AS 8001:2021 – Fraud and corruption control.
business associate
external party with whom the organization has, or plans to establish, some form olbusiness relationship
Note I to entry: A business associate Includes but Is not limited to clients, customers, olnE ventures, olnt venture partners, consortium partners. outsourcing providers, contractors, consultants, sub-contractors. suppliers, vendors, advisors, agents. distributors. representatives, Intermediaries and Investors. This definition is deliberately broad and should be interpreted in line with the bribery risk profile the organization to apply to business associates which can reasonably expose the organization to bribery risks.
Note 2 to entry: Different types business associate pose different types and degrees bribery risk, and an organization will have differing degrees ability to influence different types business associate. Different types of business associate can be treated differently by the organization’s bribery risk assessment and bribery risk management procedures.
Note 3 to entry: Relèrence to “business” in this document can be interpreted broadly to mean those activities that are relevant to the purposes of the organization’s existence.
ISOURCE: ISO 37001:2016(en). 3.261
code of behaviour code of conduct
code of ethics
document broadly communicated within the organization setting out expected standards of behaviour
conflict of interest
situation where business, financial, family, political or personal interests could interfere with the jodgement of persons In carrying out their duties for the organization
ISOURCE: ISO 37O01:2Ol6en), 3.29]
measure that Is modifying risk
Note 1 to entry: Controls include any process, policy, device, practice, or other actions which modify risk. Note 2 to entry: Controls may not always exert the intended or assumed modifying effect.
ISOIJRCE: ISO Guide 73:2009(en),]
dishonest activity in which a person associated with an organization (e.g. director, executive, manager, employee or contractor) acts contrary to the interests of the organization and abuses their position of trust in order to achieve personal advantage or advantage for another person or organization. This can also involve corrupt conduct by the organization. ora person purporting to act on behalf of and in the interests of the organization, in order to secure some form of improper advantage for the organization either directly or indirectly
Note ito entry: the concept corruption in this Standard Is broader than the concept bribe or bribery in AS Iso 37001. All acts of bribery would constitute corruption under AS 8001 but not all acts o corruption would constitute bribery under AS ISO 37001.
Note 2 to entry: While conduct must be dishonest for it to meet the definition corruption, the conduct does not necessarily represent a breach of the Law.
criminal activity where services or applications in the Cyberspace are used for or are the target of a crime, or where the Cyberspace Is the source, tool, target, or place of a crime
[SOURCE: ISO/IEC 27032:201 2(en), 4.18)
digital evidence
information or data, stored or transmitted in binary form that may be relied on as evidence
[SOURCE: ISO/IEC 27037:2012en), 3.5)
digital evidence first responder
individual who is authorized, trained and qualified to act first at an incident scene in performing digital evidence collection and acquisition with the responsibility for handling that evidence
Note I to entry: Authority, training and qualification are the expected requirements necessary to produce reliable digital evidence, but individual circumstances may result in an individual not adhering to all three requirements, In this case, the local law, organizational policy and individual circumstances should be considered.
(SOURCE: ISO/IEC 27037:2012(en), 3.7)
external fraud
externally instigated fraud
fraudulent activity where no perpetrator Is employed by or has a close association with the target organization
dishonest activity causing actual or potential gain or loss to any person or organization including theft of moneys or other property by persons internal and/or external to the organization and/or where deception is used at the time, immediately before or immediately following the activity
Note I to entry: Property In this context also includes Intellectual property and other Intangibles such as intormation.
Note 2 to entry: Fraud also includes the deliberate falsification, concealment, destruction or use falsified documentation used or Intended for use for a normal business purpose or the Improper use of Information or position for personal financial benefit.
Note 3 to entry: While conduct must be dishonest for It to meet the definition “fraud the conduct need not necessarily represent a breach of the criminal law,
Note 4 to entry: The concept fraud within the meaning this Standard can Involve fraudulent conduct by internal and/or external parties targeting the organization or fraudulent or corrupt conduct by the organization itselitargeting external parties.