ISO 37002 Whistleblowing Management Systems – Guidance

ISO 37002 Whistleblowing Management Systems. The International Organization for Standardization (ISO) has developed new guidelines for whistleblowing management systems — ISO 37002:2021. ISO 37002 provides guidelines for implementing, managing, evaluating, maintaining and improving a robust and effective whistleblowing management system. But what does it mean in practice, and how can it improve and add value to an organisation’s existing whistleblowing programme?

The ISO Whistleblowing Guidelines assist organisations in creating whistleblowing management systems based on trust, impartiality, and protection principles. The guidelines are adaptable, and their use will vary with the size, nature, complexity, and jurisdiction of the organisation’s activities. The ISO Whistleblowing Guidelines can assist an organisation in improving its existing whistleblowing policy and procedures or in complying with applicable whistleblowing legislation.



The ISO Whistleblower Guidelines provide advice to organisations for establishing, implementing, maintaining and improving a whistleblowing management system, with the following outcomes:

  • Encouraging and facilitating reporting of wrongdoing
  • ensuring reports of wrongdoing are dealt with in a proper and timely manner
  • improving organisational culture and governance
  • Supporting and protecting whistleblowers and other interested parties
  • reducing the risks of wrongdoing


The ISO Whistleblower Guidelines use the ‘harmonised structure’ (i.e. clause sequence, common text and common terminology) developed by ISO to improve alignment among international standards for management systems. So, if you are familiar with the anti-bribery management standard (ISO 37001), these guidelines will be very easy to understand. The similar format, sections, definitions and layout make it easier for those familiar with the ISO structure.


The ISO Whistleblower Guidelines give principles for establishing, implementing and maintaining an effective whistleblowing management system based on the principles of trust, impartiality and protection in the following four steps:

  • receiving reports of wrongdoing
  • assessing reports of wrongdoing
  • addressing reports of wrongdoing
  • concluding whistleblowing cases.

The ISO Whistleblower Guidelines are generic and intended to apply to all organisations, regardless of type, size and nature of activities, and whether in the public, private or not-for-profit sector. You can easily adjust the programme you are building based on your organisation’s needs.


ISO 37002 can be used by any organisation, regardless of its size, sector, or organisation. Organisations will be able to solve many more problems that otherwise might escalate, avoiding harm to the organisation and its stakeholders. It’s also a new way to look at your organisation’s culture.

The proposed ISO 37002 Management Systems Standard will serve the purpose of:

  • Guiding organisations establish coherent whistleblowing frameworks that create protective environments, confidently report wrongdoing, and address concerns swiftly and appropriately.
  • Helping build trust between an organisation and its stakeholders, including staff.
  • Responding to concerns about reporting and dealing with wrongdoing in view of the increasing number of cases reported publicly.
  • Supporting good governance and transparency. The intention is that ISO 37002 will be used as a stand-alone document. Equally, the proposed standard could be used with other standards, such as organisational governance and anti-bribery, compliance and other management systems.
  • Guiding organisations to foster a culture of transparency, in which people are confident to report concerns of wrongdoing.


ISO 37002 will provide practical guidance to organisations on a broad array of whistleblowing management aspects. It doesn’t specify requirements but provides guidance on whistleblowing management systems and recommended practices. ISO 37002 is intended to be adaptable. Its use can differ depending on the size, nature and complexity of an organisation’s activities.

ISO 37002 will be written as a “High-Level Structure” (HLS). The HLS is a set of 10 clauses that all ISO management system standards must use to ensure consistency and greater integration among systems of different disciplines. The HLS approach involves precise drafting. For example, discussion about the wording of ISO 37002 is ongoing because the guidelines will include generic management system terms and definitions and discipline-specific terms.

There’s no known overlap of ISO 37002 with existing or planned standards. WG3 provides an overview of ISO standards that relate to the proposed standard on whistleblowing management systems:

  • ISO 37001:2016 anti-bribery management systems. Requirements with guidance for use.
  • ISO 37301 Compliance management systems.
  • ISO 18788:2015 Management system for private security operations.
  • ISO 28007-1:2015 Ships and marine technology — Guidelines for Private Maritime Security.
  • Private Maritime Security Companies (PMSC) provide privately contracted armed security personnel (PCASP) on board ships (and pro forma contract).
  • ISO/TR 31004:2013 Risk management — Guidance for the implementation of ISO 31000.
  • ISO/IEC 27002:2013 Information technology — Security techniques — Code of practice for information security controls.
  • ISO 27500:2016 The human-centred organisation — Rationale and general principles.

These standards don’t include specific guidance regarding processes involved in whistleblowing arrangements, nor do they offer any guidance on implementing processes. Organisations that haven’t adopted management system standards will be able to adopt ISO 37002 as stand-alone guidance. Organisations will be able to choose to extend the scope of the whistleblowing management system to include reporting from outside their organisations.

According to ISO/TC 309’s description, ISO 37002 will provide “guidelines for implementing, managing, evaluating, maintaining and improving a robust and effective management system within an organisation for whistleblowing.”

The international standard won’t be specific to any sector and will be suitable for organisations of all sizes, from small- and medium-sized enterprises (SMEs) to multinational companies. Based on the principles of trust, impartiality and protection, ISO 37002 is aimed to guide organisations in managing the full cycle of whistleblowing:

  • Identification and reporting of concerns of wrongdoing.
  • Assessment of concerns of wrongdoing.
  • Means of addressing concerns of wrongdoing.
  • Closing of whistleblowing cases.

This standard intends to provide a framework for establishing a clear and robust organisational whistleblowing system. Creating a protective environment where people can confidently report concerns is crucial to effectively preventing and dealing with wrongdoing in your organisation.

ISO 37002 addresses the need for organisations to protect whistleblowers and other people who might be affected by reporting wrongdoing. Retaliation is mentioned as a specific risk of whistleblowing. At ABAC® Group, we understand the complex issue of establishing and managing an effective organisational whistleblowing infrastructure and not limiting itself to an employer’s point of view but also recognising a whistleblower’s perspective.



ABAC® is now offering training on ISO 37002. The course aims to improve the culture in every organisation so that employees feel comfortable whistleblowing where necessary. Our whistleblowing training will engage you with thought-provoking activities and assessments. The course helps users learn everything about whistleblowing and provides a comprehensive overview of whistleblower rights and how organisations should apply whistleblowing management systems.

To enhance the learning experience, the course contains real-life scenarios where whistleblowing has helped prevent disaster and examples where whistleblowing could have helped prevent disasters.

What’s covered in the course?

  • What is whistleblowing?
  • Why should you whistleblow?
  • Whistleblowers of the past
  • Legal protection from whistleblowing
  • Protected whistleblowing categories
  • Whistleblowing disclosures
  • Gagging clauses in employment contracts
  • How should you report whistleblowing?

Contact our team.

Do you have questions about training? Or are you interested in learning more about our in-class training courses in your region? Meet the ABAC® team, qualified and dedicated to helping worldwide organisations to overcome business risks across the globe. We are an international team of talented compliance professionals that are shaping the future of the compliance solutions industry globally. Contact us today.

Huma Khalid, Scheme Manager

e: | LinkedIn
t: +44 777 652 4355, +971 521 042 433
Dubai, United Arab Emirates

Suhaimi Saad, Training Specialist

e: | LinkedIn
t: +603 2280 6282, +6014 328 0331
Malaysia, Asia

Explore more articles on ISO 37002.

Dive into ISO 37002 with the insights below or subscribe to our newsletter to stay updated with risk management, compliance, anti-bribery and anti-corruption related news, solutions, events and publications.

2021 CPI overview is out now!

2021 CPI overview is out now!

| IMS, ISO 31000, ISO 37000, ISO 37001, ISO 37002, ISO 37301, News | No Comments
The newly published Transparency International’s Corruption Perception Index (CPI 2021) is out. This year’s Corruption Perceptions Index (CPI) reveals that corruption levels are at a worldwide standstill. The CPI ranks 180…
Whistleblowing Top 10 tips to the Commission (SEC Office)

Whistleblowing: Top 10 tips to the Commission (SEC Office)

| ISO 31000, ISO 37000, ISO 37001, ISO 37002, ISO 37301, News | No Comments
Whistleblowers make a tremendous contribution to the Commission’s ability to detect fraud and other securities law violations and protect investors and the American marketplace. As U.S. Securities and Exchange Commission’s…
2021 largest SEC whistleblowers rewards

2021 largest SEC whistleblowers rewards

| IMS, ISO 37002, News | No Comments
A whistleblower can be one of the most potent weapons in the law enforcement arsenal of the Securities and Exchange Commission. Whistleblowers can help the Commission identify possible fraud and…
Integrated Management Systems 6 benefits of an IMS

Integrated Management Systems: 6 benefits of an IMS

| IMS, ISO 31000, ISO 37000, ISO 37001, ISO 37002, ISO 37301, News | No Comments
IMS benefits IMS benefits. Integrated Management Systems (IMS) merges your ISO management processes into one convenient system, reducing hassle, cutting waste and refining compliance. With pre-defined processes and procedures, it…
Whistleblowers are now legally protected in the EU -comply with the EU Whistleblower Protection Directive

Whistleblowers are now legally protected in the EU: Comply with the EU Whistleblower Protection Directive

| ISO 37002, News, Training | No Comments
EU Whistleblower Protection Directive. EU Whistleblower Protection Directive, whistleblowers are now legally protected in the EU. As of 17th December, the Directive (EU) 2019/1937 (commonly referred to as the "EU…
Bribery and Corruption an Impending Doom on Investments

Bribery and Corruption: an Impending Doom on Investments

| ISO 31000, ISO 37000, ISO 37001, ISO 37002, ISO 37301, News | No Comments
Bribery and corruption are a form of abuse of the economy's progress. It has far-reaching consequences that hinder the development of individuals, businesses and the nation. The impact of corruption…