ComplianceGDPR

ISO 37002 – Whistleblowing management systems

Do you know what ISO 37002 Standard is?

Recently has been published the ISO 37002:2021, relating to whistleblowing management systems(whistleblowing management systems) This standard complements and complements the requirements in this area of other compliance standards such as ISO 37001 (Anti-bribery), UNE 19601 (Criminal Compliance) or ISO 37301 (Compliance).

Objectives of ISO 37002

ISO 37002 has the objective of guiding organisations in the establishment, implementation, maintenance and improvement of their internal systems for communicating violations. Whistleblowing concept is defined in ISO 37002 as the act of denouncing alleged non-compliance or risks of non-compliance. Based on the principles of trust, impartiality and protection, ISO 37002 aims to guide organisations in managing the full whistleblowing cycle:

  • Identification and denouncing of concerns about wrongful acts: Organisation’s staff should be trained on  whistleblowing channel in order to be able to correctly identify and denounce wrongdoing.
  • Assessment of concerns about wrongful acts: system will have to specify   the procedure for classifying communications, taking into account,  in particular, the risk that the communicated fact may entail.
  • Means of addressing concerns about wrongdoing: whistleblowing channel system will need to determine how complaints can be submitted and received, taking into account the scope of the channel.
  • Closure of whistleblowing cases: system will also need to provide for specific investigation standards, as well as appropriate protection and follow-up measures for the whistleblower and those people who may be the subject of the report related with the complaint.

Which companies is this standard focused on?

In terms of applicability of the standard, guidelines included are generic and can be applied to any organisation, regardless of its legal form, size or activities. It can apply to both public and private organisations.

On the other hand, ISO 37002 is a standard to which organizations can adhere voluntarily and as it only establishes recommendations, is not a certifiable standard.  In contrast, it should be noted that the publication of Directive (UE) 2019/1937, known as the Whistleblower Directive (on the regulation of whistleblower channels), organizations in EU Member States that meet specific conditions, such as those with more than 50 employees, or those that required to have a whistleblowing channel due to their activity and corresponding level of risk (to the environment or public health), are obliged to have a whistleblower channel. EU Member States have until 17 December 2021 as the deadline for transposition. Transposition will mean, as mentioned above, the establishment of the obligation to have a whistleblowing channel for certain organizations.

How to implement a whistleblowing channel in our company?

Another important element to consider when implementing our whistleblower channel is the way in which we are going to make this channel available, i.e. whether it will be a software to help us manage complaints, an e-mail box or any other means considered. In our opinion, the optimal solution would be to opt for the implementation of software as it offers numerous advantages for its management.  At GlobalSUITE Solutions, we have the GlobalSUITE® whistleblower channel software that allows the implementation of an ethical channel for the integral management of possible irregularities in a company in order to comply with regulations. Platform also allows companies, both internally and externally, to manage communications of possible criminal acts in a completely confidential way and with the seal of guarantee offered by the GlobalSUITE® certifications in terms of Security, Continuity, Compliance, Service Management and Quality. Likewise, we have a consulting team specialised in the implementation of channels of denunciation and criminal compliance.

In short, opting for the implementation of ISO 37002 means being able to more than comply with Directive 2019/1937 in the event that we are obliged by it (or not), as well as shielding an essential element of the Compliance models and systems for organisations that have decided to voluntarily adhere to these standards.

More Articles

Menu