What is ISO37002 and how it relates to whistleblowing?

ISO 37002 is an international standard for implementing and maintaining a whistleblower protection program. The standard was developed by the International Organization for Standardization (ISO), a global organization that develops and publishes international standards.

ISO 37002 provides guidance on how to establish, implement, maintain, and continually improve a whistleblower protection program that meets the needs of an organization. The standard covers a range of issues related to whistleblower protection, including:
  • The scope of the whistleblower protection program and the types of misconduct that it covers: ISO 37002 specifies that the whistleblower protection program should cover all employees and other stakeholders of the organization, including contractors, suppliers, and customers. The program should also cover a wide range of misconduct, including financial crimes, corruption, fraud, gross negligence, health and safety violations, environmental violations, and discrimination.
  • The principles and values that should underpin the program: ISO 37002 specifies that the whistleblower protection program should be based on the principles of transparency, integrity, and impartiality. The program should also be based on the values of respect, fairness, and trust.
  • The roles and responsibilities of different stakeholders in the program: ISO 37002 specifies that management should take the lead in establishing and maintaining the whistleblower protection program, but all stakeholders should be involved in its implementation and operation. Employees should be encouraged to report misconduct and should be protected from retaliation for doing so. External parties, such as external auditors, should also be involved in the program as appropriate.

New call-to-action

  • The procedures for reporting misconduct and handling disclosures: ISO 37002 specifies that the organization should establish clear and accessible procedures for employees to report misconduct. The procedures should be confidential and secure, and should be available through multiple channels, such as a hotline or an online platform. The organization should also establish procedures for handling disclosures, including conducting investigations, taking corrective actions, and providing feedback to whistleblowers.
  • The measures that should be taken to protect whistleblowers from retaliation: ISO 37002 specifies that the organization should take measures to protect whistleblowers from retaliation, such as by providing support and guidance to whistleblowers, monitoring for retaliation, and taking disciplinary action against individuals who retaliate against whistleblowers.
  • The communication and training that should be provided to ensure that the program is understood and supported by all stakeholders: ISO 37002 specifies that the organization should communicate the whistleblower protection program to all stakeholders and provide training to ensure that the program is understood and supported. This may include providing information on the types of misconduct that the program covers, the procedures for reporting misconduct, and the measures that are taken to protect whistleblowers from retaliation.
The standard is intended to be used by organizations of all sizes and sectors to enhance their whistleblower protection programs and ensure that they are effective in promoting an ethical culture and preventing misconduct. Adopting the standard can help organizations demonstrate their commitment to transparency and integrity, and may also help to prevent misconduct by encouraging employees to report misconduct without fear of reprisal.

If you're looking for a whistleblowing platform for your business, we've got you covered. Falcony | Whistleblowing is easy-to-use, boosts two-way communication, has customisable workflows, vast integration possibilities and more. Book a demo from the button below.

Falcony Whistleblowing


We are building the world's first operational involvement platform. Our mission is to make the process of finding, sharing, fixing and learning from issues and observations as easy as thinking about them and as rewarding as being remembered for them.‍

By doing this, we are making work more meaningful for all parties involved.

More information at falcony.io.

Related posts

The Power of Whistleblowing: Why Compliance and Operational Risks are Redefined with Transparency

To understand whistleblowing and its importance in risk management, it is first necessary to...

Risk Management
2 min read

How to draft a whistleblowing policy

A whistleblowing policy is a set of guidelines that outlines the process for employees to report...

Whistleblowing
2 min read

3 reasons how whistleblowing prevents harassment at the workplace

Whistleblowing, or the act of reporting misconduct or wrongdoing within an organization, can be a...

Whistleblowing
3 min read

Involve your stakeholders to report

At Falcony, we create solutions that multiply the amount of observations and enable our customers to gain greater understanding of what’s going on in their organisations, areas of responsibility and processes.