🤔What do you need to know about ISO 37002:2021 "Information management systems"?
ISO 37002 is an international standard that contains recommendations for establishing, implementing, maintaining and improving an information management system based on the principles of trust, impartiality and protection.
📄 The standard contains instructions for four stages of the reporting process: receipt of reports of offenses, their evaluation, consideration and closing of cases.
By implementing ISO 37002, organizations get the following results:
▪️ encouraging and facilitating the reporting of offenses;
▪️ support and protection of whistleblowers and other interested parties;
▪️ correct means of working with messages;
▪️ improvement of organizational culture and management;
▪️ reducing the risks of illegal actions.
ISO 37002 can be used by all organizations regardless of their type, size and industry, and can be used by organizations of any size, including small and medium-sized enterprises, as well as organizations in the international market.
❓How do the ISO 37002 standard and the EU Whistleblower Protection Directive relate to each other?
First, the EU Directive indicates that the organization needs an internal whistleblowing policy and channels for confidential reporting, while the ISO 37002 standard gives the organization guidance on how to actually manage the whistleblowing system and what good practice looks like.
Secondly, the EU Directive actually lists three channels of notification - internal, regular and public. At the same time, reporting through internal channels is encouraged, and organizations themselves should be interested in having employees report internally first. If you adhere to the ISO 37002 standard and create a trusted information management system, employees will be more likely to report through internal channels, which will minimize corruption risks in the organization.
Thus, the ISO 37002 standard actually complements the EU Directive. Its implementation in the organization corresponds not only to the letter of the law laid down in the EU Directive, but also to the spirit of what the culture of disclosure is being implemented for.
