ISO 37002-2021 PDF

Full title and description

ISO 37002:2021 — Whistleblowing management systems — Guidelines. Provides guidance to organizations for establishing, implementing, maintaining and improving a whistleblowing management system built on the principles of trust, impartiality and protection; covers receiving, assessing, addressing and concluding reports of wrongdoing and is intended to be applicable to all organization types and sizes.

Abstract

This standard gives practical, non‑sector‑specific guidelines to design and operate an effective whistleblowing management system (WMS). It describes four core steps — receiving reports, assessing reports, addressing reports, and concluding cases — and explains how a WMS can be implemented as a stand‑alone system or integrated with other management systems. The recommendations emphasise building trust, ensuring impartial handling and protecting reporters and other involved parties.

General information

• Status: Published (International Standard).
• Publication date: July 2021 (published 27–28 July 2021).
• Publisher: International Organization for Standardization (ISO); national bodies publish adopted national versions (for example BSI as BS ISO 37002:2021).
• ICS / categories: 03.100.01, 03.100.02, 03.100.70 (governance / organization management categories).
• Edition / version: Edition 1 — ISO 37002:2021.
• Number of pages: ISO official publication lists 33 pages; some national/adopted publication formats or vendor listings show a longer pagination (commonly ~44 pages) due to national forewords, cover and added material.

Scope

ISO 37002 provides guidelines for implementing, managing, evaluating, maintaining and improving a whistleblowing management system within an organization. It is non‑sector specific and intended for organizations of any size in the public, private and voluntary sectors. The scope includes processes and controls to receive, assess, address and close reports of suspected wrongdoing while applying the core principles of trust, impartiality and protection.

Key topics and requirements

• Core principles: Trust, Impartiality and Protection as design and operating principles for the WMS.
• Four-process model: receiving reports, assessing reports, addressing reports, and concluding cases (closure and follow-up).
• Roles and responsibilities: definition of accountabilities for governance, management, investigators and those handling reports.
• Confidentiality and reporter protection: measures to protect identity, prevent retaliation and manage sensitive information.
• Integration and compatibility: ability to operate as a standalone WMS or integrate with other management systems (e.g., compliance, governance, anti‑bribery systems).
• Recordkeeping, monitoring and continual improvement: requirements for documenting reports, tracking case progress, measuring effectiveness and improving processes.
• Risk‑based approach and proportionality: design and application should consider organization size, risk profile and legal context.

Typical use and users

Used by organizations of all sizes and sectors that want to implement or improve internal reporting and whistleblowing arrangements. Typical users include compliance, legal, HR and internal audit teams, governance and risk managers, investigators, senior management and boards. National standards bodies, consultants and service providers also use the standard when developing or advising whistleblowing programmes.

Related standards

ISO 37002 is complementary to other governance and compliance standards. Commonly referenced related standards include ISO 37001 (Anti‑bribery management systems) and other ISO governance/compliance management standards (such as ISO 37301 / compliance management) for organisations seeking aligned, integrated management approaches. National adoptions and sector guidance may also be relevant when implementing the WMS.

Keywords

Whistleblowing, whistleblower protection, reporting channels, misconduct reporting, governance, compliance, investigations, trust, impartiality, protection, management system, ISO 37002.

FAQ

Q: What is this standard?

A: ISO 37002:2021 is an international guidance standard titled "Whistleblowing management systems — Guidelines" that provides recommendations for designing and running an effective whistleblowing management system.

Q: What does it cover?

A: It covers the processes for receiving, assessing, addressing and concluding reports of suspected wrongdoing; governance and roles; confidentiality and reporter protection; recordkeeping; and continual improvement of the whistleblowing management system.

Q: Who typically uses it?

A: Organizations across public, private and not‑for‑profit sectors (including SMEs), plus internal teams such as compliance, legal, HR, internal audit and senior leadership, along with external advisers and national standards bodies that adopt or promote the guidance.

Q: Is it current or superseded?

A: ISO 37002:2021 is a current published International Standard (published July 2021). As with other ISO standards, it is subject to periodic review; ISO/TC 309 manages its lifecycle and related guidance. Users should check with ISO or their national standards body for any amendments or national adoptions.

Q: Is it part of a series?

A: ISO 37002 sits within the broader ISO governance/compliance family of standards and is often used alongside standards such as ISO 37001 (anti‑bribery) and compliance/ governance standards to provide a cohesive approach to integrity, reporting and accountability.

Q: What are the key keywords?

A: Trust, impartiality, protection, whistleblowing, reporting, investigations, confidentiality, governance, compliance, management system.