The new ISO 37002 provides guidance for establishing and maintaining an effective whistleblowing system based on the principles of trust, impartiality and protection. The standard can therefore prove to be a very useful guide for employers in establishing and using internal whistleblowing systems in accordance with legislative requirements (the EU Whistleblowing Directive and the forthcoming Czech Whistleblower Protection Act). However, unlike the legislation, it does not focus so much on whistleblowers, but targets organisations directly. It seeks to minimise the negative impact of any possible wrongdoing.
According to ISO 37002, the important elements are:
The FaceUp platform is fully compliant with all current legislative requirements and the recommendations of the new ISO 37002 standard.
While the legislative requirements generally tell you what you need to do, ISO 37002 provides very specific and detailed instructions on how to do it. The standard can be implemented in any private, public or not-for-profit organisation, regardless of size or business sector. It is a broadly applicable standard - it emphasises consideration of the context, needs and expectations of the organisation and adapts the whistleblowing management system to these actualities.
According to ISO 37002, you should devote plentyt of time and attention to the preparation and planning of an internal whistleblowing system, from securing all resources, allocating responsibilities, determining how to communicate through an ethical line or other whistleblowing channel, to documentation, etc. The standard sets out the content of the obligations for employers, defining individual roles, responsibilities and authorities.
A substantial part of the standard is devoted to the actual process of managing the whistleblowing notifications received, which is naturally the most important part of the whole whistleblowing management system. On the other hand, the standard also emphasises the importance of other consecutive follow-up (e.g. planning or subsequent evaluation of the effectiveness of the system).
The whole whistleblowing management process is divided into several key steps:
According to ISO 37002, it is also necessary to focus on assessing the effectiveness of the internal whistleblowing system and to address its monitoring, analysis and subsequent evaluation. The recommendation is to conduct regular internal audits, the findings of which should help improve the whistleblowing management system. At the same time, it foresees that the system can be adapted at any time during its use to better suit the needs of your organisation and to be truly effective.
As stated directly in the title of the new ISO standard (Whistleblowing management systems - Guidelines), it is one of the so-called guidelines, i.e. standards of a more general nature, and therefore cannot be certified. However, you can certify your internal whistleblowing channel as part of a complete compliance management system according to ISO 37301 Compliance management systems - Requirements with guidance for use. In the context of whistleblowing, the (also certifiable) ISO 37001 Anti-bribery management systems standard, which deals with the protection against corrupt behaviour and establishes anti-corruption management systems, is also frequently referred to. Implementing these standards will ensure that your organisation's internal whistleblowing channel is truly effective and in line with all international standards.
Whistleblowing - just a bureaucracy or an opportunity for your company?