WhistleB Trust Centre
Data privacy and security are key for a trustworthy whistleblowing service. WhistleB offers industry-leading security to protect customer data and anonymous whistleblowers, built on four pillars:
- Adherence to ISO27001
- High data privacy and security settings
- Reliable and flexible service platform
- Commitment to legal compliance globally
Göran Gräslund, Legal Counsel and former Director General at the Swedish Data Inspection Authority. January 2019
“Altogether the company’s WhistleB service is well-engineered from a GDPR perspective. Apart from its fundamental design, which conforms to the most stringent requirements, the service also provides a host of GDPR compliant functions, such as the ability to perform selective purging. These are to be considered very advanced features that are utmost well aligned with GDPR requirements.”
Fredrik Rehnström, Senior security advisor, Rote Consulting
“The WhistleB service is available to users entirely independent of geographical region or time zone, and it suits complex organisations with offices in several locations. The WhistleB Information Security Management System (ISMS) is compliant with the latest international information security standard (SS-ISO/IEC 27001:2014).”
Biörn Riese, WhistleB Advistory Board
“The purpose of whistleblowing is to create a simple channel, reducing risks and increasing transparency. A whistleblowing system must be able to handle sensitive information and personal data in an accurate and credible way. This is why it is excellent that WhistleB’s whistleblower system is both ISO 27001 certified and GDPR reviewed.”
Sajan Parihar, Director, Microsoft Azure Platform, Microsoft
Gunilla Hadders, Founder of WhistleB
“WhistleB’s top priority is to safeguard the anonymity of whistleblowers and to ensure the confidentiality, integrity, availability and privacy of your data.”
Daniel Akenine, Security Manager, Microsoft Sweden
“A whistleblowing service deals with sensitive data, and individuals who sound the alarm must be able to feel confident that they are and remain anonymous. Microsoft Azure’s platform enables WhistleB’s service to support security, both in terms of the employee and the information, in accordance with the requirements stipulated in the GDPR, for example. Microsoft offers the most comprehensive and secure cloud solution globally”.
Adherence to ISO 27001 to protect customer data
Systematic protection and management of customer information. The WhistleB Information Security Management System (ISMS) complies with ISO/IEC 27001:2013 », the latest international information security standard. It has been designed to ensure that information security, including personal data management, is considered in all decisions during development and throughout the life cycle of the service.
WhistleB Information Security Management System
The Information Security Management System (ISMS) governs WhistleB’s internal processes and our relationships with customers, partners and suppliers. We ensure the confidentiality, integrity and availability of customer data. All applicable controls in ISO/IEC 27002 » are implemented per good practice standards such as the Information Security Forum » and customer specific requirements, including personal data (PII) requirements.
Highest data privacy and security settings
WhistleB’s security solutions protect sensitive data
The top priority of the WhistleB service is to safeguard the anonymity of a whistleblower and to protect sensitive customer data. Building trust in the service and protecting sensitive data is paramount for all WhistleB customers, which is why the principles of security by default and by design are embedded in the WhistleB service. Data security is the basis for all functions in the service.
To ensure the anonymity of the whistleblower, WhistleB does not:
- track metadata related to the whistleblower, including IP addresses
- ask the whistleblower for his or her identity at any stage
Protection of customer data
- Encrypted customer data in communication and storage. WhistleB does not have access to sensitive customer data.
- Multi-factor authentication for secure access to the Case manageemnt tool.
- Intrusion detection and prevention. WhistleB is protected against online attacks for all authentications in the service.
- Secure data. Real-time replication is combined with back-ups utilising primary and secondary data centres.
- Availability of data. The WhistleB service is available to its users from anywhere, at any time.
- Vulnerability assessments and penetration testing. The service is continuously monitored to mitigate vulnerabilities and risks.
Reliable and flexible service platform
Your data is stored securely
A truly global whistleblowing service requires the highest levels of reliability and flexibility. The WhistleB service platform has been designed to allow high scalability and flexibility, offering a future-proof service to our customers. WhistleB has chosen Microsoft Azure » which offers the most comprehensive set of compliance offerings of any other cloud service provider, as its hosting and development platform.
Platform services are delivered to customers through data centres, each designed to run 24/7/365, and each employing various measures to protect operations from power failure, physical intrusion and network outages.
Microsoft Azure is committed to annual renewal of its ISO/IEC 27001(international standard for information security management) and ISO/IEC 27018 (international standard for protecting personal data in the cloud) certifications. Management Security and compliance statements for Microsoft Azure are available at Microsoft’s Trust Center.
Commitment to legal compliance globally
The WhistleB system conforms to the strictest data protection laws in the world. We enable customers to manage their data in compliance with data protection regulations for example through data retention and deletion as well as user logs for follow-up of case management. When using the WhistleB service, our customers benefit from the WhistleB General Data Protection Regulation (the GDPR) customer assessment to assure compliance with the GDPR.
The WhistleB service includes support for correct management and communication in compliance with national regulations on whistleblowing. National instructions are updated on a yearly basis to make sure that your service is compliant wherever it is offered.
How WhistleB meets key GDPR requirements
- Data is stored within the EU.
- Personal data is secured; data is encrypted in storage, transmission and back-ups.
- User logs are created for follow-up and audits.
- Data can be extracted, corrected and deleted.
WhistleB – Whistleblowing made trustworthy
We help our customers to protect their sensitive data, using industry leading data security standards. Guidance on legal compliance is available, and is continuously being updated.
- ISO 27001 compliance.
- Regular external vulnerability and penetration tests.
- Access to legal guidance on personal data protection regulations governing whistleblowing.
- EU: General Data Protection Regulation (GDPR) compliant. Data Protection Impact Assessment (DPIA) available.