ISO 37001:2025: a transition that strengthens organizational governance
The new ISO 37001:2025 marks an evolutionary step in anti-bribery management systems. It is not merely a regulatory update, but a shift that encourages organizations to more deeply integrate principles of transparency, accountability, and sustainability into their governance models.
In this context, Risk Control Advisory has developed a structured Transition Plan designed to guide organizations through all phases of alignment, ensuring continuity of certification and full compliance with the new requirements.
What’s new in ISO 37001:2025: towards a more integrated approach
The 2025 revision introduces elements that broaden the scope of anti-bribery management, making it increasingly integral to corporate strategies.
Among the most relevant aspects is the formalization of the concept of an anti-bribery culture, which becomes a cross-cutting element throughout the organization. This is accompanied by increased attention to the management of conflicts of interest and a strengthened role for top management, which is expected to exercise more active and informed oversight.
Another key development is the introduction of references to climate change, highlighting the growing connection between compliance and ESG issues. The anti-bribery function is also redefined, with greater clarity regarding responsibilities and autonomy, while the role of training and awareness is reinforced across the entire value chain, including partners and suppliers.
Transition timeline: a defined pathway
The transition to the new version of the standard follows a precise timeline. Starting from March 1, 2026, certified organizations may begin transition audits. The entire process must be completed by February 28, 2027, after which only certifications compliant with ISO 37001:2025 will be issued.
This timeframe represents an opportunity to carefully plan adjustment activities and effectively integrate the new requirements.
How to manage the transition to ISO 37001:2025
Alignment requires a structured process that begins with a gap analysis against the new requirements, continues with updating documentation, and concludes with the practical implementation of the necessary changes.
Organizations are required to review key elements of their system, such as the anti-bribery policy, risk assessment, due diligence procedures, and monitoring and internal audit processes. It will be essential to demonstrate that the implemented changes are fully operational and embedded within business processes.
The role of certification and RCA support
During the transition, Risk Control Advisory supports organizations through verification activities that can be carried out during surveillance audits, recertification audits, or extraordinary audits.
At the end of the process, subject to a successful outcome, a new certificate compliant with ISO 37001:2025 is issued, ensuring continuity with the previous certification and maintaining its validity over time.
An opportunity to strengthen compliance and reputation
The transition to ISO 37001:2025 represents a concrete opportunity to strengthen internal control systems and improve governance quality. In a context where transparency and accountability are increasingly central, adopting an advanced anti-bribery system helps consolidate stakeholder trust and generate long-term value.
View the transition plan here.