ISO 37002 will provide practical guidance to organisations on a broad array of whistleblowing management aspects. It doesn’t specify requirements but provides guidance on whistleblowing management systems and recommended practices. ISO 37002 is intended to be adaptable. Its use can differ depending on the size, nature and complexity of an organisation’s activities.
ISO 37002 will be written as a “High-Level Structure” (HLS). The HLS is a set of 10 clauses that all ISO management system standards must use to ensure consistency and greater integration among systems of different disciplines. The HLS approach involves precise drafting. For example, discussion about the wording of ISO 37002 is ongoing because the guidelines will include generic management system terms and definitions and discipline-specific terms.
There’s no known overlap of ISO 37002 with existing or planned standards. WG3 provides an overview of ISO standards that relate to the proposed standard on whistleblowing management systems:
- ISO 37001:2016 anti-bribery management systems. Requirements with guidance for use.
- ISO 37301 Compliance management systems.
- ISO 18788:2015 Management system for private security operations.
- ISO 28007-1:2015 Ships and marine technology — Guidelines for Private Maritime Security.
- Private Maritime Security Companies (PMSC) provide privately contracted armed security personnel (PCASP) on board ships (and pro forma contract).
- ISO/TR 31004:2013 Risk management — Guidance for the implementation of ISO 31000.
- ISO/IEC 27002:2013 Information technology — Security techniques — Code of practice for information security controls.
- ISO 27500:2016 The human-centred organisation — Rationale and general principles.
These standards don’t include specific guidance regarding processes involved in whistleblowing arrangements, nor do they offer any guidance on implementing processes. Organisations that haven’t adopted management system standards will be able to adopt ISO 37002 as stand-alone guidance. Organisations will be able to choose to extend the scope of the whistleblowing management system to include reporting from outside their organisations.
According to ISO/TC 309’s description, ISO 37002 will provide “guidelines for implementing, managing, evaluating, maintaining and improving a robust and effective management system within an organisation for whistleblowing.”
The international standard won’t be specific to any sector and will be suitable for organisations of all sizes, from small- and medium-sized enterprises (SMEs) to multinational companies. Based on the principles of trust, impartiality and protection, ISO 37002 is aimed to guide organisations in managing the full cycle of whistleblowing:
- Identification and reporting of concerns of wrongdoing.
- Assessment of concerns of wrongdoing.
- Means of addressing concerns of wrongdoing.
- Closing of whistleblowing cases.
This standard intends to provide a framework for establishing a clear and robust organisational whistleblowing system. Creating a protective environment where people can confidently report concerns is crucial to effectively preventing and dealing with wrongdoing in your organisation.
ISO 37002 addresses the need for organisations to protect whistleblowers and other people who might be affected by reporting wrongdoing. Retaliation is mentioned as a specific risk of whistleblowing. At ABAC® Group, we understand the complex issue of establishing and managing an effective organisational whistleblowing infrastructure and not limiting itself to an employer’s point of view but also recognising a whistleblower’s perspective.