Safe and easy whistleblowing reporting channel

Report wrongdoings confidentially and securely with the SD Worx whistleblowing tool.

Under an EU directive, companies and organisations must have a whistleblowing policy and protect whistleblowers, people who report irregularities or wrongdoing. With our affordable whistleblower solution, you can get your reporting channel up and running quickly and easily.

The service is a reporting tool only. In order to comply with the legislation, an internal compliance assessment and organisation is needed.

Free trial for 14 days

5 benefits of the SD Worx whistleblower solution:

Encrypted secure dialogue between the notifier and the recipient.
Low cost.
Anonymous handling and reporting.
Case monitoring - follow up each individual report submitted.
Graphical analysis gives a quick overview.

Try the whistleblowing tool free of charge for 14 days.

Free trial for 14 days

Legally safe

We guarantee secure and encrypted communications for the whistleblower - our solution is GDPR and ISO27001 compliant.

100% compliant

Complies with the EU Whistleblowing Directive. Available in all official EU languages.

Simple and quick deployment

A cloud-based tool that requires no installation.

Easy to use

A user-friendly application for all types of organisations, including international companies.

What is whistleblowing?

Whistleblowing is the process of reporting misconduct and wrongdoing within an organisation. This includes misconduct in areas such as public procurement, product safety, environmental protection, consumer protection and data protection. Read more on the EU website: whistleblower

How the SD Worx Whistleblowing reporting channel works

The Whistleblower tool is a user-friendly solution for reporting misconduct.

Complex reporting processes are a thing of the past. Our whistleblowing channel allows your employees to report misconduct confidentially, anonymously, with just a few clicks. This creates an internal reporting culture where everyone feels safe and heard.

Clear

All information in an easy-to-use overview

You decide how many people are registered as recipients of notifications. A handy statistics module gives you information on the number of notifications received, the average response and handling time, the validity of complaints and their status.

Getting your whistleblowing channel up in no time

Getting acquainted
Fill in your contact details in the form on this page.
Provide us some small configuration details
We’ll get in contact with you to get some more details in order for us to set up the whistleblowing channel. The details asked are the name of the channel + the email addresses of the case managers.
We activate your channel
We’ll setup the whistleblowing channel for you in on average 1 business day.
No implementation or whatsoever needed from your side.
You communicate and share the link
Upon configuration of your channel, you receive a link. You can share this link in your communication to your organisation and stakeholders.
Test 14 days for free
You can test the whistleblowing channel for 14 days completely free with no strings attached. After your free trial ends, your subscription will automatically convert into a 12-month paid subscription and you will be charged the applicable subscription fee. Cancel anytime during your free trial to stop future charges.

Pricing

The SD Worx Whistleblowing Reporting Channel includes:

Unlimited number of reporting channels
Unlimited number of reliable recipients
Unlimited number of countries
All official EU languages
No commissioning costs

Free trial for 14 days. After the trial period, the service becomes a paid subscription. You will be invoiced annually in advance on the basis of the number of employees determined at the time of purchase. Differences are corrected by a credit note or additional invoice once the number of employees has been revised. The contract may be terminated at any time, after which the final invoice will be drawn up in accordance with usage.

Support is offered in English, Dutch and French.

Free trial for 14 days. After the trial period, the service becomes a paid subscription.

Activate in 5 minutes

Whistleblower FAQ

How is the price calculated if there are multiple entities?

Of the entities getting a reporting channel, the total number of employees is added up. Price is at group level, not entity level.

Why is the support only in English, Dutch and French?

We have chosen to centralise the management of our whistleblowing solution. If you want to get in touch with SD Worx in your local country, go to the local SD Worx website and click on contact us.

Are reminder e-mails sent to the reporting managers when response deadlines are about to expire?

Yes, reminder emails are sent to the reporting managers.

Can I add my own logo to the whistleblower channel?

Yes, this is certainly possible. We can place your logo in place of the SD Worx Logo at no extra cost.

Send us the logo via marketplace@sdworx.com.

How can outsiders/interims access the whistleblowing solution?

A link can be made available to both employees and externals.

How many case managers should be added?

At least 2 case managers should always be added to set up the system. After that, as many people can have access as you want.

Who should I add as a case manager?

The choice of case managers is up to you. For example, this could be someone in HR or Finance, someone taking on the role of trustee/prevention adviser, a member of the Board of Directors, etc.

Can the SD Worx whistleblowing solution also be used in non-EU countries?

The solution was created to set up a whistleblowing channel in line with the EU directive, but there is nothing to prevent it from being used outside the EU.

Is there any information on the various information security measures?

SD Whistle is designed and built from the ground up as a secure messaging system. Security and encryption are at its core.

Keystores > Each user has exactly one keystore. A keystore contains both public and private keys of resources (reports, messages, users) the user has access to.

Keys are derived from the secp256k1 EC using a secure random function.

Each keystore contains one set of master keys. These are the user's personal public and private key.

Public keys are never encrypted.

Private keys are always encrypted.

The private master key is symmetrically encrypted using a stretched hash of the user's passphrase (which are subject to a strict password policy).

All other private keys are encrypted asymmetrically using the user's public and private keys (also includes HMAC-SHA1 signing).

Symmetric encryption scheme is AES-256.

Users are unable to access theirs or anyone else's keystore directly.

Keystore sessions are short-lived.

Secure content > Databases are encrypted using TDE (Transparent Data Encryption) to ensure security for all data at-rest. The encryption key is managed by a specialised subcontractor of SD Worx. They will only access the non-conversation content for support purposes. On top of TDE, all conversations within SD Whistle are encrypted a second time and signed using an elliptic curve integrated encryption scheme (ECIES), where only the users in the conversation (reporter & confidential advisors) have the key (derived from their password – see above) and thus the possibility to access the content. SD Worx and its subcontractors do not have the possibility to access the conversation content in any circumstance.

SD Whistle has a layered design that retains strict domains and responsibilities. Client data is stored in a separate database instance from other clients.

Authentication > SD Whistle uses keystores in conjunction with a customized OAuth2/OpenID IDP. This merger results in a secure system that does not store password hashes.

Authorization > SD Whistle employs basic role-based access that is integrated by design.

Anonymity > Reporters can choose to report anonymously. IP addresses are not logged and attachments of mainstream file types are stripped from metadata