Back to all our Insights
ISO 37002
Knowledge

Whistleblowing Management System Based on ISO 37002

ISO 37002:2021

Authored By: Satrio Adhi Pradana, Lead Consultant GRC – Robere & Associates (Indonesia) 

The contemporary business landscape is experiencing rapid evolution. However, amidst this accelerated development, violations such as financial fraud, misuse of company policies, and other illicit activities are also increasing. Therefore, organizations are highly recommended to establish a systematic reporting and handling management system. This system serves as a crucial guide, assisting organizations in managing violations reported by relevant parties within the organization. In this context, the international standard ISO 37002:2021 on Whistleblowing Management Systems can be leveraged as a comprehensive guide for implementing an effective whistleblowing management system within organizations.

Benefits of Implementing ISO 37002:2021 

ISO 37002:2021 is a guideline published by the International Organization for Standardization (ISO). Its primary objective is to provide guidance for designing, implementing, maintaining, and continually improving a whistleblowing management system. 

ISO 37002:2021 can be utilized by organizations to prevent or minimize losses resulting from misconduct by identifying, addressing, and managing reported deviations as early as possible. 

Furthermore, the implementation of ISO 37002:2021 demonstrates an organization’s commitment to good governance practices and integrity to relevant stakeholders. 

Key Aspects of ISO 37002:2021 

One of the significant aspects of ISO 37002:2021 is its guidance on how organizations can foster an environment that encourages whistleblowing. This includes ensuring that whistleblowers feel secure and protected and promoting an open and transparent culture throughout the organization. The essential steps covered in ISO 37002:2021 encompass several key areas: 

1. Reporting Process 

Organizations are advised to establish mechanisms for managing whistleblowing reports, considering two crucial aspects: 

  • Traceability

Every report must be meticulously tracked from receipt to resolution. This ensures transparency and accountability in handling reports. For instance, providing a reporting number to the whistleblower allows them to monitor the entire process of submitting their report. 

  • Confidentiality

Organizations need to implement measures to protect the identity of whistleblowers and maintain the confidentiality of information related to the reports. This aspect of confidentiality helps organizations create an environment where employees feel safe to report violations. For example, organizations can provide an option for anonymous whistleblowing. Regarding anonymity, two options exist: 

  • Total Anonymity: The whistleblower’s identity is entirely concealed, and there is no information that can link the report to the whistleblower. 
  • Limited Anonymity: The whistleblower’s identity is known only to authorized parties, such as the Whistleblowing System (WBS) manager and/or the investigation team assigned to follow up on the report. 

2. Assessment of Reports

Organizations must ensure that the process of assessing, triaging, and managing reports of misconduct is free from bias and/or conflicts of interest. Organizations are also recommended to prioritize deviation reports based on the consideration of potential adverse risks to the organization and/or other relevant parties. For example, to facilitate assessment, the WBS manager can conduct evaluations by ensuring several aspects: 

  • Verify the validity of the report. 
  • Evaluating the extent to which the violation impacts the company adversely in terms of financial, reputational, legal, and operational aspects. 
  • Categorizing incoming reports based on their urgency level. 
  • If necessary, organizations can seek legal and regulatory consultation to ensure that the actions taken comply with applicable regulations, consulting with competent internal or external parties. 

3. Handling of Violations

Organizations must ensure the existence of a fair and objective investigation mechanism. Investigations should be conducted without bias, and the accused party should be granted the right to respond to the allegations. 

4. Protection of Whistleblowers, Accused Parties, and Investigators

This standard emphasizes the importance of protecting whistleblowers, accused parties, and investigators from any form of retaliation or discrimination as a result of reporting. This aims to foster an environment that supports integrity and courage in reporting violations. 

5. Case Resolution

A reported case can be considered closed when no further action is deemed necessary in response to the report, when fact-finding determines that no further investigation is required, when the report is referred to another process that needs to be handled, or at the conclusion of an investigation that either proves or disproves the alleged misconduct. 

ISO 37002:2021 can serve as a foundation for building an organization with integrity, where violations can be reported without fear of retaliation, and where every report is handled fairly and transparently. Thus, the implementation of ISO 37002:2021 is not merely about meeting a standard; it is about building trust, protecting whistleblowers, and solidifying the organization’s reputation as an entity committed to ethical values and sustainability. 

OTHER INSIGHT POSTS
The Role of BCP
The Role of BCP in Facing Disruptions Such as Demonstrations and Unexpected Events Knowledge
ISO 9001 untuk UMKM
Strategi Implementasi ISO 9001 untuk UMKM yang Ingin Naik Kelas Knowledge

Leave a Reply

Consult with us