Safe and easy whistleblowing reporting channel
Report wrongdoings confidentially and securely with the SD Worx whistleblowing tool.
Under an EU directive, companies and organisations must have a whistleblowing policy and protect whistleblowers, people who report irregularities or wrongdoing. With our affordable whistleblower solution, you can get your reporting channel up and running quickly and easily.
The service is a reporting tool only. In order to comply with the legislation, an internal compliance assessment and organisation is needed.
5 benefits of the SD Worx whistleblower solution:
- Encrypted secure dialogue between the notifier and the recipient.
- Low cost.
- Anonymous handling and reporting.
- Case monitoring - follow up each individual report submitted.
- Graphical analysis gives a quick overview.
What is whistleblowing?
Whistleblowing is the process of reporting misconduct and wrongdoing within an organisation. This includes misconduct in areas such as public procurement, product safety, environmental protection, consumer protection and data protection. Read more on the EU website: whistleblower
How the SD Worx Whistleblowing reporting channel works
The Whistleblower tool is a user-friendly solution for reporting misconduct.
Complex reporting processes are a thing of the past. Our whistleblowing channel allows your employees to report misconduct confidentially, anonymously, with just a few clicks. This creates an internal reporting culture where everyone feels safe and heard.
All information in an easy-to-use overview
You decide how many people are registered as recipients of notifications. A handy statistics module gives you information on the number of notifications received, the average response and handling time, the validity of complaints and their status.
Getting your whistleblowing channel up in no time
- Getting acquainted
Fill in your contact details in the form on this page.
- Provide us some small configuration details
We’ll get in contact with you to get some more details in order for us to set up the whistleblowing channel. The details asked are the name of the channel + the email addresses of the case managers.
- We activate your channel
We’ll setup the whistleblowing channel for you in on average 1 business day.
No implementation or whatsoever needed from your side.
- You communicate and share the link
Upon configuration of your channel, you receive a link. You can share this link in your communication to your organisation and stakeholders.
- Test 14 days for free
You can test the whistleblowing channel for 14 days completely free with no strings attached. After your free trial ends, your subscription will automatically convert into a 12-month paid subscription and you will be charged the applicable subscription fee. Cancel anytime during your free trial to stop future charges.
The SD Worx Whistleblowing Reporting Channel includes:
- Unlimited number of reporting channels
- Unlimited number of reliable recipients
- Unlimited number of countries
- All official EU languages
- No commissioning costs
Free trial for 14 days. After the trial period, the service becomes a paid subscription. You will be invoiced annually in advance on the basis of the number of employees determined at the time of purchase. Differences are corrected by a credit note or additional invoice once the number of employees has been revised. The contract may be terminated at any time, after which the final invoice will be drawn up in accordance with usage.
Support is offered in English, Dutch and French.
Free trial for 14 days. After the trial period, the service becomes a paid subscription.
Of the entities getting a reporting channel, the total number of employees is added up. Price is at group level, not entity level.
We have chosen to centralise the management of our whistleblowing solution. If you want to get in touch with SD Worx in your local country, go to the local SD Worx website and click on contact us.
Yes, reminder emails are sent to the reporting managers.
Yes, this is certainly possible. We can place your logo in place of the SD Worx Logo at no extra cost.
Send us the logo via email@example.com.
A link can be made available to both employees and externals.
At least 2 case managers should always be added to set up the system. After that, as many people can have access as you want.
The choice of case managers is up to you. For example, this could be someone in HR or Finance, someone taking on the role of trustee/prevention adviser, a member of the Board of Directors, etc.
The solution was created to set up a whistleblowing channel in line with the EU directive, but there is nothing to prevent it from being used outside the EU.
SD Whistle is designed and built from the ground up as a secure messaging system. Security and encryption are at its core.
Keystores > Each user has exactly one keystore. A keystore contains both public and private keys of resources (reports, messages, users) the user has access to.
Keys are derived from the secp256k1 EC using a secure random function.
Each keystore contains one set of master keys. These are the user's personal public and private key.
Public keys are never encrypted.
Private keys are always encrypted.
The private master key is symmetrically encrypted using a stretched hash of the user's passphrase (which are subject to a strict password policy).
All other private keys are encrypted asymmetrically using the user's public and private keys (also includes HMAC-SHA1 signing).
Symmetric encryption scheme is AES-256.
Users are unable to access theirs or anyone else's keystore directly.
Keystore sessions are short-lived.
Secure content > Databases are encrypted using TDE (Transparent Data Encryption) to ensure security for all data at-rest. The encryption key is managed by a specialised subcontractor of SD Worx. They will only access the non-conversation content for support purposes. On top of TDE, all conversations within SD Whistle are encrypted a second time and signed using an elliptic curve integrated encryption scheme (ECIES), where only the users in the conversation (reporter & confidential advisors) have the key (derived from their password – see above) and thus the possibility to access the content. SD Worx and its subcontractors do not have the possibility to access the conversation content in any circumstance.
SD Whistle has a layered design that retains strict domains and responsibilities. Client data is stored in a separate database instance from other clients.
Authentication > SD Whistle uses keystores in conjunction with a customized OAuth2/OpenID IDP. This merger results in a secure system that does not store password hashes.
Authorization > SD Whistle employs basic role-based access that is integrated by design.
Anonymity > Reporters can choose to report anonymously. IP addresses are not logged and attachments of mainstream file types are stripped from metadata