● Standard Overview

ISO 37002 – Whistleblowing Management Systems

International guidelines for establishing, implementing, maintaining, and improving effective whistleblowing management systems that enable organizations to receive, investigate, and act on concerns raised in good faith.

Get Certified Speak to an Expert
2021 Published
Guidance Standard Type
Certifiable Status
70+ Countries Adoption

Key Characteristics

Provides practical guidance for establishing secure, trusted, and accessible channels for reporting concerns, protecting whistleblowers, and fostering speak-up cultures.

Reporting Channels Whistleblower Protection Speak-Up Culture Governance Investigation Process Anti-Retaliation

What is ISO 37002?

ISO 37002 provides guidelines for establishing, implementing, operating, evaluating, maintaining, and improving an effective whistleblowing management system.

Published in 2021, ISO 37002 addresses the growing global need for organizations to provide secure and trusted mechanisms for reporting wrongdoing, misconduct, or threats to the public interest. The standard helps organizations demonstrate commitment to ethical conduct, transparency, and accountability while protecting individuals who report concerns in good faith.

📢 Reporting Channels

Establish secure, accessible, and multiple channels for receiving reports from internal and external stakeholders.

🛡️ Whistleblower Protection

Implement robust protections against retaliation and ensure confidentiality for those who speak up.

🔍 Investigation Process

Structured approach to investigating concerns fairly, impartially, and promptly.

💬 Speak-Up Culture

Foster an organizational culture where concerns can be raised without fear of retaliation.

📊 Monitoring & Reporting

Track, analyze, and report on whistleblowing activities to improve system effectiveness.

✓ Independent Oversight

Establish independent oversight functions and governance structures for the whistleblowing system.

Who Should Use ISO 37002?

The standard is applicable to all types and sizes of organizations, whether public, private, or non-profit.

Target Organizations

  • Public companies and listed entities
  • Financial institutions and regulated industries
  • Government agencies and public sector organizations
  • Healthcare providers and pharmaceutical companies
  • Non-profit organizations and charities
  • Supply chain and multinational corporations
  • Small and medium enterprises (SMEs) looking to establish speak-up systems

Key Roles That Benefit

  • Compliance and ethics officers
  • Internal audit and risk management teams
  • Legal and governance professionals
  • Human resources and employee relations
  • Board members and executive leadership
  • Anti-corruption and fraud investigators
  • ESG and sustainability managers

Key Guidelines & Components

ISO 37002 provides practical guidance across the full lifecycle of a whistleblowing management system.

1. Establishing the System

  • Define scope and objectives
  • Assess organizational context
  • Establish governance structure
  • Allocate resources and responsibilities

2. Reporting Mechanisms

  • Multiple reporting channels (phone, web, email)
  • Anonymous reporting options
  • Accessibility for all stakeholders
  • Clear instructions and guidance

3. Receipt & Assessment

  • Acknowledge receipt of reports
  • Initial assessment and triage
  • Determine appropriate action
  • Maintain confidentiality

4. Investigation & Action

  • Conduct fair and impartial investigations
  • Ensure proper documentation
  • Take corrective action
  • Provide feedback to the whistleblower

5. Protection from Retaliation

  • Anti-retaliation policies
  • Confidentiality safeguards
  • Support for whistleblowers
  • Disciplinary measures for retaliators

6. Monitoring & Improvement

  • Performance metrics and KPIs
  • Regular system reviews
  • Stakeholder feedback
  • Continual improvement processes

What Does Implementation Require?

Organizations implementing ISO 37002 should:

  • Establish clear whistleblowing policies and procedures
  • Provide multiple, accessible, and secure reporting channels
  • Train staff on the system, reporting procedures, and their rights
  • Implement robust confidentiality and anti-retaliation protections
  • Establish independent oversight and governance mechanisms
  • Regularly review and improve system effectiveness

Note: While ISO 37002 is primarily a guidance standard, organizations can pursue certification to demonstrate compliance and commitment to best practices.

Benefits of ISO 37002

🏆 Enhanced Reputation

Demonstrate commitment to ethical conduct, transparency, and accountability to stakeholders and the public.

🔍 Early Detection

Identify misconduct, fraud, corruption, and risks early before they escalate into major incidents or crises.

⚖️ Regulatory Compliance

Meet legal and regulatory obligations for whistleblowing in jurisdictions like the EU, UK, US, and others.

💰 Cost Reduction

Reduce financial losses, legal costs, and penalties by addressing issues before they escalate.

🛡️ Risk Mitigation

Proactively manage organizational risks including fraud, corruption, safety violations, and regulatory breaches.

🌿 Speak-Up Culture

Build an organizational culture where employees and stakeholders feel safe and empowered to raise concerns.

🤝 Stakeholder Trust

Increase trust among investors, customers, regulators, and employees through transparent governance.

📊 Improved Governance

Strengthen internal controls, oversight mechanisms, and board-level governance structures.

🌎 ESG Performance

Enhance environmental, social, and governance (ESG) performance and reporting for investors and rating agencies.

Common Challenges

Cultural Resistance

Overcoming fear of retaliation and building trust in the system, particularly in organizations with hierarchical cultures or history of punitive responses to concerns.

Confidentiality vs. Investigation

Balancing the need to protect whistleblower confidentiality with the need to conduct thorough investigations that may reveal the reporter's identity.

Anonymous Reporting Limitations

Managing anonymous reports where follow-up questions and feedback mechanisms are limited, making investigations more challenging.

Resource Allocation

Allocating sufficient resources, expertise, and independence to the whistleblowing function, particularly in smaller organizations with limited budgets.

Related Standards

ISO 37002 complements other governance, compliance, and anti-corruption standards within an integrated management system framework.

ISO 37001

Anti-Bribery Management Systems
Integrate whistleblowing mechanisms with anti-bribery controls to detect and prevent corruption.

Learn more →

ISO 9001

Quality Management Systems
Use whistleblowing channels to identify quality issues and non-conformances in processes and products.

Learn more →

ISO 27001

Information Security Management
Coordinate whistleblowing systems with information security incident reporting and data protection requirements.

Learn more →

ISO 31000

Risk Management (guidance)
Apply enterprise risk management principles to identify, assess, and mitigate whistleblowing-related risks.

Learn more →

ISO 45001

Occupational Health & Safety
Enable reporting of safety hazards, near-misses, and workplace health concerns through whistleblowing channels.

Learn more →

ISO 22301

Business Continuity Management
Ensure whistleblowing systems remain operational during disruptions and crisis situations.

Learn more →

Ready to implement ISO 37002?

Explore our ISO 37002 certification services including system design, policy development, training, and third-party certification assistance.

View Certification Services Get a Quote