WhistleB Trust Centre
Data privacy and security are key when implementing a whistleblowing service. WhistleB offers industry-leading security to protect customer data and anonymous whistleblowers, built on four pillars.
1. Adherence to ISO27001 to systematically protect customer information.
2. Highest data privacy and security settings for WhistleB service users.
3. Reliable and flexible service platform for hosting and development.
4. Commitment to global compliance, including the GDPR.
Systematic protection and management of customer information. The WhistleB Information Security Management System (ISMS) complies with ISO/IEC 27001:2013 » , the latest international information security standard. It has been designed to ensure that information security, including personal data management, is considered in all decisions during development and throughout the life cycle of the service.
WhistleB Information Security Management System
The ISMS governs WhistleB’s internal processes and our relationships with customers, partners and suppliers. We ensure the confidentiality, integrity and availability of customer data. All applicable controls in ISO/IEC 27002 » are implemented per good practice standards such as the Information Security Forum » (ISF) and customer specific requirements, including personal data (PII) requirements.
WhistleB’s security solutions protect sensitive data
The top priority of the WhistleB service is to safeguard the anonymity of a whistleblower and to protect sensitive customer data. Building trust in the service and protecting sensitive data is paramount for all WhistleB customers, and the principles of security by default and by design are embedded in the WhistleB service.
This means that data security is the basis for all functions in the service. It also means that WhistleB service users can trust that personal data is managed in compliance with current data protection laws. Key security elements of the service include protection of an anonymous whistleblower and anonymous communication, and no tracking of a whistleblower’s metadata, including IP addresses. The whistleblower is not asked for his or her identity at any stage, unless required by national law.
Protection of customer data:
- Encryption. Customer data is encrypted in communication and storage. WhistleB does not have access to sensitive customer data such as whistleblower reports and dialogue, if not authorised by the customer.
- Multi-factor authentication. Access to the WhistleB service includes multi-factor authentication for secure access.
- Intrusion detection and prevention. WhistleB is protected against online attacks for all authentications in the service.
- Secure data. Real-time replication is combined with back-ups utilising primary and secondary data centres.
- Availability of data. The WhistleB service is available to its users from anywhere, at any time. Performance and security of the WhistleB service is monitored 24/7/365 by an external party.
- Vulnerability assessments and penetration testing. The service is continuously monitored to mitigate vulnerabilities and risks. In addition to regular internal testing, the WhistleB service is regularly tested by external IT security experts.
Your data is stored securely
A truly global whistleblowing service requires the highest levels of reliability and flexibility.
The WhistleB service platform has been designed to allow high scalability and flexibility, offering a future-proof service to our customers. WhistleB has chosen Microsoft Azure » which offers the most comprehensive set of compliance offerings of any other cloud service provider, as its hosting and development platform.
Platform services are delivered to customers through data centres, each designed to run 24/7/365, and each employing various measures to protect operations from power failure, physical intrusion and network outages.
Microsoft Azure is committed to annual renewal of ISO/IEC 27001 » (international standard for information security management) and ISO/IEC 27018 » (international standard for protecting personal data in the cloud) certification. Management Security and compliance statements for Microsoft Azure are available at Microsoft’s Trust Center portal ».
The WhistleB solution conforms to the strictest data protection laws in the world. We enable customers to manage their data in compliance with data protection regulations through secure data retention and deletion, user logs for secure follow-up of case management, and clear data protection guidelines. The WhistleB service conforms to current data protection laws. We are committed to GDPR » compliance once enforcement begins on May 25, 2018, and provide GDPR related assurances in our contractual commitments.
When using the WhistleB service, our customers benefit from the WhistleB GDPR customer assessment to assure compliance with the GDPR.
Compliance with national regulations on whistleblowing: The WhistleB service includes support for correct management and communication in compliance with national regulations on whistleblowing. National instructions are continuously updated to make sure that your service is compliant wherever it is offered.
How WhistleB meets key GDPR requirements:
- Data is stored within the EU.
- Personal data is secured; data is encrypted in storage, transmission and back-ups.
- User logs are created for follow-up and audits.
- Data can be extracted, corrected and deleted.