WhistleB Trust Centre
Data privacy and security are key for a trustworthy whistleblowing service. WhistleB offers industry-leading security to protect customer data and anonymous whistleblowers, built on four pillars:
- Adherence to ISO27001
- High data privacy and security settings
- Reliable and flexible service platform
- Commitment to legal compliance globally
Göran Gräslund, Legal Counsel and former Director General at the Swedish Data Inspection Authority. January 2019
“Altogether the company’s WhistleB service is well-engineered from a GDPR perspective. Apart from its fundamental design, which conforms to the most stringent requirements, the service also provides a host of GDPR compliant functions, such as the ability to perform selective purging. These are to be considered very advanced features that are utmost well aligned with GDPR requirements.”
Fredrik Rehnström, Senior security advisor, Rote Consulting
Biörn Riese, WhistleB Advistory Board
Sajan Parihar, Director, Microsoft Azure Platform, Microsoft
Gunilla Hadders, Founder of WhistleB
“WhistleB’s top priority is to safeguard the anonymity of whistleblowers and to ensure the confidentiality, integrity, availability and privacy of your data.”
Daniel Akenine, Security Manager, Microsoft Sweden
Adherence to ISO 27001 to protect customer data
Systematic protection and management of customer information. The WhistleB Information Security Management System (ISMS) complies with ISO/IEC 27001:2013 », the latest international information security standard. It has been designed to ensure that information security, including personal data management, is considered in all decisions during development and throughout the life cycle of the service.
WhistleB Information Security Management System
The Information Security Management System (ISMS) governs WhistleB’s internal processes and our relationships with customers, partners and suppliers. We ensure the confidentiality, integrity and availability of customer data. All applicable controls in ISO/IEC 27002 » are implemented per good practice standards such as the Information Security Forum » and customer specific requirements, including personal data (PII) requirements.
Highest data privacy and security settings
WhistleB’s security solutions protect sensitive data
The top priority of the WhistleB service is to safeguard the anonymity of a whistleblower and to protect sensitive customer data. Building trust in the service and protecting sensitive data is paramount for all WhistleB customers, which is why the principles of security by default and by design are embedded in the WhistleB service. Data security is the basis for all functions in the service.
To ensure the anonymity of the whistleblower, WhistleB does not:
- track metadata related to the whistleblower, including IP addresses
- ask the whistleblower for his or her identity at any stage
Protection of customer data
- Encrypted customer data in communication and storage. WhistleB does not have access to sensitive customer data.
- Multi-factor authentication for secure access to the Case manageemnt tool.
- Intrusion detection and prevention. WhistleB is protected against online attacks for all authentications in the service.
- Secure data. Real-time replication is combined with back-ups utilising primary and secondary data centres.
- Availability of data. The WhistleB service is available to its users from anywhere, at any time.
- Vulnerability assessments and penetration testing. The service is continuously monitored to mitigate vulnerabilities and risks.
Reliable and flexible service platform
Your data is stored securely
A truly global whistleblowing service requires the highest levels of reliability and flexibility. The WhistleB service platform has been designed to allow high scalability and flexibility, offering a future-proof service to our customers. WhistleB has chosen Microsoft Azure » which offers the most comprehensive set of compliance offerings of any other cloud service provider, as its hosting and development platform.
Platform services are delivered to customers through data centres, each designed to run 24/7/365, and each employing various measures to protect operations from power failure, physical intrusion and network outages.
Microsoft Azure is committed to annual renewal of its ISO/IEC 27001(international standard for information security management) and ISO/IEC 27018 (international standard for protecting personal data in the cloud) certifications. Management Security and compliance statements for Microsoft Azure are available at Microsoft’s Trust Center.
Microsoft certifications: nternational Organization for Standardization and the International Electrotechnical Commission, Cloud Security Alliance, International Traffic in Arms, Criminal Justice Information System, HIPAA, Internal Revenue Service.
Commitment to legal compliance globally
The WhistleB system conforms to the strictest data protection laws in the world. We enable customers to manage their data in compliance with data protection regulations for example through data retention and deletion as well as user logs for follow-up of case management. When using the WhistleB service, our customers benefit from the WhistleB General Data Protection Regulation (the GDPR) customer assessment to assure compliance with the GDPR.
The WhistleB service includes support for correct management and communication in compliance with national regulations on whistleblowing. National instructions are updated on a yearly basis to make sure that your service is compliant wherever it is offered.
How WhistleB meets key GDPR requirements
- Data is stored within the EU.
- Personal data is secured; data is encrypted in storage, transmission and back-ups.
- User logs are created for follow-up and audits.
- Data can be extracted, corrected and deleted.
WhistleB – Whistleblowing made trustworthy
We help our customers to protect their sensitive data, using industry leading data security standards. Guidance on legal compliance is available, and is continuously being updated.
- ISO 27001 compliance.
- Regular external vulnerability and penetration tests.
- Access to legal guidance on personal data protection regulations governing whistleblowing.
- EU: General Data Protection Regulation (GDPR) compliant. Data Protection Impact Assessment (DPIA) available.