The rise of ISO 37001 – in numbers
The International Organization for Standardization (ISO) recently released the results of its annual survey, which reports on the number of valid certificates for ISO management systems worldwide. The Survey of Certifications provides insights into current certificates per country as at 31 December 2022.
In this article, we will provide our observations from the survey, placing a special focus on ISO 37001 anti-bribery certifications.
In 2022, there were 5,969 valid ISO 37001 certificates covering 12,837 sites. This is a massive jump from 2021, when there were just 2,896 valid certificates covering about 8,000 sites. ISO 37001 is now one of the top ten most certified standards under ISO, and the only standard to experience over 100% growth between 2021 and 2022.
In the past, compliance experts expressed reservations around the significance of getting certified against ISO 37001, questioning its value or defensibility in the event of an investigation by a government authority or regulator. However, certification against ISO 37001 is becoming a commonly accepted business certification around the globe, in line with other standards such as quality, health and safety and environmental management. Our conclusion is the organisations that choose to wait and see how regulators deal with ISO 37001 risk losing out on the business benefits of certification, such as acknowledgement by customers, increased brand value, and acceptance by supply chain partners.
General observations
The top certified standards should come as no surprise. The sheer number of organisations that continue to certify against ISO 9001 (quality management systems), ISO 14001 (environmental management systems) and ISO 45001 (occupational health and safety management systems) demonstrates their value as commonly accepted business certifications.
ISO 37001 comes in as the ninth most certified-against standard, with 5,969 valid certificates around the globe. As mentioned above, ISO 37001 is the only standard to experience 100% growth since 2021, when there were only 2,896 certificates. Looking more deeply at the data, we can see that ISO 37001 is now recognised as a global anti-bribery standard, with organisations in 81 countries getting certified.
The top countries for certification are:
- Peru (1,796 certificates)
- Italy (1,466 certificates)
- Indonesia (504 certificates)
- South Korea (477 certificates)
- Brazil (204 certificates).
These five countries cover four continents, showcasing the global recognition for ISO 37001.
Companies from several countries across Europe are actively seeking and attaining certification, with some high certificate numbers in:
- Slovakia (173 certificates)
- Greece (147 certificates)
- Spain (137 certificates)
- Romania (94 certificates)
- Hungary (82 certificates).
In North America, countries are mixed in their response to the standard. While there are only 17 certifications in the United States and five in Canada, there are over 145 in Mexico.
In terms of ISO 37001 certifications per industry, there is a wide distribution. However, certain sectors demonstrate higher numbers:
- construction (1,277 certificates)
- engineering (180 certificates)
- public administration (132 certificates)
- transport, storage and communication (124 certificates)
- financial intermediation, real estate, renting (116 certificates)
- wholesale (86 certificates)
- information technology (89 certificates)
- electricity supply (77 certificates).
Companies in construction and engineering may be driven to get certified for several reasons, including:
- organisations in these industries are highly regulated, given the inherently dangerous nature of their work – for them, certification is a straightforward way to demonstrate commitment to anti-bribery, along with other high-risk areas such as health and safety and environmental management
- certification for anti-bribery may be a threshold requirement to participate in public tender and bidding processes, highlighting the business value of certification and its recognition by customers, suppliers and government authorities
- acceptance by downstream suppliers – construction and engineering organisations tend to leverage several subcontractors to carry out their services, and an easy way to determine which suppliers are serious about delivering quality is to see which certifications they possess, including anti-bribery.
The business value of ISO 37001 certification
As we can see from the general observations above, getting certified against ISO 37001 presents a straightforward way for global companies to represent their commitment to anti-bribery. Along with this, certification provides a way for companies to build brand value, identify new business opportunities, and validate customer and supplier relationships.
In this section, we will discuss how certification against the standard helps develop business value and how the survey metrics underpin these findings.
Global opportunities and brand value
The ISO survey data clearly shows us that ISO 37001 certification has value around the globe, and that the standard is recognised in a vast array of countries (81 countries so far). Some of the hesitation around getting certified has been based around how certain enforcement authorities would deal with certification in the event a certified company was ever investigated. While we can’t predict how enforcement authorities will respond to certification, what we do know is that companies around the globe see it as having business value, and may even come to see it as a prerequisite to doing business. Almost all serious organisations around the world are ISO 9001 and ISO 14001 certified, and it is unlikely that global organisations without these certifications will be taken seriously at all. Given the explosive growth of ISO 37001 certification, it is possible that a commitment to anti-bribery will be seen much the same way: a prerequisite to doing business globally.
New business opportunities
As discussed in the general observations, companies in certain industries such as construction and engineering are rapidly pursuing certification, since it offers an identifiable way to present commitment to anti-bribery for new business deals and bidding processes. In addition, as most industries become further regulated, it is likely that certifications will become a standard way of representing to customers, suppliers and the public that an organisation has taken affirmative steps towards managing key risk areas such as bribery.
The data also shows us that companies in some industries may need to take further action. Only 89 information technology companies and 26 healthcare companies have been certified. These are two of the most highly regulated industries, where third-party risk is a serious concern, so ISO certification may prove useful for the organisation or its channel partners (where corruption risk often emanates in these industries).
Customer and supplier relationships
Finally, certification against ISO 37001 can be an excellent way to validate customer and supplier relationships. As ESG concerns increase, customers will want to see that the companies they buy or source from are compliant and take ethical business dealings seriously. Organisations that get certified should be able to easily demonstrate their commitment to anti-bribery to customers. More importantly, certification could prove useful for building supplier relationships. Companies can increase their own integrity profile by pushing anti-bribery commitments up their supply chains. One easy way to do this is to give preference to suppliers that are ISO 37001 certified. Most organisations are already looking at other ISO certifications such as 9001 and 27001 as core requirements, so adding ISO 37001 could make sense – especially when comparing two otherwise similarly situated and capable suppliers.
Conclusion
In the highly interconnected and regulated world that companies operate in, it is imperative to demonstrate integrity in a way that easily conveys business value and ethics. ISO 37001, along with ISO’s other more traditional standards, has provided a way for global companies to do this. In addition to ISO 37001, ISO has released additional standards related to compliance, such as ISO 37031 (on general compliance) and ISO 37008 (on investigations), which proves that organisations are eager for guidance on how to build out their compliance management systems in a standardised way that can be acknowledged and accepted by peers and counterparties. We look forward to seeing the rise in certifications against these standards and understanding their value for global companies.
Appendix and notes
- ISO Survey of Certifications released September 2023
- This is an annual survey of the number of valid certificates to ISO management systems worldwide
- The survey data covers valid certificates as of 31 December of the year of the survey, or two years preceding that year as long as the certificate is still valid as of 31 December of the survey year
- The providers of data are the certification bodies accredited by the IAF MLA members
- Top three certificates:
- ISO 9001:2015 (1,265,216 certificates, covering 1,666,172 sites)
- ISO 14001:2015 (529,853 certificates, covering 744,428 sites)
- ISO 45001:2018 (397,339 certificates, covering 512,069 sites)
- ISO 37001 figures:
- 5,969 certificates
- 12,837 sites
- Top five countries for ISO 37001 certification:
- Peru (1,796 certificates)
- Italy (1,466 certificates)
- Indonesia (504 certificates)
- South Korea (477 certificates)
- Brazil (204 certificates)
- Top sectors pursuing ISO 37001 certification:
- Construction (1,277 certificates)
- Public administration (132 certificates)
- Engineering (180 certificates)
- Transport, storage and communication (124 certificates)
- Financial intermediation, real estate, renting (116 certificates)
- Electricity supply (77 certificates)
- 2021 results for ISO 37001:
- 2,896 certificates
- 7,982 sites