ISO 37002 – Whistleblowing management

ISO 37002 is the international standard that provides guidance on establishing, implementing, and maintaining an effective whistleblowing management system. It helps organisations create trusted reporting channels, protect reporters, and ensure concerns are handled fairly, confidentially, and consistently.

ISO 37002 is not a certifiable standard. Instead, it offers recognised best practice for encouraging speak-up culture and managing reports of wrongdoing responsibly.

Get a quote for ISO certification

What is ISO 37002?

ISO 37002 is published by the International Organization for Standardization. It provides guidance for organisations to receive, assess, investigate, and close whistleblowing reports in a way that builds trust and supports ethical governance.

The standard applies to reports of suspected misconduct, including fraud, bribery, corruption, harassment, safety issues, data misuse, and other unethical or unlawful behaviour.

What does ISO 37002 cover?

ISO 37002 focuses on the end-to-end whistleblowing process, including:

  • Whistleblowing policy and commitment
  • Design of reporting channels (internal and external)
  • Confidentiality and anonymity protections
  • Fair, impartial handling of reports
  • Investigation processes and case management
  • Protection against retaliation
  • Communication with reporters
  • Monitoring, review, and continual improvement

The emphasis is on trust, fairness, and protection, not simply on compliance.

Who is ISO 37002 for?

ISO 37002 is suitable for organisations of all sizes and sectors, particularly those that:

  • Want to strengthen ethical culture and transparency
  • Operate in regulated or high-risk environments
  • Manage complex supply chains or third parties
  • Are subject to whistleblowing or speak-up obligations
  • Want consistent handling of concerns across jurisdictions

It is commonly used by large employers, financial services, public bodies, multinationals, and organisations implementing broader compliance frameworks.

Key principles of ISO 37002

ISO 37002 is built around clear principles that should underpin whistleblowing arrangements:

  • Trust – reporters feel safe to raise concerns
  • Impartiality – reports are handled objectively
  • Protection – safeguards against retaliation
  • Confidentiality – information is restricted and secure
  • Transparency – clear processes and expectations
  • Timeliness – concerns are addressed promptly

These principles help organisations build credible and effective whistleblowing systems.

ISO 37002 requirements explained (guidance)

Although not certifiable, ISO 37002 provides structured guidance on:

Governance and policy

  • Clear whistleblowing policy
  • Defined roles and responsibilities
  • Senior management oversight

Reporting channels

  • Accessible reporting mechanisms
  • Options for anonymity or confidentiality
  • Clear information for reporters

Handling and investigation

  • Consistent assessment and triage
  • Fair investigation procedures
  • Documentation and evidence management

Protection and support

  • Measures to prevent retaliation
  • Support for whistleblowers and those involved
  • Clear escalation routes

Monitoring and improvement

  • Tracking of cases and outcomes
  • Review of system effectiveness
  • Continual improvement of arrangements

Organisations are expected to apply these elements proportionately.

How organisations use ISO 37002 in practice

Organisations typically use ISO 37002 to:

  • Design or improve whistleblowing policies
  • Implement secure reporting channels or hotlines
  • Standardise case handling and investigation processes
  • Train managers and investigators
  • Demonstrate ethical governance to stakeholders

It is often used alongside ethics, compliance, and integrity programmes.

ISO 37002 and certification

ISO 37002 cannot be certified.

There are no accredited audits or certificates for ISO 37002. Organisations may state that their whistleblowing arrangements are aligned with ISO 37002 guidance, but claims of certification are incorrect.

Benefits of using ISO 37002

Organisations that apply ISO 37002 effectively often achieve:

  • Increased confidence in reporting channels
  • Earlier detection of misconduct
  • Reduced legal and reputational risk
  • Stronger ethical culture and trust
  • Consistent handling of whistleblowing cases
  • Better protection for whistleblowers

An effective whistleblowing system is often a key indicator of good governance.

Common misunderstandings about ISO 37002

  • “ISO 37002 is a certification” – it is not
  • “Whistleblowing systems encourage complaints” – they encourage early issue resolution
  • “Anonymity is always required” – confidentiality options must be appropriate
  • “ISO 37002 replaces legal obligations” – it supports them

Understanding these points helps organisations apply the guidance correctly.

How ISO 37002 fits with other ISO standards

ISO 37002 is commonly used alongside:

Together, these standards support strong ethics, transparency, and accountability.

Next steps

If you want to strengthen whistleblowing arrangements in your organisation:

  • Review existing policies and reporting channels
  • Assess confidentiality, protection, and investigation processes
  • Align procedures with ISO 37002 guidance
  • Train staff and managers on speak-up culture

ISOcertified.net provides practical guidance on governance and compliance standards, including how ISO 37002 supports effective whistleblowing management and ethical organisational behaviour.

Get A Quote ⓘ