Protecting your organisation through combatting fraud and misconduct with ISO 37002 Whistleblowing Management Systems – Guidance

The International Organization for Standardization (ISO) has developed new guidelines for whistleblowing management systems — ISO 37002:2021. ISO 37002 provides guidelines for implementing, managing, evaluating, maintaining and improving a robust and effective whistleblowing management system. But what does it mean in practice, and how can it improve and add value to an organisation’s existing whistleblowing programme?

The ISO Whistleblowing Guidelines assist organisations in creating whistleblowing management systems based on trust, impartiality, and protection principles. The guidelines are adaptable, and their use will vary with the size, nature, complexity, and jurisdiction of the organisation’s activities. The ISO Whistleblowing Guidelines can assist an organisation in improving its existing whistleblowing policy and procedures or in complying with applicable whistleblowing legislation.


The ISO Whistleblower Guidelines provide advice to organisations for establishing, implementing, maintaining and improving a whistleblowing management system, with the following outcomes:

  • Encouraging and facilitating reporting of wrongdoing
  • ensuring reports of wrongdoing are dealt with in a proper and timely manner
  • improving organisational culture and governance
  • Supporting and protecting whistleblowers and other interested parties
  • reducing the risks of wrongdoing


The ISO Whistleblower Guidelines use the ‘harmonised structure’ (i.e. clause sequence, common text and common terminology) developed by ISO to improve alignment among international standards for management systems. So, if you are familiar with the anti-bribery management standard (ISO 37001), these guidelines will be very easy to understand. The similar format, sections, definitions and layout make it easier for those familiar with the ISO structure.


The ISO Whistleblower Guidelines give principles for establishing, implementing and maintaining an effective whistleblowing management system based on the principles of trust, impartiality and protection in the following four steps:

  • receiving reports of wrongdoing
  • assessing reports of wrongdoing
  • addressing reports of wrongdoing
  • concluding whistleblowing cases.

The ISO Whistleblower Guidelines are generic and intended to apply to all organisations, regardless of type, size and nature of activities, and whether in the public, private or not-for-profit sector. You can easily adjust the programme you are building based on your organisation’s needs.


ISO 37002 can be used by any organisation, regardless of its size, sector, or organisation. Organisations will be able to solve many more problems that otherwise might escalate, avoiding harm to the organisation and its stakeholders. It’s also a new way to look at your organisation’s culture.

The proposed ISO 37002 Management Systems Standard will serve the purpose of:

  • Guiding organisations establish coherent whistleblowing frameworks that create protective environments, confidently report wrongdoing, and address concerns swiftly and appropriately.
  • Helping build trust between an organisation and its stakeholders, including staff.
  • Responding to concerns about reporting and dealing with wrongdoing in view of the increasing number of cases reported publicly.
  • Supporting good governance and transparency. The intention is that ISO 37002 will be used as a stand-alone document. Equally, the proposed standard could be used with other standards, such as organisational governance and anti-bribery, compliance and other management systems.
  • Guiding organisations to foster a culture of transparency, in which people are confident to report concerns of wrongdoing.


ISO 37002 will provide practical guidance to organisations on a broad array of whistleblowing management aspects. It doesn’t specify requirements but provides guidance on whistleblowing management systems and recommended practices. ISO 37002 is intended to be adaptable. Its use can differ depending on the size, nature and complexity of an organisation’s activities.

ISO 37002 will be written as a “High-Level Structure” (HLS). The HLS is a set of 10 clauses that all ISO management system standards must use to ensure consistency and greater integration among systems of different disciplines. The HLS approach involves precise drafting. For example, discussion about the wording of ISO 37002 is ongoing because the guidelines will include generic management system terms and definitions and discipline-specific terms.

There’s no known overlap of ISO 37002 with existing or planned standards. WG3 provides an overview of ISO standards that relate to the proposed standard on whistleblowing management systems:

  • ISO 37001:2016 anti-bribery management systems. Requirements with guidance for use.
  • ISO 37301 Compliance management systems.
  • ISO 18788:2015 Management system for private security operations.
  • ISO 28007-1:2015 Ships and marine technology — Guidelines for Private Maritime Security.
  • Private Maritime Security Companies (PMSC) provide privately contracted armed security personnel (PCASP) on board ships (and pro forma contract).
  • ISO/TR 31004:2013 Risk management — Guidance for the implementation of ISO 31000.
  • ISO/IEC 27002:2013 Information technology — Security techniques — Code of practice for information security controls.
  • ISO 27500:2016 The human-centred organisation — Rationale and general principles.

These standards don’t include specific guidance regarding processes involved in whistleblowing arrangements, nor do they offer any guidance on implementing processes. Organisations that haven’t adopted management system standards will be able to adopt ISO 37002 as stand-alone guidance. Organisations will be able to choose to extend the scope of the whistleblowing management system to include reporting from outside their organisations.

According to ISO/TC 309’s description, ISO 37002 will provide “guidelines for implementing, managing, evaluating, maintaining and improving a robust and effective management system within an organisation for whistleblowing.”

The international standard won’t be specific to any sector and will be suitable for organisations of all sizes, from small- and medium-sized enterprises (SMEs) to multinational companies. Based on the principles of trust, impartiality and protection, ISO 37002 is aimed to guide organisations in managing the full cycle of whistleblowing:

  • Identification and reporting of concerns of wrongdoing.
  • Assessment of concerns of wrongdoing.
  • Means of addressing concerns of wrongdoing.
  • Closing of whistleblowing cases.

This standard intends to provide a framework for establishing a clear and robust organisational whistleblowing system. Creating a protective environment where people can confidently report concerns is crucial to effectively preventing and dealing with wrongdoing in your organisation.

ISO 37002 addresses the need for organisations to protect whistleblowers and other people who might be affected by reporting wrongdoing. Retaliation is mentioned as a specific risk of whistleblowing. At ABAC® Group, we understand the complex issue of establishing and managing an effective organisational whistleblowing infrastructure and not limiting itself to an employer’s point of view but also recognising a whistleblower’s perspective.



ABAC® is now offering training on ISO 37002. The course aims to improve the culture in every organisation so that employees feel comfortable whistleblowing where necessary. Our whistleblowing training will engage you with thought-provoking activities and assessments. The course helps users learn everything about whistleblowing and provides a comprehensive overview of whistleblower rights and how organisations should apply whistleblowing management systems.

To enhance the learning experience, the course contains real-life scenarios where whistleblowing has helped prevent disaster and examples where whistleblowing could have helped prevent disasters.

What’s covered in the course?

  • What is whistleblowing?
  • Why should you whistleblow?
  • Whistleblowers of the past
  • Legal protection from whistleblowing
  • Protected whistleblowing categories
  • Whistleblowing disclosures
  • Gagging clauses in employment contracts
  • How should you report whistleblowing?


It’s simple to transfer your certification to ABAC®:

Step 1: Contact us. We’ll discuss your current certification and transfer requirements. Provide us your current certificate and your latest audit report.

Step 2: Once the transfer criteria have been met, a transfer quotation shall be produced.

Step 3: Once the quotation is accepted a Transfer Audit will take place either remotely or onsite.

Step 4: Once the transfer audit is successfully conducted and reviewed by our technical team, we’ll issue you a new ABAC® certificate.


Contact our team

Do you have questions about ISO Certification or Training? Or are you interested in learning more about ISO standards in your region? Meet the ABAC® team, qualified and dedicated to helping worldwide organisations to overcome business risks across the globe. We are an international team of talented compliance professionals that are shaping the future of the compliance solutions industry globally. Contact us today.

Huma Khalid, Scheme Manager

e: | LinkedIn
t: +44 777 652 4355, +971 521 042 433
Dubai, United Arab Emirates

Suhaimi Saad, Training Specialist

e: | LinkedIn
t: +603 2280 6282, +6014 328 0331
Malaysia, Asia

Explore more articles on ISO 37002

Dive into ISO 37002 with the insights below or subscribe to our newsletter to stay updated with risk management, compliance, anti-bribery and anti-corruption related news, solutions, events and publications.

ABAC® celebrates 2022 World Accreditation Day

ABAC® celebrates 2022 World Accreditation Day

| IMS, ISO 31000, ISO 37000, ISO 37001, ISO 37002, ISO 37301, News | No Comments
ABAC® will join organisations around the world to celebrate World Accreditation Day (#WAD2022) on June 9, 2022 Established by the International Accreditation Forum (IAF) and the International Laboratory Accreditation Cooperation (ILAC), World Accreditation…
#OnlyOneEarth let's celebrate World Environment Day, together!

#OnlyOneEarth: let’s celebrate World Environment Day together!

| IMS, ISO 31000, ISO 37000, ISO 37001, ISO 37002, ISO 37301, News | No Comments
Let's celebrate 2022 World Environment Day today! ABAC® joins organisations worldwide to celebrate 2022 World Environment Day today, led by the United Nations Environment Programme (UNEP) and held annually on 5…
accreditation, WAD2021, accreditation day, UKAS, EIAC

The Value of Accreditation: WAD2022

| Career Location, IMS, ISO 31000, ISO 37000, ISO 37001, ISO 37002, ISO 37301, News | One Comment
Accreditation has a positive impact on consumers, suppliers, purchasers, and regulators across industries and organisations worldwide. Proper accreditation and certification can demonstrate necessary expertise and training and ensure quality and…
Have you done your Corporate Compliance Programs Gap Analysis (HEBA) yet?

Get your FREE Corporate Compliance Program Gap Analysis (worth USD 1,172 | GBP 950 )

| ISO 37000, ISO 37001, ISO 37002, Malaysia, Kuala Lumpur, News, United Arab Emirates, Dubai, United Kingdom, London, USA | No Comments
Prove that your business is ethical. Complete our FREE Highest Ethical Business Assessment (HEBA) and evaluate your current Corporate Compliance Program. Find out if your organisation’s compliance program is in…
2021 CPI overview is out now!

2021 CPI overview is out now!

| IMS, ISO 31000, ISO 37000, ISO 37001, ISO 37002, ISO 37301, News | No Comments
The newly published Transparency International’s Corruption Perception Index (CPI 2021) is out. This year’s Corruption Perceptions Index (CPI) reveals that corruption levels are at a worldwide standstill. The CPI ranks 180…
Whistleblowing Top 10 tips to the Commission (SEC Office)

Whistleblowing: Top 10 tips to the Commission (SEC Office)

| ISO 31000, ISO 37000, ISO 37001, ISO 37002, ISO 37301, News | 2 Comments
Whistleblowers make a tremendous contribution to the Commission’s ability to detect fraud and other securities law violations and protect investors and the American marketplace. As U.S. Securities and Exchange Commission’s…