ISO 37002:2020 pdf download Whistleblowing management systems — Guidelines
The whistleblowing management system should apply the principles of trust, impartiality and protection, and appropriate feedback throughout the entire process. The whistleblowing management system should support all steps of the whistleblowing process:
a) receiving reports of wrongdoing: the whistleblowing management system should specify how reports can be made and received taking into consideration the factors included in 4.3.
b) assessing reports of wrongdoing (triage): the whistleblowing management system should specify the process of assessing received reports, including aspects such as: priority, completeness and relevance of the information. At the same time the whistleblowing management system should provide for assessment of the risk of detriment to and the level of protection required for whistleblowers and others involved.
c) addressing reports of wrongdoing: the whistleblowing management system should provide for an impartial and timely investigation, as well as effective and timely protective measures and monitoring as appropriate for the whistleblower and those who are subject of the report. Those protective measures may prevent and contain, as well as remediate detriment. d) concluding whistleblowing cases: the whistleblowing management system should provide a mechanism to close investigations and formulate recommendations and decisions based on the outcomes of the addressing step. It should also ensure that protective measures can continue and will be monitored as appropriate. Outcomes may be used for management reporting, organizational learning, and other actions (i.e. mitigation remedies). The steps of the whistleblowing process are specified from 8.2 to 8.5.
5 Leadership
5.1 Leadership and commitment
5.1.1 Governing body The governing body should:
a) set objectives and monitor top management with respect to an effective whistleblowing management system;
b) approve the organization’s whistleblowing policy and conveys clear messages about its existence and use;
c) demonstrate that commitment by embracing the policy and the whistleblowing management system;
d) at planned intervals, receive and review information about the content and operation of the organization’s whistleblowing management system;
e) ensure that adequate and appropriate resources needed for effective operation of the whistleblowing management system are allocated and assigned; and
f) exercise adequate oversight of the implementation, integrity and improvement of the organization’s whistleblowing management system. Top management Top management should demonstrate leadership and commitment with respect to the whistleblowing management system by:
— ensuring that the whistleblowing policy and whistleblowing management system objectives are established and are compatible with the values, objectives and strategic direction of the organization;
— approving the organization’s whistleblowing policy;
— ensuring the accessibility of the whistleblowing management system and encouraging its use; — ensuring the integration of the whistleblowing management system recommendations into the organization’s business processes including management systems; — ensuring that the resources needed for the whistleblowing management system are available, adequate, appropriate and deployed;
— communicating the importance of effective whistleblowing management and of conforming to the organization’s established whistleblowing management system recommendations;
— communicating the whistleblowing policy internally and externally; — ensuring that the whistleblowing management system achieves its intended outcome(s) (see 6.1); directing and supporting persons to contribute to the effectiveness of the whistleblowing management system;
— promoting continual improvement;
— supporting other relevant managerial roles to demonstrate their leadership as it applies to their areas of responsibility;
— promoting and practicing a speak-up/listen-up culture within the organization;
— ensuring that whistleblowers and others involved will not suffer detriment by the organization in relation to whistleblowing; at planned intervals, receiving and reviewing reports on the operation, and performance of the whistleblowing management system; and
— Ensuring an impartial investigation of matters reported using the system, regardless of the identity of the whistleblower, the subject of the report, and the implications of the issues identified.
NOTE 1 Reference to “business” in this document can be interpreted broadly to mean those activities that are core to the purposes of the organization’s existence.
NOTE 2 A speak-up/listen-up culture means to provide a trustworthy two-way environment where any relevant party is sufficiently confident and encouraged to raise concerns about wrongdoing or suspected wrongdoing, and the organization demonstrates its commitment to receiving, assessing, addressing and concluding whistleblowing cases. Trustworthiness of the whistleblowing management system depends on the extent to which stakeholders perceive that management is committed to the system and will follow procedures.ISO 37002:2020 pdf download