The EU’s new directive and associated legislation requiring that even smaller organizations must have a functioning whistleblower solution can feel like another heavy demand on an already large bureaucracy. But it doesn’t have to be expensive or complicated at all, most people manage well with the solution below.
In short, the directive is about there being an internal process to handle reporting and management of irregularities in the organization, and at least one secure and anonymous reporting channel.
TIP! Please read our previous article “Whistleblower; your optimal guide to the EU directive” and you will get all the hard facts you need.
1. A whistleblower solution must have a process for handling reported irregularities
Start by implementing a whistleblowing policy in accordance with the Whistleblower Act that informs how a whistleblower can use the channel and for what type of irregularities it can be used, about who/who are the recipients of the reports and as an internal tool for the management approach used of received reports.
Create a management system for how the process of receiving and handling reports that includes planning (organizational context, leadership, resources), operations (receiving, assessing and processing reports and closing whistleblower cases), review (internal audit and management reviews) and improvement.
TIP! Please read “ISO 37002:2021 – Management system for whistleblowing – standard for guidelines“.
2. Create the reporting channel(s) for irregularities
A “reporting channel” in a whistleblower solution must be secure, offer anonymity and go to the right person(s).
Today there is a growing range of whistleblower systems which are in fact case management systems with a little extra security and/or associated services. These solutions are actually designed for larger organizations and unnecessarily complex (expensive) for the smaller business that gets by with reporting via telephone, personal visit and a web-based digital channel.
Telephone works well in cases when an initial contact is made and the reporter (whistleblower) does not wish to be completely anonymous.
Personal visits work well when the whistleblower does not wish to be completely anonymous, however, the visit must be arranged in a way that does not reveal the identity of the whistleblower to anyone other than the person(s) receiving the report.
Web based digital channel is the best method to receive reports. The whistleblower can then choose to be completely anonymous or provide identity and contact details for further processing and attach any documents etc.
WARNING! Regular e-mail is not a secure reporting channel and should not be used for this purpose!
ANON::form offers the market’s most user-friendly and cost-effective web-based digital reporting channel for whistleblowers.
Everything unnecessary has been stripped away; reporting takes place via web forms (without deterrent requirements for the whistleblower to create an account, etc.) where the form data is already encrypted in the browser, transported as encrypted e-mail via specially built secure and anonymous systems and can be read in a web client or in e.g. Outlook, Thunderbird or Apple Mail.