What is the primary objective of ISO 37001?

ISO 37001 specifies requirements for establishing, implementing, maintaining, reviewing, and improving an Anti-Bribery Management System (ABMS) to prevent, detect, and respond to bribery. It enables organizations to demonstrate reasonable, proportionate measures addressing bribery risks, complying with anti-bribery laws and voluntary commitments, without guaranteeing bribery will never occur. Applicable to all organization types, sizes, and sectors, it covers direct/indirect bribery by/for the organization, personnel, and business associates, following the PDCA cycle across Clauses 4–10.

Who is legally or professionally required to comply with ISO 37001?

ISO 37001 is voluntary and applicable to any organization—public, private, or not-for-profit—regardless of size, type, or sector. No legal mandates exist, but it is professionally required for high-risk entities like multinationals, extractives, defense, or those in public procurement facing FCPA/UK Bribery Act scrutiny. Certification signals due diligence to regulators, investors, and partners, with 99% of firms now conducting third-party onboarding checks per surveys.

Does ISO 37001 require an external audit or third-party certification?

ISO 37001 certification requires external audits by accredited third-party bodies, involving Stage 1 (documentation) and Stage 2 (effectiveness) assessments. Certification is issued for 3 years, with annual surveillance audits (every 12 months) and recertification. While implementation is possible internally, third-party certification amplifies evidentiary value, potentially reducing liability in investigations.

How often should an assessment for ISO 37001 be performed?

Bribery risk assessments under ISO 37001 must be performed periodically and when significant changes occur, such as new markets or M&A. Internal audits occur at planned intervals (risk-based, typically annually for high-risk areas), with 56% of firms conducting independent third-party reviews. Management reviews happen regularly, feeding PDCA continual improvement.

What are the consequences of non-compliance with ISO 37001?

Non-conformance with ISO 37001 risks certification denial/suspension, plus heightened bribery liability without demonstrable due diligence. It offers no absolute prosecution immunity but evidences "reasonable steps," potentially mitigating penalties; up to 95% of cases involve third parties. Operational impacts include fines, debarment, reputational damage, and 15% higher compliance costs without structured controls.

Can ISO 37001 be mapped to other international frameworks?

Yes, ISO 37001 aligns with the Harmonized Structure (HS), enabling seamless integration with other ISO management systems like ISO 9001 or ISO 27001. Its PDCA architecture (Clauses 4–10) supports combined audits, shared documentation, and unified risk processes, reducing duplication while maintaining bribery-specific controls.

What is the first step to begin implementing ISO 37001?

The first step is determining organizational context, scope, and conducting a bribery risk assessment (Clauses 4.1–4.5). Identify internal/external issues, interested parties, and ABMS boundaries, followed by leadership commitment (Clause 5) via policy and roles. This risk-based foundation informs proportionate planning and controls.

What is the primary objective of BREEAM?

BREEAM's primary objective is to provide a science-based sustainability assessment and certification framework for the built environment, measuring performance across the asset lifecycle. Developed by BRE in 1990, it uses a category-based structure—Management, Health & Wellbeing, Energy, Transport, Water, Materials, Waste, Land Use & Ecology, Pollution, and Innovation—with weighted credits converting compliance into ratings from Pass (≥30%) to Outstanding (≥85%). This enables verified ESG outcomes, net zero alignment, and resilience.

Who is legally or professionally required to comply with BREEAM?

No organizations are legally required to comply with BREEAM, as it is a voluntary certification scheme. Professionally, it applies to developers, owners, and operators of buildings, infrastructure, communities, and fit-outs seeking market differentiation, ESG reporting, planning incentives, or tenant demands. National Scheme Operators in Austria, Germany, Netherlands, Norway, Spain, and Sweden adapt it locally; others use International versions.

Does BREEAM require an external audit or third-party certification?

Yes, BREEAM mandates third-party certification through licensed BREEAM Assessors and BRE Global quality audits. Assessors compile evidence against scheme manuals and submit for BRE verification, often including site visits. BRE Global, UKAS-accredited to ISO/IEC 17065, issues ratings, ensuring impartiality via Knowledge Base Compliance Notes (KBCNs).

How often should an assessment for BREEAM be performed?

BREEAM New Construction assessments occur once per project at design and post-construction stages, while In-Use certifications require reassessment every 3 years. Operational schemes like In-Use validate ongoing performance; Version 7 emphasizes post-occupancy evaluation to close performance gaps, with KBCNs guiding updates.

What are the consequences of non-compliance with BREEAM?

Non-compliance with BREEAM results in no certification, lost market premiums, and missed ESG credibility, but incurs no direct legal penalties as it is voluntary. Indirect risks include planning delays, higher financing costs, reduced asset values (e.g., no 5-15% rental uplift), and reputational damage from unverified sustainability claims.

Can BREEAM be mapped to other international frameworks?

BREEAM does not officially map to other frameworks within its standalone schemes, though Version 7 aligns criteria with EU Taxonomy for disclosures. Its category structure and evidence rigor support ESG reporting, but scheme manuals and KBCNs define self-contained requirements without cross-references.

What is the first step to begin implementing BREEAM?

The first step is to select the appropriate scheme (e.g., New Construction, In-Use) and appoint a licensed BREEAM Assessor early at project inception. Conduct a pre-assessment using the technical manual to target ratings, identify credits, and integrate into design via a BREEAM AP.

Standards Comparison

ISO 37001 vs BREEAM

ISO 37001

Voluntary

2025

International standard for anti-bribery management systems

BREEAM

Voluntary

1990

Global framework for sustainable building certification

Quick Verdict

ISO 37001 provides anti-bribery management systems for all organizations worldwide, mitigating corruption risks through certification. BREEAM assesses built environment sustainability for construction projects, driving energy efficiency and health via ratings. Companies adopt them for compliance, risk reduction, and market differentiation.

Anti-Bribery/Compliance

ISO 37001

ISO 37001:2016 Anti-Bribery Management Systems

Cost

€€€

Complexity

Medium

Implementation Time

6-12 months

Key Features

Risk-based anti-bribery management system framework
Mandatory third-party due diligence and monitoring
Leadership commitment and anti-bribery culture emphasis
PDCA cycle for continuous improvement
Internationally certifiable with Harmonized Structure integration

Building Sustainability

BREEAM

Building Research Establishment Environmental Assessment Method

Cost

€€€

Complexity

High

Implementation Time

12-18 months

Key Features

Credit-based weighted scoring across 10 categories
Third-party certification by licensed assessors and BRE
Lifecycle coverage: new construction to in-use operations
Evidence-driven with KBCNs and technical manuals
Aligns with net zero, EU Taxonomy, resilience

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

ISO 37001 Details

What It Is

ISO 37001:2016 is an international certifiable standard for Anti-Bribery Management Systems (ABMS). It provides requirements to prevent, detect, and respond to bribery risks, focusing on direct/indirect bribery across public/private sectors. Employs a risk-based, proportionate approach via PDCA cycle and Harmonized Structure for integration.

Key Components

Clauses 4-10: context, leadership, planning, support, operations, evaluation, improvement.
Core controls: policy, due diligence, financial/non-financial controls, training, reporting.
8 auditable clusters including third-party management and culture.
Optional third-party certification with audits.

Why Organizations Use It

Mitigates legal risks (FCPA, UK Bribery Act), reduces liability via evidence of 'reasonable steps'. Drives efficiencies (15% compliance cost cut), reputational trust, ESG alignment. Enables market access, stakeholder confidence in high-risk sectors.

Implementation Overview

Phased: gap analysis, risk assessment, controls design, training, audits. Scalable for SMEs/multinationals, all industries/geographies. Certification via Stage 1/2 audits, 3-year cycle with surveillance. (178 words)

BREEAM Details

What It Is

BREEAM (Building Research Establishment Environmental Assessment Method) is a science-led sustainability certification framework for the built environment. It assesses environmental, social, and resilience performance across buildings, infrastructure, and communities throughout their lifecycle. The primary purpose is to convert sustainability goals into measurable credits via a weighted scoring system, enabling comparable ratings from Pass to Outstanding.

Key Components

10 core categories: Management, Health & Wellbeing, Energy, Transport, Water, Materials, Waste, Land Use & Ecology, Pollution, Innovation.
Hundreds of credits with prerequisites, weighted by impact (e.g., high for Energy).
Built on technical manuals, KBCNs, and third-party assurance.
Certification via licensed assessors and BRE audits.

Why Organizations Use It

Drives operational savings (e.g., 22-33% energy reduction), asset value uplift (up to 30%), and ESG alignment.
Meets planning incentives, investor demands, and EU Taxonomy.
Mitigates risks in regulation, reputation, and climate resilience.
Enhances market differentiation and tenant appeal.

Implementation Overview

Phased approach: pre-assessment, design integration, construction evidence, certification, In-Use monitoring.
Applies to all sizes/industries globally; early assessor appointment key.
Requires evidence submission and BRE QA for certification.

Key Differences

Aspect	ISO 37001	BREEAM
Scope	Anti-bribery management systems only	Built environment sustainability performance
Industry	All sectors worldwide	Construction, real estate, infrastructure
Nature	Voluntary certifiable management standard	Voluntary sustainability certification scheme
Testing	Third-party certification audits, surveillance	Licensed assessor evaluations, BRE audits
Penalties	Certification loss, no legal penalties	Certification denial, no legal penalties

Scope

ISO 37001

Anti-bribery management systems only

BREEAM

Built environment sustainability performance

Industry

ISO 37001

All sectors worldwide

BREEAM

Construction, real estate, infrastructure

Nature

ISO 37001

Voluntary certifiable management standard

BREEAM

Voluntary sustainability certification scheme

Testing

ISO 37001

Third-party certification audits, surveillance

BREEAM

Licensed assessor evaluations, BRE audits

Penalties

ISO 37001

Certification loss, no legal penalties

BREEAM

Certification denial, no legal penalties

Frequently Asked Questions

Common questions about ISO 37001 and BREEAM

ISO 37001 FAQ

BREEAM FAQ

You Might also be Interested in These Articles...

EU AI Act High-Risk Classification Guide: Operationalizing Transparency in Surfer SEO and Frase Content Pipelines for 2026

Operationalize EU AI Act Annex III high-risk rules for Surfer SEO & Frase in 2026. Steps for risk assessments, logging, human oversight in SEO pipelines. Comply

Beyond Reactive: Transforming Compliance into Real-Time Threat Prevention

Discover how modern compliance monitoring tools leverage continuous, real-time oversight and automated alerts to shift organizations from reactive problem-solving to proactive threat detection and prevention, safeguarding against emerging risks before they escalate.

NIST 800-53 Private Sector ROI Reality Check: Isolating Control Family Impacts on 2024 Breach Costs

Discover NIST 800-53 ROI in private sector: control families like RA, SI, SR reduce median breach costs from $100K to under $50K. Get benchmarks to prioritize i

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Explore More Comparisons

See how ISO 37001 and BREEAM compare against other standards

Other ISO 37001 Comparisons

Other BREEAM Comparisons

Quick Verdict

What It Is

Key Components

Clauses 4-10: context, leadership, planning, support, operations, evaluation, improvement.

Core controls: policy, due diligence, financial/non-financial controls, training, reporting.

8 auditable clusters including third-party management and culture.

Optional third-party certification with audits.

What It Is

Key Components

10 core categories: Management, Health & Wellbeing, Energy, Transport, Water, Materials, Waste, Land Use & Ecology, Pollution, Innovation.

Hundreds of credits with prerequisites, weighted by impact (e.g., high for Energy).

Built on technical manuals, KBCNs, and third-party assurance.

Certification via licensed assessors and BRE audits.

Aspect

ISO 37001

BREEAM

Scope

Anti-bribery management systems only

Built environment sustainability performance

Industry

All sectors worldwide

Construction, real estate, infrastructure

Nature

Voluntary certifiable management standard

Voluntary sustainability certification scheme

Testing

Third-party certification audits, surveillance

Licensed assessor evaluations, BRE audits

Penalties

Certification loss, no legal penalties

Certification denial, no legal penalties