Alstom, a world leader in mobility solutions, was ISO 37001 certified in June 2017 – a milestone in France! Michael Julian, Chief Compliance Officer, reflects on this distinction, which certifies best practices against corruption.
Why did you seek ISO 37001 certification, based on the voluntary standard of the same name published in October 2016?
Alstom’s business operates throughout the world and especially on public markets; it is therefore exposed to a very high risk of corruption. It’s especially dangerous since hundreds of millions – even billions – of euros are at stake. The group has been working on ethics and compliance for a long time. So our Code of Ethics, in effect since 2001, and our Integrity Programme have strengthened over the years. The Ethics and Compliance (E&C) department works on, among other things, combating corruption, safeguarding personal data and overseeing the sanctions regime. ISO 37001 certification, which allows us to highlight our compliance efforts both internally and externally, builds on this dynamic of improvement.
How did you manage to coordinate certification across seven sites?
We took a step-wise approach: first France, with the Valenciennes site and the Saint-Ouen main office, plus six other sites in Europe. Each year, a new region will be added – it’ll be Asia-Pacific’s turn in November. All regions must have received the certification by 2019. It is a company-wide initiative led by our CEO and it goes well beyond just the scope of the E&C team. All departments are taking part: HR, legal, finance, sales, communications, etc. A pre-audit was conducted at the end of 2016 to learn about the expectations of the standard, our strengths and weaknesses. A one-day informational and preparatory meeting was held at each site.
What challenges did you face?
Between 2012 and 2015 the World Bank helped us to develop and strengthen our compliance plan. So the right processes were already in place. Yet we were lacking in management of the documentation of processes – in other words, the ISO aspects. However, the drive and support at the highest level of management were critical. There was excellent teamwork in-house and rewarding dialogue with AFNOR auditors, who were just great.
How did the audit proceed?
We learned a lot from the AFNOR Certification auditors, who were very patient as the E&C team was learning the ISO processes. There was good communication, a good level of dialogue on all subjects, even when it was hard to find middle ground. We always found a solution! The main thing was interpreting the requirements of the voluntary standard, which can seem very theoretical since it’s so new, and figure out how it concretely applied to an actual company process.
What are your expectations for this certification now?
We’re going to continue the ongoing improvement process inherent in the compliance plan. We would like this voluntary standard to be applied throughout the world. It’s a great initiative from ISO that offers a firm foundation for enterprises’ compliance around the world, and attests to their soundness with an objective and impartial seal.