ISO 37002 Whistleblowing Standard - What You Need to Know

Monika Tibenska

Monika Tibenska

Last updated: Jun 16, 2024 5 min read

Whistleblowing, the act of disclosing information about wrongdoings within an organization, has become an increasingly important issue in today's corporate landscape. In response to the growing need for a standardized approach to whistleblowing, the International Organization for Standardization (ISO) has released a standard, ISO 37002, which provides guidance on establishing and maintaining effective internal whistleblowing systems.

What is ISO 37002?

ISO 37002:2021 is an internationally recognized standard for organizational whistleblowing systems. It provides guidance on how to establish and operate an effective whistleblowing system within an organization, in order to encourage employees, contractors, and other interested parties to report suspected wrongdoings.

What is a whistleblowing management system 

whistleblowing management system is a set of procedures and policies designed to encourage and facilitate the reporting of suspected wrongdoing while protecting whistleblowers from retaliation. The standard applies to all organizations, regardless of size or sector.

What are the benefits of implementing ISO 37002?

Implementing the ISO 37002 whistleblowing standard can bring several benefits to an organization, including:

What are the requirements of ISO 37002 standard for whistleblowing?

The standard requires organizations to establish and maintain a whistleblowing management system that includes:

You can read more about ISO 37002 standards at the International Organization for Standardization website.

Role of whistleblowing in your organisation


Whistleblowing can play an important role in promoting organizational transparency and accountability. Implementing an effective whistleblowing system can help you meet the requirements of the ISO 37002 standard and support your compliance program. 

Whistleblower Software can help you establish a secure, anonymous platform for employees to report concerns – our software is designed to meet the requirements of the ISO 37002 standard. 

Contact us today to learn more about our solutions.

Getting started with ISO 37002 certification

ISO 37002 certification is voluntary, it indicates that an organization has implemented an effective whistleblowing system in accordance with the requirements of the standard. 

Certification is granted by third-party certification bodies and requires periodic recertification to maintain validity.

There are multiple advantages for a company to obtain the ISO 37002 certification, it gives them the possibility to:

Cost of ISO 37002 Certification

There is no set cost for ISO 37002 certification. The price will vary depending on the size and complexity of your organization, as well as the number of days required for the assessment. Generally, certification costs range from $5,000 to $20,000.

Who Can Provide ISO 37002 Certification

Any organization that provides certification services for ISO 37002 can certify your organization. Certification bodies must be accredited by a national accreditation body in order to provide ISO 37002 certification.

Reach out to us to get a reference to the ISO 37002 certification body.

How to Get Started With ISO 37002

If you're interested in getting started with ISO 37002, we recommend that you contact a certification body that is accredited by the International Organization for Standardization (ISO). Certification bodies can help you assess your organization's readiness for certification and provide guidance on the steps involved in the process.

Once you've selected a certification body, you'll need to develop and implement a management system that meets the requirements of the ISO 37002 standard. This can be a complex and time-consuming process, so we recommend that you seek assistance from experienced consultants. Reach out to us to get a reference to any such consultant.

After your management system is in place, the certification body will conduct an on-site assessment to verify that it meets the requirements of the standard. If the assessment is successful, you'll be awarded ISO 37002 certification.

ISO 37002 standard’s positions

The standard was developed in response to this growing awareness of the importance of whistleblowing, and the need for guidance on how to establish and operate effective internal whistleblower systems.

What is the ISO 37002 standard’s position on anonymous reporting?

The ISO 37002 standard does not specifically address anonymous reporting, but it does require that organizations establish procedures for receiving and investigating reports of suspected wrongdoing. These procedures should be designed to encourage whistleblowers to come forward with their concerns.

What is the ISO 37002 standard’s position on retaliation?

The standard requires organizations to take steps to protect whistleblowers from retaliation. These steps include establishing procedures for investigating reports of suspected retaliation and providing training and awareness programs on the whistleblowing management system.

What is the ISO 37002 standard’s position on financial incentives?

The standard does not specifically address financial incentives. In general, financial incentives are generally considered unethical and illegal. ISO 37001 emphasizes the importance of establishing policies and procedures to prevent bribery, which includes addressing situations where financial incentives may be used to induce corrupt practices. However, by some national legislations companies are encouraged to use incentives to make their employees to come out with reporting of observed violations.

What is the ISO 37002 standard’s position on public disclosure?

With regards to public disclosure, ISO 37002 recognizes that there may be situations where it is appropriate to disclose information to the public, such as in cases of serious or systemic wrongdoing. However, it also recognizes that there may be legal or other restrictions on public disclosure that must be considered.

ISO 37002 advises organizations to establish clear policies and procedures on public disclosure and to ensure that any such disclosures are made in a responsible and ethical manner. The standard also emphasizes the importance of protecting the confidentiality and anonymity of whistleblowers to encourage reporting and prevent retaliation.

What is the ISO 37002 standard’s position on legal immunity?

With regards to legal immunity, ISO 37002 recognizes that some jurisdictions provide legal protections for whistleblowers, while others do not. The standard advises organizations to be aware of the legal framework in their jurisdiction and to establish clear policies and procedures on legal protection for whistleblowers.

Difference between ISO 37002 standard and EU Whistleblowing Directive

The Whistleblowing Directive (EU) 2019/1937 establishes minimum standards for the protection of whistleblowers in the European Union. The Directive is binding on all Member States that need to transpose it into their local legislations.

ISO 37002:2021 is an international standard that provides guidance on establishing and operating whistleblowing systems. The standard covers principles, processes and practices for setting up and operating whistleblowing systems.

Not complying with the local whistleblowing legislation which was based on the Directive may result in fines or other forms of prosecution. However, the ISO 37002:2021 is voluntary and companies can choose to implement it. 

However, if a company implements ISO 37002:2021, it will automatically comply with the whistleblowing Directive. 

FAQ

Is the standard only for large corporations or is it also suitable for SMEs?

The ISO 37002 standard is applicable to all organizations, regardless of their size or sector.

Who is responsible for developing ISO 37002?

The standard was developed by ISO's Committee on Anti-Bribery and Corruption (ISO 37002). The committee is made up of experts from around the world, representing a variety of organizations, including businesses, academia, NGOs, and governments.

Does whistleblowing have multiple standards?

There is no single standard for whistleblowing, but there are multiple standards that organizations can adopt to help ensure an effective system. 

Examples of other relevant standards include:

  •  ISO 19600 (which provides guidance on compliance management systems)

  • ISO 31000 (which provides guidance on risk management)

  • And the International Standards for Fraud Control (which provide guidance on fraud prevention and detection).

Why was ISO 37002 developed?

There has been a growing recognition of the importance of whistleblowing in combating corruption and other wrongdoing. In recent years, several high-profile scandals have brought the issue to the forefront of public attention. 

The Enron scandal in the United States, for example, led to the enactment of the Sarbanes-Oxley Act, which includes provisions on corporate whistleblowing. More recently, the Panama Papers scandal highlighted the role of whistleblowers in exposing wrongdoing. 

The standard was developed in response to this growing awareness of the importance of whistleblowing, and the need for guidance on how to establish and operate effective internal whistleblower systems.

Whistleblower Software can help you support your ISO 37002:2021

Finally, Whistleblower Software can help support your compliance program by providing a secure, anonymous platform for employees to report concerns. 

Our software is designed to meet the requirements of ISO 37002:2021, and can help you implement an effective whistleblowing system that meets the needs of your organization.

Contact us for more information on how Whistleblower Software can help support your compliance program.

____________________________________________________________________________________________

This article was developed for information purposes only. For legal advice, contact your trusted advisor. Alternatively, Whistleblower Software can connect you with a local legal expert.

Book a demo

5/5 stars on G2