Imagine you’re really hungry. You walk up the street and see two restaurants. One has an “A” rating on the window for food safety, certified by the city’s health and safety body. The other has a handwritten “A” on the window, without any information as to who gave the grade. Which restaurant would you go into?
With respect to the ISO 37001 Anti-Bribery Management Systems Certification, many commentators have asked the question, “Who is doing the certification!?!” Up until recently the answer was simply, “Certification bodies.” But which certification bodies? And how do you know whether a certification body has a quality process in place to ensure that it only certifies companies that meet the high threshold requirements of ISO 37001?
When the anti-bribery ISO standard was published in Oct. 2016, a second standard was published with it. This second Standard, ISO 17021-9, laid out the auditing criteria that was to be used to determine whether a company had met the standard, and specified that only anti-bribery experts could be auditors. While the auditing criteria could be applied immediately, verification that a certifying body was following that criteria would take longer to judge. That is because, similar to companies seeking ISO 37001 certification, certification bodies can seek accreditation by proving that they are following proper ISO certification standards.
The Accreditation Process
ISO is a global NGO comprised of member bodies from all participating country. Each country has what’s called an accrediting body. This body evaluates certifying bodies and decides whether the certifying body is following the auditing criteria associated with various ISO standards, including ISO 37001. This is a rigorous process. After reviewing audits, if the accrediting body is satisfied, it will accredit the certifying body.
Where I live in the United Kingdom, the ISO member body is called UKAS. It is “responsible for determining, in the public interest, the technical competence and integrity of organizations offering testing, calibration and certification services.” UKAS began a pilot program in July 2017 to begin accrediting certification bodies for the ISO 37001 Standard. The process is long and arduous, requiring the applicant certification body to submit to multiple reviews while the UKAS personnel observe the ISO 37001 certification audits as they take place to ensure the certification body is adhering to the ISO 17021-1 and -9 standards, and awarding ISO 37001 certification only when it is truly earned.
In the United States, the ISO member body is called ANSI/ANAB. It is responsible for granting accreditation to certifying bodies. After launching its ISO 37001 accreditation process last year, it has now accredited several certification bodies and several more certification bodies are going through the accreditation process, including ETHIC Intelligence and Perry Johnson Registrars, Inc.
The good news? Accreditation is FINALLY being granted to the best ISO 37001 certification bodies. It is now possible to separate the wheat from the chaff, as the multi-year review process is coming to an end for the early adopters.