Why do some people still worry that implementing ISO 37001 would harm the attorney-client privilege? It probably stems from the mistake of thinking that an internal standard might cause an organization to discover harmful facts about itself, and because lawyers might be involved in that process, the internal standard hurts attorney-client confidentiality. But a fact is one thing, and a communication to or from an attorney concerning that fact is an entirely different thing. The attorney-client privilege does not protect underlying facts. It protects attorney-client communications.
ISO 37001 does not change that. And it actually helps to ensure that such communications are protected.
Nothing in the ISO 37001 standard on anti-bribery management systems requires giving up or weakening the attorney-client privilege. In fact, when properly implemented, we believe that ISO 37001 should make it easier to protect the privilege.