ISO 37002 – Whistleblowing management systems

Do you know what ISO 37002 Standard is?

Recently has been published the ISO 37002:2021, relating to whistleblowing management systems(whistleblowing management systems) This standard complements and complements the requirements in this area of other compliance standards such as ISO 37001 (Anti-bribery), UNE 19601 (Criminal Compliance) or ISO 37301 (Compliance).

ISO 37002 aims to guide organizations in the establishment, implementation, maintenance and improvement of their internal infringement communication systems. The concept of whistleblowingis defined in ISO 37002 as the act of reporting alleged breaches or risks of non-compliance. Based on the principles of trust, impartiality and protection, ISO 37002 aims to guide organisations in managing the full whistleblowing cycle:

• Identification and reporting of concerns about wrongful acts: The staff of the organization must receive training on the whistleblowing channel to be able to correctly carry out this identification of illicit acts and report them.
• Assessment of concerns about wrongful acts: the system will have to specify the procedure for classifying communications, taking into account, in particular, the risk that the reported event may pose.
• Means to address concerns about wrongdoing: The whistleblowing channel system will need to determine how complaints can be filed and received taking into account the scope of the channel.
• Closure of whistleblowing cases: the system will also have to provide for specific investigative rules, as well as appropriate protection and follow-up measures for the whistleblower and those who may be the subject of the report related to the complaint.

As for the applicability of the standard,the guidelines that are included are generic and can apply perfectly to any organization, regardless of the legal form it has, its size or the activities it carries out. It may also apply to public organisations and to private organisations.

On the other hand, iso 37002 is a standard to whichorganizations can voluntarily adhere and which, by establishing only recommendations, is not a certifiable standard. On the other hand, it should be noted that with the publication of the Directive (EU) 2019/1937, known as the Whistleblower Directive (on the regulation of whistleblowing channels)), organisations of the Member States of the European Union that meet specific conditions such as, for example, those that have more than 50 workers on staff, or those that are required due to their activity and the corresponding level of risk (for the environment or public health) they must have a whistleblowing channel. Member States of the European Union have until 17 December 2021 as the deadline for their transposition. The transposition will entail, as mentioned above, the establishment of the obligation to have a whistleblowing channel for certain organizations.

Another important element to consider when implementing our whistleblowing channel is the way in which we are going to make this channel available, that is, if it will be a software that helps us in the management of complaints, an email mailbox or any other means considered. In our opinion, the optimal solution would be to opt for the implementation of a software since it supposes numerous advantages for its management. At GlobalSuite Solutions, we count with the software Whistleblowing channel GlobalSuite® that allows the implementation of an ethical channel for the integral management of possible irregularities of a company in order to comply with the regulations. The platform also allows companies, both internally and externally, to manage communications of possible criminal acts in a completely confidential manner and with the seal of guarantee offered by GlobalSuite certifications® in terms of Security, Continuity, Compliance, Service Management and Quality. Likewise, there is a consulting team specialized in the implementation of reporting and criminal compliance channels.

In short, opt for the implementation of ISO 37002 means being able to comply with Directive 2019/1937 in case we are obliged by it (or not), in addition to shielding an essential element of the Compliance models and systems for organizations that have voluntarily decided to adhere to these standards.