How to review and test your whistleblower programme according to published best-practice standards

In late 2021, the International Organization for Standardization (ISO) will formally enact International Standard ISO 37002 – Whistleblowing Management Systems – Guidelines (ISO Whistleblower Guidelines). The ISO Whistleblower Guidelines are currently in their final form and are expected to be released in 2021.

The ISO Whistleblower Guidelines are the first comprehensive guide for companies operating whistleblower management systems. If your programme meets the ISO Whistleblower Guidelines in all respects you have a leading-edge system that meets the best international standards and you should feel very comfortable that it is fit for purpose.

In ISO speak, ‘guidelines’ cannot be certified by an accredited body as having been met. There is currently no certification process for guidelines, although that may change at some stage in the future. What you can do, however, is engage a company to conduct a review and audit of your programme against the ISO Whistleblower Guidelines to give you some comfort of compliance. Of course, it is always best to engage a reputable compliance expert that understands the ISO Standards and process. ETHIC Intelligence offers this service to clients globally.

What do the ISO Whistleblower Guidelines actually intend to do?

The ISO Whistleblower Guidelines provide advice to organisations for establishing, implementing, maintaining and improving a whistleblowing management system, with the following outcomes:

The ISO Whistleblower Guidelines assist organisations to create whistleblowing management systems based on the principles of trust, impartiality and protection. The guidelines are adaptable, and their use will vary with the size, nature, complexity and jurisdiction of the organisation’s activities. The ISO Whistleblower Guidelines can assist an organisation to improve its existing whistleblowing policy and procedures, or to comply with applicable whistleblowing legislation.

How different is this to other ISO standards and guidelines that address compliance issues?

The ISO Whistleblower Guidelines use the ‘harmonised structure’ (i.e. clause sequence, common text and common terminology) developed by ISO to improve alignment among international standards for management systems. So, if you are familiar with the anti-bribery management standard (ISO 37001), for example, these guidelines will be very easy to understand. The similar format, sections, definitions and layout really make it easier for those familiar with the ISO structure.

What are the ISO Whistleblower Guidelines intended to address?

The ISO Whistleblower Guidelines give principles for establishing, implementing and maintaining an effective whistleblowing management system based on the principles of trust, impartiality and protection in the following four steps:

  • receiving reports of wrongdoing
  • assessing reports of wrongdoing
  • addressing reports of wrongdoing
  • concluding whistleblowing cases.

The ISO Whistleblower Guidelines are generic and intended to be applicable to all organisations, regardless of type, size and nature of activities, and whether in the public, private or not-for-profit sector. You can easily adjust the programme that you are building based on your organisation’s needs.

How to learn more

The ISO Whistleblower Guidelines are in their final form and are expected to be approved imminently. They will be available from ISO stores in each country. Check the ISO website for further details.

ETHIC Intelligence is offering courses on the ISO Whistleblower Guidelines, including how to implement them in your programme. We will also be offering solutions for companies to test their programmes against the ISO Whistleblower Guidelines and support annual check-ups and validation. For further details, please contact us here.