ISO 37001

LEAD IMPLEMENTER

Candidate Handbook

www.pecb.com
Table of Contents
SECTION I: INTRODUCTION ......................................................................................................................... 3
About PECB ........................................................................................................................................................... 3
The Value of PECB Certification ........................................................................................................................... 4
PECB Code of Ethics ............................................................................................................................................. 5
Introduction to ISO 37001 Lead Implementer ..................................................................................................... 6
SECTION II: EXAMINATION PREPARATION, RULES, AND POLICIES ............................................................. 7
Preparing for and scheduling the exam ............................................................................................................... 7
Competency domains ........................................................................................................................................... 8
Taking the exam .................................................................................................................................................. 17
Exam Security Policy........................................................................................................................................... 20
Exam results ........................................................................................................................................................ 21
Exam Retake Policy............................................................................................................................................. 21
SECTION III: CERTIFICATION PROCESS AND REQUIREMENTS .................................................................. 22
PECB ISO 37001 credentials .............................................................................................................................. 22
Applying for certification .................................................................................................................................... 22
Professional experience ..................................................................................................................................... 23
Professional references ..................................................................................................................................... 23
ABMS project experience ................................................................................................................................... 23
Evaluation of certification applications ............................................................................................................. 23
SECTION IV: CERTIFICATION POLICIES ..................................................................................................... 24
Denial of certification .......................................................................................................................................... 24
Certification status options ................................................................................................................................ 24
Upgrade and downgrade of credentials ............................................................................................................ 25
Renewing the certification .................................................................................................................................. 25
Closing a case ..................................................................................................................................................... 25
Complaint and Appeal Policy ............................................................................................................................. 25
SECTION V: GENERAL POLICIES ................................................................................................................ 26
Exams and certifications from other accredited certification bodies ............................................................. 26
Non-discrimination and special accommodations ........................................................................................... 26
Behavior Policy .................................................................................................................................................... 26
Refund Policy ...................................................................................................................................................... 26

ISO 37001 Lead Implementer

2
Candidate Handbook Version 5.1
SECTION I: INTRODUCTION

About PECB
PECB is a certification body that provides education 1, certification, and certificate programs for individuals
on a wide range of disciplines.

Through our presence in more than 150 countries, we help professionals demonstrate their competence in
various areas of expertise by providing valuable evaluation, certification, and certificate programs against
internationally recognized standards.

Our key objectives are:

1. Establishing the minimum requirements necessary to certify professionals and to grant designations
2. Reviewing and verifying the qualifications of individuals to ensure they are eligible for certification
3. Maintaining and continually improving the evaluation process for certifying individuals
4. Certifying qualified individuals, granting designations and maintaining respective directories
5. Establishing requirements for the periodic renewal of certifications and ensuring that the certified
individuals are complying with those requirements
6. Ascertaining that PECB professionals meet ethical standards in their professional practice
7. Representing our stakeholders in matters of common interest
8. Promoting the benefits of certification and certificate programs to professionals, businesses,
governments, and the public

Our mission
Provide our clients with comprehensive examination, certification, and certificate program services that
inspire trust and benefit the society as a whole.

Our vision
Become the global benchmark for the provision of professional certification services and certificate
programs.

Our values
Integrity, Professionalism, Fairness

1 Education refers to training courses developed by PECB and offered globally through our partners.

ISO 37001 Lead Implementer

3
Candidate Handbook Version 5.1
The Value of PECB Certification

Global recognition
PECB credentials are internationally recognized and endorsed by many accreditation bodies, so
professionals who pursue them will benefit from our recognition in domestic and international markets.

The value of PECB certifications is validated by the accreditation from the International Accreditation Service
(IAS-PCB-111), the United Kingdom Accreditation Service (UKAS-No. 21923) and the Korean Accreditation
Board (KAB-PC-08) under ISO/IEC 17024 – General requirements for bodies operating certification of
persons. The value of PECB certificate programs is validated by the accreditation from the ANSI National
Accreditation Board (ANAB-Accreditation ID 1003) under ANSI/ASTM E2659-18, Standard Practice for
Certificate Programs.

PECB is an associate member of The Independent Association of Accredited Registrars (IAAR), a full
member of the International Personnel Certification Association (IPC), a signatory member of IPC MLA, and
a member of Club EBIOS, CPD Certification Service, CLUSIF, Credential Engine, and ITCC. In addition, PECB is
an approved Licensed Partner Publisher (LPP) from the Cybersecurity Maturity Model Certification
Accreditation Body (CMMC-AB) for the Cybersecurity Maturity Model Certification standard (CMMC), is
approved by Club EBIOS to offer the EBIOS Risk Manager Skills certification, and is approved by CNIL
(Commission Nationale de l'Informatique et des Libertés) to offer DPO certification. For more detailed
information, click here.

High-quality products and services

We are proud to provide our clients with high-quality products and services that match their needs and
demands. All of our products are carefully prepared by a team of experts and professionals based on the
best practices and methodologies.

Compliance with standards

Our certifications and certificate programs are a demonstration of compliance with ISO/IEC 17024 and
ASTM E2659. They ensure that the standard requirements have been fulfilled and validated with adequate
consistency, professionalism, and impartiality.

Customer-oriented service
We are a customer-oriented company and treat all our clients with value, importance, professionalism, and
honesty. PECB has a team of experts who are responsible for addressing requests, questions, and needs. We
do our best to maintain a 24-hour maximum response time without compromising the quality of the services.

Flexibility and convenience

Online learning opportunities make your professional journey more convenient as you can schedule your
learning sessions according to your lifestyle. Such flexibility gives you more free time, offers more career
advancement opportunities, and reduces costs.

ISO 37001 Lead Implementer

4
Candidate Handbook Version 5.1
PECB Code of Ethics
The Code of Ethics represents the highest values and ethics that PECB is fully committed to follow, as it
recognizes the importance of them when providing services and attracting clients.

The Compliance Division makes sure that PECB employees, trainers, examiners, invigilators, partners,
distributors, members of different advisory boards and committees, certified individuals, and certificate
holders (hereinafter “PECB professionals”) adhere to this Code of Ethics. In addition, the Compliance Division
consistently emphasizes the need to behave professionally and with full responsibility, competence, and
fairness in service provision with internal and external stakeholders, such as applicants, candidates, certified
individuals, certificate holders, accreditation authorities, and government authorities.

It is PECB’s belief that to achieve organizational success, it has to fully understand the clients and
stakeholders’ needs and expectations. To do this, PECB fosters a culture based on the highest levels of
integrity, professionalism, and fairness, which are also its values. These values are integral to the
organization, and have characterized the global presence and growth over the years and established the
reputation that PECB enjoys today.

PECB believes that strong ethical values are essential in having healthy and strong relationships. Therefore,
it is PECB’s primary responsibility to ensure that PECB professionals are displaying behavior that is in full
compliance with PECB principles and values.

PECB professionals are responsible for:

1. Displaying professional behavior in service provision with honesty, accuracy, fairness, and
independence
2. Acting at all times in their service provision solely in the best interest of their employer, clients, the
public, and the profession in accordance with this Code of Ethics and other professional standards
3. Demonstrating and developing competence in their respective fields and striving to continually improve
their skills and knowledge
4. Providing services only for those that they are qualified and competent and adequately informing clients
and customers about the nature of proposed services, including any relevant concerns or risks
5. Informing their employer or client of any business interests or affiliations which might influence or
impair their judgment
6. Preserving the confidentiality of information of any present or former employer or client during service
provision
7. Complying with all the applicable laws and regulations of the jurisdictions in the country where the
service provisions were conducted
8. Respecting the intellectual property and contributions of others
9. Not communicating intentionally false or falsified information that may compromise the integrity of the
evaluation process of a candidate for a PECB certification or a PECB certificate program
10. Not falsely or wrongly presenting themselves as PECB representatives without a proper license or
misusing PECB logo, certifications or certificates
11. Not acting in ways that could damage PECB’s reputation, certifications or certificate programs
12. Cooperating in a full manner on the inquiry following a claimed infringement of this Code of Ethics

To read the complete version of PECB’s Code of Ethics, go to Code of Ethics | PECB.

ISO 37001 Lead Implementer

5
Candidate Handbook Version 5.1
Introduction to ISO 37001 Lead Implementer
ISO 37001 specifies the requirements for establishing, implementing, maintaining, and continually improving
an anti-bribery management system (ABMS). The anti-bribery management system, as defined by ISO 37001,
is designed to help organizations prevent, detect, and respond to bribery. In addition, adherence to the
standard’s requirements can improve an organization’s ability to comply with anti-bribery laws and
commitments.

An anti-bribery management system is comprised of policies, procedures, and controls which an

organization must implement. These policies, procedures, and controls are aimed at enhancing the
organization’s ability to prevent and detect bribery. As it is not possible to completely eliminate the risk of
bribery, having an effective ABMS in place improves the organization’s ability to respond to bribery.

Activities undertaken as part of the anti-bribery management system (understanding the context,
establishing and implementing anti-bribery policy and procedures, assigning roles and responsibilities,
ensuring top management commitment, implementing financial and non-financial controls, correcting
nonconformities and seeking improvement opportunities) help the organization establish a culture that takes
account of social, moral, and economic consequences of bribery, while at the same time ensures that
reasonable and proportionate measures are in place to prevent, detect, and respond to bribery.

The “ISO 37001 Lead Implementer” credential is a professional certification for individuals aiming to
demonstrate the competence to implement the anti-bribery management system and lead an
implementation team.

Considering that implementing is one of the most in-demand professions, an internationally recognized
certification can help you achieve your career potential and reach your professional objectives.

PECB certifications are not a license or simply a membership. They attest the candidates’ knowledge and
skills gained through our training courses and are issued to candidates that have the required experience
and have passed the exam.

This document specifies the PECB ISO 37001 Lead Implementer certification scheme in compliance with
ISO/IEC 17024:2012. It also outlines the steps that candidates should take to obtain and maintain their
credentials. As such, it is very important to carefully read all the information included in this document
before completing and submitting your application. If you have questions or need further information after
reading it, please contact the PECB international office at [email protected].

ISO 37001 Lead Implementer

6
Candidate Handbook Version 5.1
SECTION II: EXAMINATION PREPARATION, RULES, AND POLICIES

Preparing for and scheduling the exam

All candidates are responsible for their own study and preparation for certification exams. Although
candidates are not required to attend the training course to be eligible for taking the exam, attending it can
significantly increase their chances of successfully passing the exam.

To schedule the exam, candidates have two options:

1. Contact one of our authorized partners. To find an authorized partner in your region, please go to Active
Partners. The training course schedule is also available online and can be accessed on Training Events.
2. Take a PECB exam remotely through the PECB Exams application. To schedule a remote exam, please
go to the following link: Exam Events.

To learn more about exams, competency domains, and knowledge statements, please refer to Section III of
this document.

Rescheduling the exam

For any changes with regard to the exam date, time, location, or other details, please contact
[email protected].

Application fees for examination and certification

Candidates may take the exam without attending the training course. The applicable prices are as follows:
• Lead Exam: $10002
• Manager Exam: $700
• Foundation Exam: $500
• Transition Exam: $500

The application fee for certification is $500.

For the candidates that have attended the training course via one of PECB’s partners, the application fee
covers the costs of the exam (first attempt and first retake), the application for certification, and the first
year of Annual Maintenance Fee (AMF).

2
All prices listed in this document are in US dollars.

ISO 37001 Lead Implementer

7
Candidate Handbook Version 5.1
Competency domains
The objective of the “PECB ISO 37001 Lead Implementer” exam is to ensure that the candidate has acquired
the necessary competence to support an organization in establishing, implementing, managing and
maintaining an ABMS.

The ISO 37001 Lead Implementer certification is intended for:

• Managers or consultants involved in and concerned with the implementation of an anti-bribery
management system in an organization
• Project managers, consultants, or expert advisers seeking to master the implementation of an anti-
bribery management system
• Individuals responsible for maintaining conformity with the ISO 37001 requirements in an organization
• Members of an ABMS implementation team

The content of the exam is divided as follows:

• Domain 1: Fundamental principles and concepts of an anti-bribery management system (ABMS)
• Domain 2: Anti-bribery management system (ABMS)
• Domain 3: Planning the ABMS implementation
• Domain 4: Implementing an ABMS
• Domain 5: Performance evaluation, monitoring, and measurement of an ABMS
• Domain 6: Continual improvement of an ABMS
• Domain 7: Preparing for an ABMS certification audit

ISO 37001 Lead Implementer

8
Candidate Handbook Version 5.1
Domain 1: Fundamental principles and concepts of an anti-bribery management system
(ABMS)

Main objective: Ensure that the candidate is able to interpret ISO 37001 principles and concepts.

Competencies Knowledge statements

1. Ability to understand the applicability and 1. Knowledge of the ISO 37001 scope
scope of ISO 37001 2. Knowledge of the relationship between ISO
2. Ability to explain the connection between ISO 37001 and other ISO standards
37001 and other ISO standards, such as ISO 3. Knowledge of the advantages of implementing
37301, ISO 31000, and ISO 26000 an ABMS based on ISO 37001
3. Ability to communicate the advantages of 4. Knowledge of the relationship between ISO
implementing an ABMS based on ISO 37001 37001 and SDGs
4. Ability to illustrate the connection between ISO 5. Knowledge of the ISO’s definition for a
37001 and Sustainable Development Goals management system
(SDGs) 6. Knowledge of ISO 37001’s structure
5. Ability to explain what a management system 7. Knowledge of the core terms related to the
is ABMS and ISO’s definitions for those terms
6. Ability to understand the structure of ISO 8. Knowledge of the six principles of anti-bribery
37001 management, as set out by UK Ministry of
7. Ability to distinguish between the core terms Justice
related to ABMS: bribery, bribery risk, business
associate, public official, conflict of interest
8. Ability to explain the anti-bribery management
principles, as defined by UK’s Ministry of
Justice

ISO 37001 Lead Implementer

9
Candidate Handbook Version 5.1
Domain 2: Anti-bribery management system (ABMS) and ISO 37001 requirements

Main objective: Ensure that the candidate is able to identify and explain the requirements for an anti-bribery
management system based on ISO 37001.

Competencies Knowledge statements

1. Ability to implement an ABMS based on the 1. Knowledge of the ISO 37001 requirements and
requirements of ISO 37001 guidance
2. Ability to describe the standard’s requirements 2. Knowledge of the common external and
with regard to the context of the organization, internal issues that affect the context of an
interested parties, ABMS scope, and bribery organization, approaches to establishing the
risk assessment (clause 4) scope, as well as the methodologies used for
3. Ability to work with and encourage the top bribery risk assessments
management and governing body to 3. Knowledge of the requirements with regard to
demonstrate leadership and commitment, top management and governing body
establish an anti-bribery policy, and identify the involvement and methods to define roles and
roles and responsibilities related to the ABMS responsibilities
(clause 5) 4. Knowledge of the approaches used in risk
4. Ability to identify risks and opportunities and management and strategies used in
to define anti-bribery objectives (clause 6) establishing objectives
5. Ability to ensure that sufficient resources are 5. Knowledge of the required resources,
available to implement, operate, and maintain competences, awareness, and documented
the ABMS (clause 7) information for an effective ABMS
6. Ability to implement and operate the ABMS 6. Knowledge of the requirements for operational
and its processes and controls (clause 8) planning and control and the processes that
7. Ability to use monitoring, measurement, must include specific controls (due diligence,
analysis, and evaluation to support the financial and non-financial controls, anti-
effective management of the ABMS (clause 9) bribery commitments, investigating and
8. Ability to analyze and take appropriate actions dealing with bribery, etc.)
when nonconformities occur and to continually 7. Knowledge of the approaches, techniques, and
improve the suitability, adequacy, and programs used for the monitoring,
effectiveness of the ABMS (clause 10) measurement, analysis, evaluation, internal
audits, and management reviews
8. Knowledge of the requirement and approaches
to dealing with nonconformities and initiating
corrective actions, as well as the methods to
continually improve an ABMS

ISO 37001 Lead Implementer

10
Candidate Handbook Version 5.1
Domain 3: Planning the ABMS implementation

Main objective: Ensure that the candidate is able to plan the implementation of the ABMS based on ISO
37001.

Competencies Knowledge statements

1. Ability to help an organization determine 1. Knowledge of the approaches used in
external and internal issues relevant to its determining the external and internal issues of
purpose and that can affect the ability to an organization
achieve the intended outcomes of the ABMS 2. Knowledge of the techniques used for the
2. Ability to identify the interested parties of an identification and management of interested
organization parties
3. Ability to conduct a gap analysis 3. Knowledge of the gap analysis methodologies
4. Ability to assist an organization in establishing 4. Knowledge of the standard’s requirements for
the scope of the ABMS the ABMS scope and other factors that
5. Ability to develop an anti-bribery policy to influence its establishment
orientate an organization with regard to anti- 5. Knowledge of the standard’s requirements for
bribery an anti-bribery policy, approaches to
6. Ability to establish anti-bribery objectives at developing a policy, and the suggested policy
relevant functions and levels content and structure
7. Ability to identify risks and opportunities to the 6. Knowledge of the approaches used in
ABMS establishing objectives
8. Ability to determine the optimal human, 7. Knowledge of risk assessment methodologies,
technical, informational, and financial such as the one recommended by ISO 31000
resources needed for the ABMS 8. Knowledge of the typical resources required
9. Ability to plan and manage the competences for the establishment, implementation, and
needed to operate the ABMS maintenance of a management system
10. Ability to raise awareness with regard to the 9. Knowledge of competence analysis
ABMS among the persons doing work under approaches and training programs
the organization’s control 10. Knowledge of the common strategies and
11. Ability to communicate relevant information to approaches used for raising awareness
support ethical behavior, the ABMS, and the 11. Knowledge of the principles of effective
achievement of anti-bribery objective communication and methods
12. Ability to ensure that the organization properly 12. Knowledge of the actions required to ensure
controls the necessary documented the control, availability, and suitability of
information essential documented information

ISO 37001 Lead Implementer

11
Candidate Handbook Version 5.1
Domain 4: Implementing an ABMS

Main objective: Ensure that the candidate is able to implement the processes of an ABMS required for an
ISO 37001 certification.

Competencies Knowledge statements

1. Ability to conduct due diligence in relation to 1. Knowledge of the requirements for due
specific transactions, projects, activities, diligence, as well as the categories to which it
business associates, and personnel is applied
2. Ability to implement financial controls that 2. Knowledge of the potential financial controls
manage bribery risk that could be implemented in specific cases
3. Ability to implement non-financial controls that 3. Knowledge of the approaches used in
manage bribery risk establishing non-financial controls and their
4. Ability to ensure that reasonable and applicability
proportionate anti-bribery procedures are 4. Knowledge of the requirements and
established by business associates and other procedures that business associates and other
organizations under the control of the organizations under the control of the main
organization organization implement to combat bribery
5. Ability to draft anti-bribery commitments to 5. Knowledge of the applicability of anti-bribery
which business associates must adhere commitments and approaches used to
6. Ability to implement procedures regarding establish them
gifts, hospitality, donations, and similar 6. Knowledge of the possible controls that
benefits organizations could implement with regard to
7. Ability to determine the actions to be taken gifts, hospitality, donations, and other benefits
when anti-bribery controls are deemed 7. Knowledge of the actions and cases the
inappropriate organization is required to undertake when
8. Ability to implement appropriate procedures anti-bribery controls are deemed inappropriate
about raising concerns 8. Knowledge of the requirements that an
9. Ability to establish procedures that allow organization must adhere to regarding the
organizations to investigate and deal with procedures for raising concerns
bribery 9. Knowledge of the possible approaches used
for the investigation and dealing with bribery,
as well as the standard’s requirements in this
regard

ISO 37001 Lead Implementer

12
Candidate Handbook Version 5.1
Domain 5: Monitoring, measurement, analysis, and evaluation of an ABMS

Main objective: Ensure that the candidate is able to evaluate, monitor, and measure the performance of an
ABMS.

Competencies Knowledge statements

1. Ability to monitor and evaluate the 1. Knowledge of the best practices and
effectiveness of an ABMS techniques used to monitor and evaluate the
2. Ability to determine information needs effectiveness of an ABMS
3. Ability to define the measurement-related roles 2. Knowledge of the importance of defining
and responsibilities information needs and the activities that can
4. Ability to establish performance indicators be performed to determine them
5. Ability to establish appropriate procedures for 3. Knowledge of the functions involved in
reporting the results to relevant interested monitoring, measurement, analysis, and
parties evaluation
6. Ability to verify to what extent the identified 4. Knowledge of the purpose of performance
anti-bribery objectives have been met indicators and approaches to establishing
7. Ability to define and implement an ABMS them
internal audit program 5. Knowledge of the approaches used in
8. Ability to perform regular and methodical reporting the results
reviews to ensure the suitability, adequacy, 6. Knowledge of the concepts related to
effectiveness, and efficiency of an ABMS measurement and evaluation
based on the policies and objectives of the 7. Knowledge of the main concepts and
organization components related to the implementation and
9. Ability to define and perform a management operation of an ABMS internal audit program
review process 8. Knowledge of the difference between a major
and a minor nonconformity
9. Knowledge of the guidelines and best
practices to draft a nonconformity report
10. Knowledge of the best practices used to
perform management reviews

ISO 37001 Lead Implementer

13
Candidate Handbook Version 5.1
Domain 6: Continual improvement of an ABMS

Main objective: Ensure that the candidate is able to provide guidance on the continual improvement of an
ABMS.

Competencies Knowledge statements

1. Ability to track and take action on 1. Knowledge of the main processes, tools, and
nonconformities techniques used to identify the root causes of
2. Ability to identify and analyze the root causes nonconformities
of nonconformities and propose action plans 2. Knowledge of the treatment of
to treat them nonconformities process
3. Ability to guide an organization on how to 3. Knowledge of the main processes, tools, and
continually improve the effectiveness and techniques used to develop corrective action
efficiency of an ABMS plans
4. Ability to implement continual improvement 4. Knowledge of the main concepts related to
processes in an organization continual improvement
5. Ability to determine the appropriate tools to 5. Knowledge of the processes related to the
support the continual improvement processes continual monitoring of change factors
of an organization 6. Knowledge of the maintenance and
improvement of an ABMS

ISO 37001 Lead Implementer

14
Candidate Handbook Version 5.1
Domain 7: Preparing for an ABMS certification audit

Main objective: Ensure that the candidate is able to prepare an organization for the certification against ISO
37001.

Competencies Knowledge statements

1. Ability to understand the main steps, 1. Knowledge of the evidence-based approach to
processes, and activities related to the ISO an audit
37001 certification audit 2. Knowledge of the types of audit and their
2. Ability to understand, explain, and illustrate the differences
audit evidence approach in an ABMS audit 3. Knowledge of the differences between Stage 1
3. Ability to counsel an organization to identify and Stage 2 audits
and select a certification body that meets their 4. Knowledge of the Stage 1 audit requirements,
expectations steps, and activities
4. Ability to determine an organization’s 5. Knowledge of the documented information
preparation for the ISO 37001 certification review criteria
audit 6. Knowledge of the Stage 2 audit requirements,
5. Ability to train and prepare an organization’s steps, and activities
personnel for the ISO 37001 certification audit 7. Knowledge of the audit follow-up
6. Ability to argue and challenge the audit requirements, steps, and activities
findings and conclusions with external 8. Knowledge of surveillance audits and
auditors recertification audit requirements, steps, and
activities
9. Knowledge of the requirements, guidelines,
and best practices for developing action plans
following an ISO 37001 certification audit

ISO 37001 Lead Implementer

15
Candidate Handbook Version 5.1
Based on the above-mentioned domains and their relevance, the exam contains 80 multiple-choice
questions, as summarized in the table below:

Level of understanding
(Cognitive/Taxonomy) required

% of the exam Questions that

Number of
devoted/points measure
questions/points Questions that
to/for each comprehension,
per competency measure evaluation
competency application, and
domain
domain analysis
Fundamental principles
and concepts of an anti-
13 16.25 X
bribery management
system (ABMS)
Anti-bribery management
system (ABMS) and ISO 13 16.25 X
37001 requirements

Planning the ABMS

18 22.5 X
Competency domains

implementation

Implementing an ABMS 14 17.5 X

Monitoring,
measurement, analysis
10 12.5 X
and evaluation of an
ABMS

Continual improvement
7 8.75 X
of an ABMS

Preparing for an ABMS

5 6.25 X
certification audit

Total 80 100%

Number of questions per level of understanding 40 40

% of the exam devoted to each level of understanding
50% 50%
(cognitive/taxonomy)

The passing score of the exam is 70%.

After successfully passing the exam, candidates will be able to apply for obtaining the “PECB Certified ISO
37001 Lead Implementer” credential.

ISO 37001 Lead Implementer

16
Candidate Handbook Version 5.1
Taking the exam

General information about the exam

Candidates are required to arrive/be present at least 30 minutes before the exam starts.

Candidates who arrive late will not be given additional time to compensate for the late arrival and may not be
allowed to sit for the exam.

Candidates are required to bring a valid identity card (a national ID card, driver’s license, or passport) and
show it to the invigilator.

If requested on the day of the exam (paper-based exams), additional time can be provided to candidates
taking the exam in a non-native language, as follows:
• 10 additional minutes for Foundation exams
• 20 additional minutes for Manager exams
• 30 additional minutes for Lead exams

PECB exam format and type

1. Paper-based: Exams are provided on paper, where candidates are not allowed to use anything but the
exam paper and a pen. The use of electronic devices, such as laptops, tablets, or phones, is not allowed.
The exam session is supervised by a PECB approved Invigilator at the location where the Partner has
organized the training course.
2. Online: Exams are provided electronically via the PECB Exams application. The use of electronic
devices, such as tablets and cell phones, is not allowed. The exam session is supervised remotely by a
PECB Invigilator via the PECB Exams application and an external/integrated camera.

For more information about online exams, go to the PECB Online Exam Guide.

PECB exams are available in two types:

1. Essay-type question exam
2. Multiple-choice question exam

This exam comprises multiple-choice questions: The multiple-choice exam can be used to evaluate
candidates’ understanding on both simple and complex concepts. It comprises both stand-alone and
scenario-based questions. Stand-alone questions stand independently within the exam and are not context-
depended, whereas scenario-based questions are context-dependent, i.e., they are developed based on a
scenario which a candidate is asked to read and is expected to provide answers to five questions related to
that scenario. When answering stand-alone and scenario-based questions, candidates will have to apply
various concepts and principles explained during the training course, analyze problems, identify and evaluate
alternatives, combine several concepts or ideas, etc.

Each multiple-choice question has three options, of which one is the correct response option (keyed
response) and two incorrect response options (distractors).

ISO 37001 Lead Implementer

17
Candidate Handbook Version 5.1
This is an open-book exam. The candidate is allowed to use the following reference materials:
• A hard copy of the ISO 37001 standard
• Training course materials (accessed through the PECB Exams app and/or printed)
• Any personal notes taken during the training course (accessed through the PECB Exams app and/or
printed)
• A hard copy dictionary

A sample of exam questions will be provided below.

Note: PECB will progressively transition to multiple-choice exams. They will also be open book and comprise
scenario-based questions that will allow PECB to evaluate candidates’ knowledge, abilities, and skills to use
information in new situations (apply), draw connections among ideas (analyze), and justify a stand or
decision (evaluate).

For specific information about exam types, languages available, and other details, please contact
[email protected] or go to the List of PECB Exams.

ISO 37001 Lead Implementer

18
Candidate Handbook Version 5.1
Sample exam questions

1. What must the outputs of the top management review include?

A. Only decisions related to continual improvement opportunities
B. Only decisions related to any changes to the ABMS
C. Both

2. With regard to gifts, hospitality, donations, and similar benefits, which of the following does the
standard require?
A. The organization must implement procedures prohibit the only acceptance of any type of gift,
hospitality, donation, and similar benefit
B. The organization must implement procedures to prevent the offering, provision, or acceptance of
gifts, hospitality, donations, and similar benefits in cases when these are or may be perceived as
bribery
C. The organization must prohibit the provision of gifts, hospitality, donations, and similar benefits

3. To which of the following group must the anti-bribery policy be communicated directly?
A. To everyone
B. Only to those who are under the direct control of the organization
C. To personnel and business associates who pose more than a low bribery risk

4. Can an organization assign all of the anti-bribery compliance function to persons external to the
organization?
A. Yes it can
B. Depends, only in cases where it is required by law
C. No, the anti-bribery compliance function must be assigned entirely to persons who are part of the
organization

5. Which of the following is the top management of an organization is NOT required to do:
A. Encouraging the use of reporting procedures for suspected and actual bribery
B. Conducting internal audits
C. Directing personnel to contribute to the effectiveness of the ABMS

ISO 37001 Lead Implementer

19
Candidate Handbook Version 5.1
Exam Security Policy
PECB is committed to protect the integrity of its exams and the overall examination process, and relies upon
the ethical behavior of applicants, potential applicants, candidates and partners to maintain the
confidentiality of PECB exams. This Policy aims to address unacceptable behavior and ensure fair treatment
of all candidates.

Any disclosure of information about the content of PECB exams is a direct violation of this Policy and
PECB’s Code of Ethics. Consequently, candidates taking a PECB exam are required to sign an Exam
Confidentiality and Non-Disclosure Agreement and must comply with the following:
1. The questions and answers of the exam materials are the exclusive and confidential property of PECB.
Once candidates complete the submission of the exam to PECB, they will no longer have any access to
the original exam or a copy of it.
2. Candidates are prohibited from revealing any information regarding the questions and answers of the
exam or discuss such details with any other candidate or person.
3. Candidates are not allowed to take with themselves any materials related to the exam, out of the exam
room.
4. Candidates are not allowed to copy or attempt to make copies (whether written, photocopied, or
otherwise) of any exam materials, including, without limitation, any questions, answers, or screen
images.
5. Candidates must not participate nor promote fraudulent exam-taking activities, such as:
• Looking at another candidate’s exam material or answer sheet
• Giving or receiving any assistance from the invigilator, candidate, or anyone else
• Using unauthorized reference guides, manuals, tools, etc., including using “brain dump” sites as
they are not authorized by PECB

Once a candidate becomes aware or is already aware of the irregularities or violations of the points
mentioned above, they are responsible for complying with those, otherwise if such irregularities were to
happen, candidates will be reported directly to PECB or if they see such irregularities, they should
immediately report to PECB.

Candidates are solely responsible for understanding and complying with PECB Exam Rules and Policies,
Confidentiality and Non-Disclosure Agreement and Code of Ethics. Therefore, should a breach of one or
more rules be identified, candidates will not receive any refunds. In addition, PECB has the right to deny the
right to enter a PECB exam or to invite candidates for an exam retake if irregularities are identified during and
after the grading process, depending on the severity of the case.

Any violation of the points mentioned above will cause PECB irreparable damage for which no monetary
remedy can make up. Therefore, PECB can take the appropriate actions to remedy or prevent any
unauthorized disclosure or misuse of exam materials, including obtaining an immediate injunction.
PECB will take action against individuals that violate the rules and policies, including permanently banning
them from pursuing PECB credentials and revoking any previous ones. PECB will also pursue legal action
against individuals or organizations who infringe upon its copyrights, proprietary rights, and intellectual
property.

ISO 37001 Lead Implementer

20
Candidate Handbook Version 5.1
Exam results
Exam results will be communicated via email.

• The time span for the communication starts from the exam date and lasts three to eight weeks for
essay type exams and two to four weeks for multiple-choice paper-based exams.
• For online multiple-choice exams, candidates receive their results instantly.

Candidates who successfully complete the exam will be able to apply for one of the credentials of the
respective certification scheme.

For candidates who fail the exam, a list of the domains where they have performed poorly will be added to
the email to help them prepare better for a retake.

Candidates that disagree with the results may request a re-evaluation by writing to [email protected] within
30 days of receiving the results. Re-evaluation requests received after 30 days will not be processed. If
candidates do not agree with the results of the reevaluation, they have 30 days from the date they received
the reevaluated exam results to file a complaint through the PECB Ticketing System. Any complaint received
after 30 days will not be processed.

Exam Retake Policy

There is no limit to the number of times a candidate can retake an exam. However, there are certain
limitations in terms of the time span between exam retakes.

If a candidate does not pass the exam on the 1st attempt, they must wait 15 days after the initial date of the
exam for the next attempt (1st retake).

Note: Candidates who have completed the training course with one of our partners, and failed the first exam
attempt, are eligible to retake for free the exam within a 12-month period from the date the coupon code is
received (the fee paid for the training course, includes a first exam attempt and one retake). Otherwise,
retake fees apply.

For candidates that fail the exam retake, PECB recommends they attend a training course in order to be
better prepared for the exam.

To arrange exam retakes, based on exam format, candidates that have completed a training course, must
follow the steps below:
1. Online Exam: when scheduling the exam retake, use initial coupon code to waive the fee
2. Paper-Based Exam: candidates need to contact the PECB Partner/Distributor who has initially organized
the session for exam retake arrangement (date, time, place, costs).

Candidates that have not completed a training course with a partner, but sat for the online exam directly with
PECB, do not fall under this Policy. The process to schedule the exam retake is the same as for the initial
exam.

ISO 37001 Lead Implementer

21
Candidate Handbook Version 5.1
SECTION III: CERTIFICATION PROCESS AND REQUIREMENTS

PECB ISO 37001 credentials

All PECB certifications have specific requirements regarding education and professional experience. To
determine which credential is right for you, take into account your professional needs and analyze the criteria
for the certifications.

The credentials in the PECB ISO 37001 scheme have the following requirements:

Professional MS project Other

Credential Education Exam
experience experience requirements

PECB Certified
ISO 37001
None None
Provisional
Implementer
Two years:
PECB Certified Project activities:
PECB Certified One year of work
ISO 37001 a total of 200
ISO 37001 experience in anti-
Implementer At least hours Signing the
Lead bribery management
secondary PECB Code of
Implementer Five years:
PECB Certified education Project activities: Ethics
exam or Two years of work
ISO 37001 equivalent a total of 300
experience in anti-
Lead Implementer hours
bribery management
Ten years:
PECB Certified Project activities:
Seven years of work
ISO 37001 Senior a total of 1,000
experience in anti-
Lead Implementer hours
bribery management

To be considered valid, the implementation activities should follow best implementation and management
practices and include the following:
1. Drafting ABMS implementation plans
2. Initiating ABMS implementation projects
3. Establishing policies, processes, and procedures
4. Setting objectives at relevant levels
5. Implementing the ABMS
6. Managing, monitoring, and maintaining the ABMS
7. Identifying and acting upon continual improvement opportunities

Applying for certification

All candidates who successfully pass the exam (or an equivalent accepted by PECB) are entitled to apply for
the PECB credential they were assessed for. Specific educational and professional requirements need to be
fulfilled in order to obtain a PECB certification. Candidates are required to fill out the online certification
application form (that can be accessed via their PECB account), including contact details of individuals who
will be contacted to validate the candidates’ professional experience. Candidates can submit their
application in English, French, German, Spanish or Korean languages. They can choose to either pay online or
be billed. For additional information, please contact [email protected].

ISO 37001 Lead Implementer

22
Candidate Handbook Version 5.1
The online certification application process is very simple and takes only a few minutes:
• Register your account
• Check your email for the confirmation link
• Log in to apply for certification

For more information on how to apply for certification, click here.

The Certification Department validates that the candidate fulfills all the certification requirements regarding
the respective credential. The candidate will receive an email about the application status, including the
certification decision.

Following the approval of the application by the Certification Department, the candidate will be able to
download the certificate and claim the corresponding Digital Badge. For more information about
downloading the certificate, click here, and for more information about claiming the Digital Badge, click here.

PECB provides support both in English and French.

Professional experience
Candidates must provide complete and correct information regarding their professional experience,
including job title(s), start and end date(s), job description(s), and more. Candidates are advised to
summarize their previous or current assignments, providing sufficient details to describe the nature of the
responsibilities for each job. More detailed information can be included in the résumé.

Professional references
For each application, two professional references are required. They must be from individuals who have
worked with the candidate in a professional environment and can validate their anti-bribery management
experience, as well as their current and previous work history. Professional references of persons who fall
under the candidate’s supervision or are their relatives are not valid.

ABMS project experience

The candidate’s ABMS project log will be checked to ensure that the candidate has the required number of
implementation hours.

Evaluation of certification applications

The Certification Department will evaluate each application to validate the candidates’ eligibility for
certification or certificate program. A candidate whose application is being reviewed will be notified in
writing and, if necessary, given a reasonable time frame to provide any additional documentation. If a
candidate does not respond by the deadline or does not provide the required documentation within the given
time frame, the Certification Department will validate the application based on the initial information
provided, which may lead to the candidates’ credential downgrade.

ISO 37001 Lead Implementer

23
Candidate Handbook Version 5.1
SECTION IV: CERTIFICATION POLICIES

Denial of certification
PECB can deny certification/certificate program if candidates:
• Falsify the application
• Violate the exam procedures
• Violate the PECB Code of Ethics

Candidates whose certification/certificate program has been denied can file a complaint through the
complaints and appeals procedure. For more detailed information, refer to Complaint and Appeal Policy
section.

The application payment for the certification/certificate program is nonrefundable.

Certification status options

Active
Means that your certification is in good standing and valid, and it is being maintained by fulfilling the PECB
requirements regarding the CPD and AMF.

Suspended
PECB can temporarily suspend candidates’ certification if they fail to meet the requirements. Other reasons
for suspending certification include:
• PECB receives excessive or serious complaints by interested parties (suspension will be applied until
the investigation has been completed.)
• The logos of PECB or accreditation bodies are willfully misused.
• The candidate fails to correct the misuse of a certification mark within the determined time by PECB.
• The certified individual has voluntarily requested a suspension.
• PECB deems appropriate other conditions for suspension of certification.

Revoked
PECB can revoke (that is, to withdraw) the certification if the candidate fails to satisfy its requirements. In
such cases, candidates are no longer allowed to represent themselves as PECB Certified Professionals.
Additional reasons for revoking certification can be if the candidates:
• Violate the PECB Code of Ethics
• Misrepresent and provide false information of the scope of certification
• Break any other PECB rules
• Any other reasons that PECB deems appropriate

Candidates whose certification has been revoked can file a complaint through the complaints and appeals
procedure. For more detailed information, refer to Complaint and Appeal Policy section.

ISO 37001 Lead Implementer

24
Candidate Handbook Version 5.1
Other statuses
Besides being active, suspended, or revoked, a certification can be voluntarily withdrawn or designated as
Emeritus. To learn more about these statuses and the permanent cessation status, go to Certification Status
Options.

Upgrade and downgrade of credentials

Upgrade of credentials
Professionals can upgrade their credentials as soon as they can demonstrate that they fulfill the
requirements.

To apply for an upgrade, candidates need to log into their PECB account, visit the “My Certifications” tab, and
click on “Upgrade.” The upgrade application fee is $100.

Downgrade of credentials
A PECB Certification can be downgraded to a lower credential due to the following reasons:
• The AMF has not been paid.
• The CPD hours have not been submitted.
• Insufficient CPD hours have been submitted.
• Evidence on CPD hours has not been submitted upon request.

Note: PECB certified professionals who hold Lead certifications and fail to provide evidence of certification
maintenance requirements will have their credentials downgraded. The holders of Master Certifications who
fail to submit CPDs and pay AMFs will have their certifications revoked.

Renewing the certification

PECB certifications are valid for three years. To maintain them, PECB certified professionals must meet the
requirements related to the designated credential, e.g., they must fulfill the required number of continual
professional development (CPD) hours. In addition, they need to pay the annual maintenance fee ($120). For
more information, go to the Certification Maintenance page on the PECB website.

Closing a case
If candidates do not apply for certification within one year, their case will be closed. Even though the
certification period expires, candidates have the right to reopen their case. However, PECB will no longer be
responsible for any changes regarding the conditions, standards, policies, and candidate handbook that were
applicable before the case was closed. A candidate requesting their case to reopen must do so in writing to
[email protected] and pay the required fee.

Complaint and Appeal Policy

Any complaints must be made no later than 30 days after receiving the certification decision. PECB will
provide a written response to the candidate within 30 working days after receiving the complaint. If
candidates do not find the response satisfactory, they have the right to file an appeal.

For more information about the Complaint and Appeal Policy, click here.

ISO 37001 Lead Implementer

25
Candidate Handbook Version 5.1
SECTION V: GENERAL POLICIES

Exams and certifications from other accredited certification bodies

PECB accepts certifications and exams from other recognized accredited certification bodies. PECB will
evaluate the requests through its equivalence process to decide whether the respective certification(s) or
exam(s) can be accepted as equivalent to the respective PECB certification (e.g., ISO 37001 Lead
Implementer certification).

Non-discrimination and special accommodations

All candidate applications will be evaluated objectively, regardless of the candidates’ age, gender, race,
religion, nationality, or marital status.

To ensure equal opportunities for all qualified persons, PECB will make reasonable accommodations 3 for
candidates, when appropriate. If candidates need special accommodations because of a disability or a
specific physical condition, they should inform the partner/distributor in order for them to make proper
arrangements4. Any information that candidates provide regarding their disability/special needs will be
treated with confidentiality. To download the Candidates with Disabilities Form, click here.

Behavior Policy
PECB aims to provide top-quality, consistent, and accessible services for the benefit of its external
stakeholders: distributors, partners, trainers, invigilators, examiners, members of different committees and
advisory boards, and clients (trainees, examinees, certified individuals, and certificate holders), as well as
creating and maintaining a positive work environment which ensures safety and well-being of its staff, and
holds the dignity, respect and human rights of its staff in high regard.

The purpose of this Policy is to ensure that PECB is managing unacceptable behavior of external
stakeholders towards PECB staff in an impartial, confidential, fair, and timely manner. To read the Behavior
Policy, click here.

Refund Policy
PECB will refund your payment, if the requirements of the Refund Policy are met. To read the Refund Policy,
click here.

3 According to ADA, the term “reasonable accommodation” may include: (A) making existing facilities used by employees readily
accessible to and usable by individuals with disabilities; and (B) job restructuring, part-time or modified work schedules, reassignment
to a vacant position, acquisition or modification of equipment or devices, appropriate adjustment or modifications of examinations,
training materials or policies, the provision of qualified readers or interpreters, and other similar accommodations for individuals with
disabilities.
4 ADA Amendments Act of 2008 (P.L. 110–325) Sec. 12189. Examinations and courses. [Section 309]: Any person that offers

examinations or courses related to applications, licensing, certification, or credentialing for secondary or post-secondary education,
professional, or trade purposes shall offer such examinations or courses in a place and manner accessible to persons with disabilities
or offer alternative accessible arrangements for such individuals.

ISO 37001 Lead Implementer

26
Candidate Handbook Version 5.1
 Address: Tel./Fax:
Headquarters T: +1-844-426-7322
6683 Jean Talon E, F: +1-844-329-7322
Suite 336 Montreal,
H1S 0A5, QC,
CANADA

Emails: PECB Help Center

Examination: Visit our Help Center to browse
[email protected] Frequently Asked Questions
(FAQ), view manuals for using
Certification: PECB website and applications,
[email protected] read documents related to PECB
processes, or to contact us via
Customer Service: Support Center’s online tracking
[email protected] system.

www.pecb.com

©2023 PECB