Checklist for a trustworthy whistleblowing service

Would you like to set up a trustworthy whistleblowing service? Feel free to use this Checklist template.
The Checklist template for a trustworthy whistleblowing service includes from Reporting, Case Management and Investigation to Legal Compliance, Adaptability and Data Security.

Download now

Checklist for a trustworthy whistleblowing service

  • Are your Code of Conduct and other behavioural codes linked to the whistleblowing channel?
  • Do you explain why you have the whistleblowing channel in place, how the security of the service is organised and how you protect the whistleblower’s anonymity?
  • Have you clearly explained and given examples of issues that should, and should not, be reported through the whistleblowing channel?
  • Has the whistleblowing channel been endorsed by the Board of Directors, Management and by the Works Council or employee representative?
  • Is the whistleblowing channel accessible 24/7/365 from all devices with internet access, including smartphones?
  • Is it possible to report while remaining anonymous and untraceable, and is it possible to establish a dialogue with an anonymous whistleblower?
  • Is it easy to upload supporting documents, such as pictures, film clips or excel files?
  • Can you ensure that there is no tracking of a whistleblower’s metadata, including the IP address?
  • Is your whistleblowing channel provided by an external service provider to ensure anonymity?
Case management and investigation
  • Is your whistleblowing team instantly notified of incoming reports, e.g. by sms and/or email?
  • Do you have guidelines and routines in place for the investigation process?
  • Do you have a Case management tool for efficient handling of reports, including the possibility to safely assign or delegate cases to the right level in the organisation?
  • Do you have secure translation support?
  • Have you appointed an appropriately competent person to manage whistleblowing cases?
  • Do you have a mechanism for acknowledging receipt of the report and following up on case management progress with the whistleblower?
  • Do you allow the whistleblower to have the report dealt with at subsidiary or group level?
Follow up
  • Can you easily create statistics, e.g. number of reports sorted by time period, areas of concern or geographical area?
  • Are you able to present the outcomes of investigations in whistleblowing reports internally and externally, improving transparency, credibility and conduct?
  • Does your whistleblowing system provide tools for timely follow-up to the whistleblower?
Data security
  • Is data encrypted during storage, transmission and in back-ups?
  • Is data protected against online attacks for all authentications in the service?
  • Is the service vulnerability and penetration tested regularly?
Legal compliance
  • Is the whistleblowing service compliant with current laws and regulations on data protection in all countries where you offer the whistleblowing channel?
  • Is the service fully compliant with the EU General Data Protection Regulation (GDPR)?
  • Are user logs created for follow up and audits? If your organisation operates in the EU, is it compliant with the EU Whistleblower Protection Directive?
  • Are the rights and obligations of the whistleblower ensured and explained, e.g. whistleblower protection?
  • Are the rights and obligations of the person or people implicated in the message ensured and explained?
  • Is your whistleblowing channel available in all languages required in the markets where your organisation operates?
  • Is the whistleblowing channel easily customisable to your organisation’s specific situation?
  • Does the whistleblowing channel allow for continuous adaptation to changing circumstances and whistleblowing experience gathered?

WhistleB offers a next generation whistleblowing service, a third-party solution that is GDPR compliant and enables a whistleblower to securely report a suspicion of misconduct. Our customers include global and regional companies in various sectors as well as investors, public authorities and associations. We have a market coverage of 100+ markets on all continents.

Contact us

Your message was successfully send. We will get in contact with you as soon as possible.

There seems to be some problem when sending your message. Try again soon.