Skip to content.

To consistently uphold our priorities, we focus on four key aspects

1
Advanced data privacy and security settings

2
A flexible, reliable service platform

3
Commitment to legal compliance globally

4
Adherence to ISO 27001

Advanced data privacy and security settings

Protecting sensitive data is vital for our customers – and it’s at the heart of all NAVEX WhistleB functions. By default and design, security is embedded within the system, protecting organizations across Europe and the world and ensuring their confidential data remains confidential.

  • Secure multi-factor authentication
  • Intrusion detection and prevention
  • Data encryption in transmission and storage
  • Activity logs by case and by users
  • Redundancy of data to prevent loss

A flexible, reliable service platform

We use Microsoft Azure as our hosting and development platform service, which gives us the most comprehensive compliance offerings, certifications and 24/7/365 operation.

These platform services have data center security measures to protect against power failure, physical intrusion and network outages.

Microsoft Azure has a broad range of certifications and is committed to their annual renewal. Their certifications include:

  • ISO 27001 – the international standard for information security management
  • ISO 27018 – the international standard for protecting personal data in the cloud
  • Cloud Security Alliance

You can access Microsoft Azure’s security management and compliance statements through the Microsoft Trust Center.

Adherence to ISO 27001

Our Information Security Management System (ISMS) complies with ISO/IEC 27001:2017. It ensures information security and personal data management are considered throughout the service lifecycle.

The ISMS governs NAVEX WhistleB’s internal processes and our relationships with customers, partners and suppliers, helping us ensure customer data confidentiality, integrity and availability.

How does the WhistleB whistleblowing system comply with the EU Whistleblower Protection Directive?

The NAVEX WhistleB whistleblowing system adheres to the EU Whistleblower Protection Directive (“Directive”) requirements and continuously monitors national legislation to maintain compliance. Using NAVEX WhistleB, your organization can meet the Directive’s minimum standards.

These standards, along with the ways our system supports you in meeting them, include:

  • Secure channels for receiving reports and ensuring confidentiality

    NAVEX WhistleB’s end-to-end encrypted communication guarantees technical anonymity for whistleblowers and protects the identities of all involved.

  • Prompt acknowledgment of receipt

    Secure communications and clear next steps allow organizations to provide confirmation to whistleblowers within seven days of receiving the report – and understand what to do afterward.

  • Impartial follow-up and communication

    The NAVEX WhistleB Case Management tool allows users to follow up on cases after receiving a report.

  • Complete and confidential record keeping

    NAVEX WhistleB includes activity and user logs, ensuring secure record-keeping throughout case management and investigation.

  • Diligent follow-up on reports

    Our Resource Center provides information on national legal requirements, guiding organizations in meeting reporting standards. You can also set automated case deadline reminders for case managers.

  • Timely feedback for whistleblowers

    NAVEX WhistleB enables feedback to be provided to the reporter within three months of the acknowledgment of receipt.

  • Accessible information on external reporting

    Once confirmed by each region’s legislation, the NAVEX WhistleB Resource Centre offers up-to-date, clear information on external reporting procedures.

  • GDPR-compliant processing

    NAVEX WhistleB’s encrypted system, secure EU data storage and controlled access ensure compliance with the GDPR requirements for handling personal data.

Start or accelerate your whistleblowing journey, starting today!

Learn more about NAVEX WhistleB.