ISO 37001 - Anti-bribery management system
- Finance
- Other sectors
- Government
- Healthcare
- Automotive and aerospace
- Food and beverage
- Maritime
- Energy
A structured approach to build trust and transparency, managing risks and safeguarding your company’s reputation. Mandatory for CIDB Malaysia Grade G7 contractors from 1 January 2027.
ISO 37001 - Anti-bribery management system
ISO 37001 provides requirements and guidance for any organization to establish, implement, review and improve an anti-bribery management system.
Managing risks related to bribery and other forms of corruption is vital to succeed commercially. ISO 37001 certification can assure stakeholders that effective anti-bribery measures are in place, maintained and continually improved.
ISO 37001 is mandatory for CIDB Malaysia Grade G7 contractors who are applying/renewing their SPKK (Government Procurement Work Certificate). Be ready well before 01 January 2027.
What is ISO 37001
ISO 37001:2016 is applicable only to bribery. It sets forth management system requirements designed to help you prevent, detect and respond to bribery as well as comply with anti-bribery laws and voluntary commitments applicable to the organization’s activities.
Other aspects, such as fraud or money laundering can be included in the management system scope in accordance in accordance with relevant legislation and best-practices. ISO 37001 covers bribery:
- by the organization, its personnel or business associates acting on the organization’s behalf or for its benefit;
- of the organization, its personnel or business associates in relation to the organization’s activities.
A compliant management system must implement measures and controls to help prevent, detect, and deal with bribery. These should cover:
- anti-bribery policy;
- management leadership, commitment and responsibility;
- personnel controls and training;
- risk assessments;
- due diligence on projects and business associates;
- financial, commercial and contractual controls;
- reporting, monitoring, investigation and review;
- corrective action and continual improvement.
CIDB Malaysia G7 Contractors License Registration
ISO 37001 becomes a prerequisite for every G7 SPKK application and renewal from 01 January 2027.
Issued by the Construction Industry Development Board in December 2025, the circular ties the highest contractor grade to a functioning anti-bribery management system.
Here is what every G7 contractor needs to know:
- MS ISO 37001 certification is required to submit a new G7 SPKK application or to renew an existing one on or after 1 January 2027.
- Affected parties include all Grade G7 contractors, firms moving up from G1 to G6, joint ventures and consortium leads at G7, and foreign contractors registered at G7.
- There is no grandfather clause and no exemption for existing G7 holders. When your SPKK next comes up for renewal, certification is required.The mandate supports the National Anti-Corruption Strategy 2024 to 2028 and the move to require ISO 37001 for large public projects.
Timeline to deadline
A typical mid-sized contractor needs six to nine months to implement ISO 37001 properly. Certification body capacity tightens as the deadline approaches, so the earlier you begin, the more room you keep for corrective action.
- Understand your exposure.
Confirm how the requirement applies to your grade and your renewal date. - Self-assessment and gap assessment.
Establish a scored baseline and an implementation plan that targets the real gaps. - Implement and embed.
Put controls in place, train your people, and run internal audits and a management review. - Certification audit.
DNV audits your system against ISO 37001:2025 and issues your accredited certificate. - Be certified and SPKK ready.
Submit or renew your G7 SPKK with certification already in hand.
Benefits of certification
Certification to ISO 37001 supports your anti-bribery management system efforts by verifying that the:
- standard’s requirements are addressed;
- necessary controls are in place within your own organization and across your entire value chain;
- company has adequate and proportionate procedures in place to actively prevent bribery;
- management system supports compliance with applicable anti-bribery legislation.
While certification to ISO 37001 cannot guarantee that bribery will not occur, it verifies that you have an structured management system in place to prevent such situations.
Getting started
To become certified, you first need to have an anti-bribery management system compliant with ISO 37001. DNV is an accredited certification body for ISO 37001 and ready to support your journey, from initial training to gap-analysis and certification.
Training
Relevant insight in an active learning environment.
Your added value
Find out more on the digital customer experience.
Contact Us Form
Click here to get in touch.
Stay Updated
Subscribe and receive 5% off your first training.