ISO 37002 is the international standard that provides guidance on establishing, implementing, and maintaining an effective whistleblowing management system. It helps organisations create trusted reporting channels, protect reporters, and ensure concerns are handled fairly, confidentially, and consistently.
ISO 37002 is not a certifiable standard. Instead, it offers recognised best practice for encouraging speak-up culture and managing reports of wrongdoing responsibly.
What is ISO 37002?
ISO 37002 is published by the International Organization for Standardization. It provides guidance for organisations to receive, assess, investigate, and close whistleblowing reports in a way that builds trust and supports ethical governance.
The standard applies to reports of suspected misconduct, including fraud, bribery, corruption, harassment, safety issues, data misuse, and other unethical or unlawful behaviour.
What does ISO 37002 cover?
ISO 37002 focuses on the end-to-end whistleblowing process, including:
- Whistleblowing policy and commitment
- Design of reporting channels (internal and external)
- Confidentiality and anonymity protections
- Fair, impartial handling of reports
- Investigation processes and case management
- Protection against retaliation
- Communication with reporters
- Monitoring, review, and continual improvement
The emphasis is on trust, fairness, and protection, not simply on compliance.
Who is ISO 37002 for?
ISO 37002 is suitable for organisations of all sizes and sectors, particularly those that:
- Want to strengthen ethical culture and transparency
- Operate in regulated or high-risk environments
- Manage complex supply chains or third parties
- Are subject to whistleblowing or speak-up obligations
- Want consistent handling of concerns across jurisdictions
It is commonly used by large employers, financial services, public bodies, multinationals, and organisations implementing broader compliance frameworks.
Key principles of ISO 37002
ISO 37002 is built around clear principles that should underpin whistleblowing arrangements:
- Trust – reporters feel safe to raise concerns
- Impartiality – reports are handled objectively
- Protection – safeguards against retaliation
- Confidentiality – information is restricted and secure
- Transparency – clear processes and expectations
- Timeliness – concerns are addressed promptly
These principles help organisations build credible and effective whistleblowing systems.
ISO 37002 requirements explained (guidance)
Although not certifiable, ISO 37002 provides structured guidance on:
Governance and policy
- Clear whistleblowing policy
- Defined roles and responsibilities
- Senior management oversight
Reporting channels
- Accessible reporting mechanisms
- Options for anonymity or confidentiality
- Clear information for reporters
Handling and investigation
- Consistent assessment and triage
- Fair investigation procedures
- Documentation and evidence management
Protection and support
- Measures to prevent retaliation
- Support for whistleblowers and those involved
- Clear escalation routes
Monitoring and improvement
- Tracking of cases and outcomes
- Review of system effectiveness
- Continual improvement of arrangements
Organisations are expected to apply these elements proportionately.
How organisations use ISO 37002 in practice
Organisations typically use ISO 37002 to:
- Design or improve whistleblowing policies
- Implement secure reporting channels or hotlines
- Standardise case handling and investigation processes
- Train managers and investigators
- Demonstrate ethical governance to stakeholders
It is often used alongside ethics, compliance, and integrity programmes.
ISO 37002 and certification
ISO 37002 cannot be certified.
There are no accredited audits or certificates for ISO 37002. Organisations may state that their whistleblowing arrangements are aligned with ISO 37002 guidance, but claims of certification are incorrect.
Benefits of using ISO 37002
Organisations that apply ISO 37002 effectively often achieve:
- Increased confidence in reporting channels
- Earlier detection of misconduct
- Reduced legal and reputational risk
- Stronger ethical culture and trust
- Consistent handling of whistleblowing cases
- Better protection for whistleblowers
An effective whistleblowing system is often a key indicator of good governance.
Common misunderstandings about ISO 37002
- “ISO 37002 is a certification” – it is not
- “Whistleblowing systems encourage complaints” – they encourage early issue resolution
- “Anonymity is always required” – confidentiality options must be appropriate
- “ISO 37002 replaces legal obligations” – it supports them
Understanding these points helps organisations apply the guidance correctly.
How ISO 37002 fits with other ISO standards
ISO 37002 is commonly used alongside:
- ISO 37001 (anti-bribery management)
- ISO 37301 (compliance management)
- ISO 31000 (risk management)
- ISO 9001 (governance and process control)
Together, these standards support strong ethics, transparency, and accountability.
Next steps
If you want to strengthen whistleblowing arrangements in your organisation:
- Review existing policies and reporting channels
- Assess confidentiality, protection, and investigation processes
- Align procedures with ISO 37002 guidance
- Train staff and managers on speak-up culture
ISOcertified.net provides practical guidance on governance and compliance standards, including how ISO 37002 supports effective whistleblowing management and ethical organisational behaviour.