- Are your Code of Conduct and other behavioural codes linked to the whistleblowing channel?
- Do you explain why you have the whistleblowing channel in place, how the security of the service is organised and how you protect the whistleblower’s anonymity?
- Have you clearly explained and given examples of issues that should, and should not, be reported through the whistleblowing channel?
- Has the whistleblowing channel been endorsed by the Board of Directors, Management and by the Works Council or employee representative?
Checklist for a trustworthy whistleblowing service
WhistleB offers a next generation whistleblowing service, a third-party solution that enables a whistleblower to report a suspicion of misconduct in a secure way. Our customers include global and regional companies in various sectors as well as investors, public authorities and associations. We have a market coverage of 100+ markets on all continents.
Download now
Checklist for a trustworthy whistleblowing service
1
Endorsement
2
Reporting
- Is the whistleblowing channel accessible 24/7/365 from all devices with internet access, including smartphones?
- Is it possible to report while remaining anonymous and untraceable, and is it possible to establish a dialogue with an anonymous whistleblower?
- Is it easy to upload supporting documents, such as pictures, film clips or excel files?
- Can you ensure that there is no tracking of a whistleblower’s metadata, including the IP address?
- Is your whistleblowing channel provided by an external service provider to ensure anonymity?
3
Case management and investigation
- Is your whistleblowing team instantly notified of incoming reports, e.g. by sms and/or email?
- Do you have guidelines and routines in place for the investigation process?
- Do you have a Case management tool for efficient handling of reports, including the possibility to safely assign or delegate cases to the right level in the organisation?
- Do you have secure translation support?
- Have you appointed an appropriately competent person to manage whistleblowing cases?
- Do you have a mechanism for acknowledging receipt of the report and following up on case management progress with the whistleblower?
- Do you allow the whistleblower to have the report dealt with at subsidiary or group level?
4
Follow up
- Can you easily create statistics, e.g. number of reports sorted by time period, areas of concern or geographical area?
- Are you able to present the outcomes of investigations in whistleblowing reports internally and externally, improving transparency, credibility and conduct?
- Does your whistleblowing system provide tools for timely follow-up to the whistleblower?
5
Data security
- Is data encrypted during storage, transmission and in back-ups?
- Is data protected against online attacks for all authentications in the service?
- Is the service vulnerability and penetration tested regularly?
6
Legal compliance
- Is the whistleblowing service compliant with current laws and regulations on data protection in all countries where you offer the whistleblowing channel?
- Is the service fully compliant with the EU General Data Protection Regulation (GDPR)?
- Are user logs created for follow up and audits? If your organisation operates in the EU, is it compliant with the EU Whistleblower Protection Directive?
- Are the rights and obligations of the whistleblower ensured and explained, e.g. whistleblower protection?
- Are the rights and obligations of the person or people implicated in the message ensured and explained?
7
Adaptability
- Is your whistleblowing channel available in all languages required in the markets where your organisation operates?
- Is the whistleblowing channel easily customisable to your organisation’s specific situation?
- Does the whistleblowing channel allow for continuous adaptation to changing circumstances and whistleblowing experience gathered?
WhistleB offers a next generation whistleblowing service, a third-party solution that is GDPR compliant and enables a whistleblower to securely report a suspicion of misconduct. Our customers include global and regional companies in various sectors as well as investors, public authorities and associations. We have a market coverage of 100+ markets on all continents.