, covering 1,249,317 sites

- ISO 14001:2015

300,410 certificates, covering 526,046 sites

- ISO 45001:2018

185,166 certificates, covering 309,056 sites

ISO 37001 still comes in as the ninth most certified-against standard, with 7,894 valid certificates around the globe as opposed to 5,901 in 2022. Looking more deeply at the data, we can see that ISO 37001 is now recognised as a global anti-bribery standard, with organisations in 91 countries getting certified.

The top countries for certification are:

• Peru (2,197 certificates)
• Italy (1,907 certificates)
• Indonesia (697 certificates)
• South Korea (610 certificates)
• Greece (209 certificates)

These five countries cover three continents, showcasing the global recognition for ISO 37001.

Companies from several countries across Europe are actively seeking and attaining certification, with some high certificate numbers in:

• Slovakia (192 certificates)
• Spain (150 certificates)
• Romania (140 certificates)
• Hungary (147 certificates).

In North America, countries are mixed in their response to the standard. While there are only 27 certifications in the United States and four in Canada, there are over 213 in Mexico.

In terms of ISO 37001 certifications per industry, there is a wide distribution. However, certain sectors demonstrate higher numbers:

• construction (1,334 certificates)
• wholesale & retail trade, repairs of motor vehicles, motorcycles & personal & household goods (374 certificates)
• transport, storage and communication (234 certificates)
• engineering (233 certificates)
• financial intermediation, real estate, renting (202 certificates)
• public administration (177 certificates)
• information technology (125 certificates)
• electricity supply (79 certificates).

The business value of ISO 37001 certification

As we can see from the general observations above, getting certified against ISO 37001 presents a straightforward way for global companies to represent their commitment to anti-bribery. Along with this, certification provides a way for companies to build brand value, identify new business opportunities, and validate customer and supplier relationships.

In this section, we will discuss how certification against the standard helps develop business value and how the survey metrics underpin these findings.

Global opportunities and brand value

The ISO survey data clearly shows that ISO 37001 certification has value around the globe, and that the standard is recognised in a vast array of countries (91 countries so far). Some of the hesitation around getting certified has been based around how certain enforcement authorities would deal with certification in the event a certified company was ever investigated. While we can’t predict how enforcement authorities will respond to certification, what we do know is that companies around the globe see it as having business value, and may even come to see it as a prerequisite to doing business. Almost all serious organisations around the world are ISO 9001 and ISO 14001 certified, and it is unlikely that global organisations without these certifications will be taken seriously at all. Given the growth of ISO 37001 certification, it is possible that commitment to anti-bribery will be seen much the same way: a prerequisite to doing business globally.

New business opportunities

As discussed in the general observations, companies in certain industries such as construction, wholesale and retail trade, transport, storage and communication and engineering are rapidly pursuing certification, since it offers an identifiable way to present commitment to anti-bribery for new business deals and bidding processes. In addition, as most industries become further regulated, it is likely that certifications will become a standard way of representing to customers, suppliers and the public that an organisation has taken affirmative steps towards managing key risk areas such as bribery.

The data also shows us that companies in some industries may need to take further action. Only 125 information technology companies and 33 health and social work companies have been certified. These are two of the most highly regulated industries, where third-party risk is a serious concern, so ISO certification may prove useful for the organisation or its channel partners (where corruption risk often emanates in these industries).

Customer and supplier relationships

Finally, certification against ISO 37001 can be an excellent way to validate customer and supplier relationships. As ESG concerns increase, customers will want to see that the companies they buy or source from are compliant and take ethical business dealings seriously. Organisations that get certified should be able to easily demonstrate their commitment to anti-bribery to customers. More importantly, certification could prove useful for building supplier relationships. Companies can increase their own integrity profile by pushing anti-bribery commitments up their supply chains. One easy way to do this is to give preference to suppliers that are ISO 37001 certified. Most organisations are already looking at other ISO certifications such as 9001 and 27001 as core requirements, so adding ISO 37001 could make sense – especially when comparing two otherwise similarly situated and capable suppliers.

Conclusion

In the highly interconnected and regulated world that companies operate in, it is imperative to demonstrate integrity in a way that easily conveys business value and ethics. ISO 37001, along with ISO’s other more traditional standards, has provided a way for global companies to do this. Along with ISO 37001, ISO has released additional standards related to compliance, such as ISO 37301 (on general compliance), ISO 37000 (governance of organisations) and ISO 37008 (on investigations), which proves that organisations are eager for guidance on how to build out their compliance management systems in a standardised way that can be acknowledged and accepted by peers and counterparties. We look forward to seeing the rise in certifications against these standards and understanding their value for global companies.