Whistleblowing guidelines: What you need to know about ISO 37002

At the end of July 2021, the International Organisation for Standardisation published ISO 37002:2021 (ISO 37002 Whistleblowing management systems - Guidelines). This standard is a guide for the effective implementation of an internal whistleblowing and management system related to this. Together with previously published standards (in particular ISO 37302), it forms the first global standard to fully address whistleblowing. 

The new ISO 37002 provides guidance for establishing and maintaining an effective whistleblowing system based on the principles of trust, impartiality and protection. The standard can therefore prove to be a very useful guide for employers in establishing and using internal whistleblowing systems in accordance with legislative requirements (the EU Whistleblowing Directive and the forthcoming Czech Whistleblower Protection Act). However, unlike the legislation, it does not focus so much on whistleblowers, but targets organisations directly. It seeks to minimise the negative impact of any possible wrongdoing.

According to ISO 37002, the important elements are:

• information security
• ensuring an anonymous dialogue with the whistleblower
• protection of whistleblowers
   

The FaceUp platform is fully compliant with all current legislative requirements and the recommendations of the new ISO 37002 standard.

What can ISO 37002 help you with?

While the legislative requirements generally tell you what you need to do, ISO 37002 provides very specific and detailed instructions on how to do it. The standard can be implemented in any private, public or not-for-profit organisation, regardless of size or business sector. It is a broadly applicable standard - it emphasises consideration of the context, needs and expectations of the organisation and adapts the whistleblowing management system to these actualities. 

According to ISO 37002, you should devote plenty of time and attention to the  preparation and planning of an internal whistleblowing system, from securing all resources, allocating responsibilities, determining how to communicate through an ethical line or other whistleblowing channel, to documentation, etc. The standard sets out the content of the obligations for employers, defining individual roles, responsibilities and authorities.

A substantial part of the standard is devoted to the actual process of managing the whistleblowing notifications received, which is naturally the most important part of the whole whistleblowing management system. On the other hand, the standard also emphasises the importance of other consecutive follow-up  (e.g. planning or subsequent evaluation of the effectiveness of the system). 

The whole whistleblowing management process is divided into several key steps:

1. Receipt of the notification of the violation,
2. Assessment of the notification ,
3. Management of  the whistleblowing - this  also includes providing protection and support to whistleblowers,
4. Closing the case.

According to ISO 37002, it is also necessary to focus on assessing the effectiveness of the internal whistleblowing system and to address its monitoring, analysis and subsequent evaluation. The recommendation is to conduct regular internal audits, the findings of which should help improve the whistleblowing management system. At the same time, it foresees that the system can be adapted at any time during its use to better suit the needs of your organisation and to be truly effective.

Certification options and other standards for compliance management systems

As stated directly in the title of the new ISO standard (Whistleblowing management systems - Guidelines), it is one of the so-called guidelines, i.e. standards of a more general nature, and therefore cannot be certified. However, you can certify your internal whistleblowing channel as part of a complete compliance management system according to ISO 37301 Compliance management systems - Requirements with guidance for use. In the context of whistleblowing, the (also certifiable) ISO 37001 Anti-bribery management systems standard, which deals with the protection against corrupt behaviour and establishes anti-corruption management systems, is also frequently referred to. Implementing these standards will ensure that your organisation's internal whistleblowing channel is truly effective and in line with all international standards.

Interested in implementing ISO 37002 or any of the other ISO standards? 

We would be happy to explain the specific requirements and help you with the certification process. Let's talk.