Standards and Certifications That Require the Introduction of a Whistleblowing System

FaceUp Blog

Legal & Compliance

Legal & Compliance

Helena Jezkova

Marketing Manager

Published

2023-03-17

Reading time

3 min

Table of contents

Subscribe to our newsletter

There are a variety of standards and certifications which your organization can apply to ensure that your workplace and processes are ethical, transparent and responsible. Many require or suggest the implementation of whistleblowing system, such as the following:

ISO 37301

ISO 37301 was introduced by the International Organization for Standardization in April 2021 and sets out guidance on implementing a compliance management system (CMS). It is based on widely accepted principles of good governance, proportionality, transparency and sustainability.

One of the key aims of ISO 37301 is to outline the best practice when implementing a whistleblowing policy. These include:

Timely and thorough investigation of allegations or suspicions of misconduct.
A visible and accessible whistleblowing system.
Confidential, anonymous reporting channels.
Impartial investigations of any reports of unethical conduct.
Comprehensive documentation of reports made.
Recording of any lessons learnt changes to the CMS.

ISO 37001

Published in 2016, ISO 37001 provides guidance and details requirements for the setup and maintenance of an anti-bribery system. ISO 37001 is designed to help combat instances of bribery in the public, private and nonprofit sectors, perpetrated by individuals within the organization, as well as those acting on its behalf, plus a host of other scenarios.

ISO 37001 is only intended for use as part of an anti-bribery system, but its recommendations are deliberately generic as to be applicable for any nature of organization.

The introduction of a whistleblowing system in your organization is crucial for complying with ISO37001. Requirement no. 18 specifically calls for the implementation of a whistleblowing system:

‘Implement reporting (whistle-blowing) procedures which encourage and enable persons to report suspected bribery, or any violation of or weakness in the ABMS, to the compliance function or to appropriate personnel’.

IATF 16949

IATF 16949 is a standard published by the International Automotive Task Force (IATF) and the Technical Committee of ISO, to be used in the creation of a quality management system to allow for ongoing improvement in the automotive industry supply and assembly process.

The standard was updated in 2016 to include a stipulation for a whistleblowing policy. The updated version states:

‘[Organizations] shall define and implement corporate responsibility policies, including at a minimum an anti-bribery policy, an employee code of conduct, and an ethics escalation (whistle-blowing) policy.’

TISAX

TISAX (Trusted Information Security Assessment Exchange) stipulates the standards for information security management systems within the automotive industry and is now commonplace across Europe.

Its requirements are very similar to ISO 27001, differing mainly in the fact that TISAX is designed specifically for the automotive industry, whereas ISO 27001 is a more generalized standard. ISO 27001 focuses on data security within an organization, TISAX secures data throughout the supply chain.

SMETA

SMETA (Sedex Members Ethical Trade Audit) is not a standard as such, but an audit that your organization can request to help you understand labor, health and safety, environmental and ethical standards within your workplace.

After the audit, organizations receive an action plan designed to help them take corrective steps.

The audit comprises two mandatory pillars, Labor Standards and Healthy & Safety. The two non-compulsory pillars are Business Ethics and Environment.

Sedex recommends providing whistleblowing hotlines across your supply chain, particularly to combat modern slavery.