WhistleB Trust Centre
WhistleB has made data privacy our top priority. We protect your data and the anonymous whistleblower. Read more about our market leading security solutions here.
WhistleB Information Security Management System
WhistleB works systematically to protect customer information. The WhistleB Information Security Management System (ISMS) complies with ISO/IEC 270012017, the international information security standard. It has been designed to ensure that information security, including personal data management, is considered in all decisions during development and throughout the life cycle of the service.
The Information Security Management System (ISMS) governs WhistleB’s internal processes and our relationships with customers, partners and suppliers. We ensure the confidentiality, integrity and availability of customer data.
Data privacy and security settings
Building trust in the service and protecting sensitive data is paramount for all WhistleB customers, which is why the principles of security by default and security by design are embedded in the WhistleB service. Data security is the basis for all functions in the service.
The WhistleB third-party solution safeguards the anonymity of the whistleblower and protects sensitive data.
Examples of key security features in the WhistleB solution include:
- Secure multi-factor authentication
- Intrusion detection and prevention
- Encryption of data in transmission and in storage
- Activity logs by case and by users
- Redundancy of data (to never lose data)
WhistleB offers Zero-knowledge privacy. Zero-knowledge privacy means that no one – including WhistleB and its suppliers – can access reports and read your sensitive data. Only those with whom you share data can access it. WhistleB, its suppliers and partners will at no time have access to the encryption key of the customer.
Using the WhistleB system means that you control the encryption, as well as who should be authorised to decrypt and access messages. Your authorised case manager will decrypt a received message with a Secondary password. This password is set by the customer. The password protects the encryption file. For secure back-up, the customer stores the encryption file safely.
Your data is stored securely
A truly global whistleblowing service requires the highest levels of reliability and flexibility. The WhistleB service platform has been designed to allow high scalability and flexibility, offering a future-proof service to our customers. WhistleB has chosen Microsoft Azure, which offers the most comprehensive set of compliance offerings, as its hosting and development platform.
Platform services are delivered to customers through data centres, each designed to run 24/7/365, and each employing various measures to protect operations from power failure, physical intrusion and network outages.
Microsoft Azure has a multitude of certifications committed to their annual renewal. These include for example ISO 27001 (international standard for information security management), ISO 27018 (international standard for protecting personal data in the cloud) and Cloud Security Alliance. Management Security and compliance statements for Microsoft Azure are available at Microsoft’s Trust Center.
Commitment to legal compliance globally
The WhistleB system is used in 150 countries and complies with current data protection laws, including the EU GDPR – the strictest such law in the world. The system enables users to comply with the GDPR requirements for the handling of personal data, and protection by default and by design. The system also enables our customers to comply with the EU whistleblower directive.
National instructions are updated annually to make sure that your service is compliant wherever it is offered.
Data is stored in the EU. The customer controls the encryption which means that neither WhistleB nor its suppliers can access sensitive customer data. For no-trace, safe machine translations, Microsoft Translator is included as an option in the WhistleB Case management tool. The functionality of this tool is GDPR compliant. The Microsoft Translator commitment includes the EU Model Standard Contractual Clauses and compliance with the EU-US Privacy Shield Framework. No text submitted using the safe machine translation function will be stored, nor written to persistent storage.
WhistleB has many years of experience in business ethics and sustainability issues. WhistleB offers services related to the establishment and embedding of codes of conduct, ethical policies and sustainability reporting.
- WhistleB reports sustainability work according to the Global Reporting Initiative (GRI). WhistleB GRI Report
- All employees and subcontractors sign a WhistleB Code of Conduct/Supplier Code.
- WhistleB compensates for the carbon dioxide emissions caused by its business, the key source of which is business travel.
- WhistleB is a signatory of the UN Global Compact.
- WhistleB’s founders, Gunilla Hadders and Karin Henriksson, are the authors of a Sustainability Handbook; “Sustainable Profit”, translated into multiple languages and used by companies and organisations, including the Swedish Ministry for Foreign Affairs.
EU General Data Protection Regulation, GDPR, external assessment
“Altogether the company’s WhistleB service is well-engineered from a GDPR perspective. Apart from its fundamental design, which conforms to the most stringent requirements, the service also provides a host of GDPR-compliant functions, such as the ability to perform selective purging. These are to be considered very advanced features that are well aligned with GDPR requirements.“
Göran Gräslund, Legal Counsel and former Director General at the Swedish Data Inspection Authority, January 2020
External assessment of Information security management system, by Rote Consulting
“Security level for data protection of PII (Personally Identifiable Information) corresponds to industry practice and stakeholder expectations and requirements. The concepts “privacy by design” and “privacy by default” are enforced from policy level via development and deployment to operations and compliance activities. Technical solutions including the WhistleB application are designed and maintained on industry and good IT security practices. Enhanced IT security competence for application management will be procured and maintained.”
Fredrik Rehnström, Senior security advisor, executive Vice President ROTE Consulting, CISSP, CISM, CISA, CGEIT, CPP, January 2020