FACT: An ISO 37001 Audit & Certification does not derail legal privilege
Recently I received a challenge from a prospective client that if their organization adopted ISO 37001, they may be reducing the protections offered by the attorney-client privilege, particularly in the United States, for communications about sensitive legal issues.
There was a view shared that by handing over access (to an auditing certification body) key parts of their anti-bribery management system that somehow the sharing waived privilege in those documents. In fact, the allegation was that this would be a major reason not to engage a certification process.
These concerns are misplaced. In fact, ISO 37001, properly implemented, should enhance an organisation’s ability to protect its attorney-client privileged documents.