What is ISO 37002?
ISO 37002 provides organisations with a clear, structured framework for establishing, implementing, and improving effective whistleblowing arrangements.
Beyond Policy to Practice
Unlike a basic whistleblowing policy, ISO 37002 focuses on how whistleblowing works in practice, not just what is written on paper. It helps organisations create safe, confidential reporting channels and protect whistleblowers from retaliation.
The standard reflects global best practice and supports compliance with UK whistleblowing legislation, including the Public Interest Disclosure Act (PIDA).
- ✓ Safe, confidential reporting channels
- ✓ Protection from retaliation
- ✓ Fair and consistent investigations
- ✓ Learning from issues raised
Key Principles
Whistleblowers feel safe to speak up
Concerns assessed and investigated fairly
Information protected appropriately
Safeguarded from retaliation
Benefits of ISO 37002
Strengthen governance and build a speak-up culture
Earlier Issue Detection
Identify problems early before they become crises, legal issues, or reputational damage.
Staff Confidence
Build trust with employees who know their concerns will be taken seriously and handled properly.
Organisational Integrity
Demonstrate commitment to ethical conduct and improved stakeholder trust.
Legal Compliance
Support UK PIDA obligations and demonstrate due diligence to regulators.
Reduced Risk
Lower tribunal and regulatory risk through proper handling of concerns.
Integration Ready
Aligns with ISO 37001 (anti-bribery), ISO 37301 (compliance), and ISO 45001 (H&S).
Frequently Asked Questions
Is ISO 37002 mandatory in the UK?
No, ISO 37002 is voluntary but supports legal compliance with the Public Interest Disclosure Act (PIDA). It helps organisations demonstrate duty of care and proper whistleblowing arrangements.
Is ISO 37002 certifiable?
Currently no - ISO 37002 is a guidance standard and not certifiable. However, organisations can demonstrate alignment through independent verification and assurance reviews.
Can SMEs implement ISO 37002?
Yes, ISO 37002 is scalable and particularly valuable for SMEs seeking to formalise whistleblowing without excessive bureaucracy. Simplicity and clarity are key.
Does ISO 37002 protect anonymity?
Yes, where appropriate. The standard emphasises confidentiality and allows for anonymous reporting channels while ensuring concerns can still be properly investigated.
How long does implementation take?
Typically 2-4 months, depending on organisation size and existing arrangements. Implementation includes gap analysis, system design, training, and communication.
How Much Does ISO 37002 Cost?
The cost of ISO 37002 certification varies based on several factors. Some auditors and certifiers adopt charging models based on the project's complexity, company size, and sometimes even the company's turnover.
At Certigence, our pricing is straightforward, calculated by multiplying an agreed day rate by the number of days work. This is based on the work to be done, mitigated by any the company has done already or will be doing internally. This ensures clarity and transparency, giving you a clear understanding of the commitment before the project commences.
We provide a free telephone or Zoom enquiry with one of our auditors to find out enough about your organisation to be able to make a formal proposal without charge or obligation. This allows you to research costs for free before making any commitments!
How Can Certigence Help?
Certigence's extensive auditor network spans the entire UK and has been operating ISO systems expertise combined with industry know-how for over 25 years. This dual proficiency enables them to comprehend your unique needs and translate them into certifier-accepted procedures that genuinely suit your organisation's operations.
Our services encompass full or partial ISO system development and implementation, including GAP analysis and customised internal training to support system functionality. We craft organisation-specific reports tailored to your activities.
Beyond initial implementation, we conduct internal audits, facilitate management review meetings, and offer ongoing maintenance for short, medium, or long terms. Our presence during certification stages, if desired, ensures assessors avoid unnecessary complexity. Furthermore, we offer pre- and post-certification review services to address certifier-raised concerns, reinforcing your ISO system's effectiveness.
Process Overview
Initiation and Assessment Discussion
We engage in a free, no-obligation discussion to understand your existing systems and operations, allowing us to generate a formal proposal.
Work Commencement and Collaborative Development
Upon acceptance, collaborative work commences to create and install systems, involving you and your team to ensure alignment with your needs, your understanding and acceptance of the results and compliance with ISO standards.
Initial Assessment (Stage 1): Ensuring Systems Meet Standard
The certifier reviews that systems cover all relevant parameters correctly. You may choose to have our auditor present during the initial assessment to assist with any questions the certifier may have.
Final Evaluation (Stage 2): Achieving Certification
The auditor ensures internal audit, management review, and training aspects are covered. The certifier conducts the conclusive Stage 2 assessment, verifying operational systems' alignment with Standard requirements. Upon successful completion, you attain Certification.
Why Should You Use a Certigence Auditor?
At Certigence, we match your requirements with suitable auditors based on their industry expertise, proximity, and compatibility. In the event of a auditor's unavailability, a substitute can step in promptly, avoiding project disruptions and re-hiring expenses. Our auditors have often previously worked with certifiers, learning that side of the procedure - facilitating a seamless Certification process.
This commitment reflects in our track record - a 100% first-time certification success rate spanning over 25 years.
Ready to Speak? What Happens Next?
After contacting Certigence, you'll receive an email or a call from the Director or a auditor. Discussions about needs, timelines, reasons, and costs occur. A auditor will directly engage with you to understand your requirements and system alignment. A formal proposal is then presented for your consideration. Charges apply only from that point if you proceed with the proposal.
Build a Speak-Up Culture
Our governance auditors will help you implement ISO 37002 guidance, creating safe reporting channels and protecting whistleblowers while strengthening organisational integrity.