Our whistleblower system (EQS Integrity Line) guarantees the whistleblower’s anonymity and ensures that their identity cannot be traced by technical means. EQS Integrity Line is hosted on external ISO 27001-certified high security servers. No IP addresses, location data, device specifications or other data that could allow conclusions to be drawn as to the identity of the whistleblower are stored on these servers.
The whistleblower can decide for themselves whether they want to remain anonymous or provide any personal information. In any case, the content of the report is transmitted in a highly encrypted form using a public-private key procedure (PGP) with 2048 RSA bit. In addition, all server communications take place via a secure HTTPS connection.
Both EQS as a company and their software development for the EQS Integrity Line is certified to Information Security Standard ISO 27001. The product development and its continuous development follows the “Security by Design” principle.
In addition, the system ensures full compliance with EU GDPR and worldwide data protection regulations, both for the whistleblower in the reporting process and for the case handler in the integrated case management.
EQS Integrity Line meets the highest security and encryption requirements (data transmission and access) and thus guarantees absolute confidentiality for submitted reports.
- ISO 27001-certified high-security computer center
- Systems security confirmed by annual external penetration test
- SSL-certified connection
- Cryptographically complex storage procedure
- Case specific encryption
- Key in the customer’s hand (neither EQS nor other third parties have access to content)
- Access to content via detailed authorization system
- Various IT security modules e.g. for user administration and data protection
- Complete protection of the whistleblower’s anonymity
- Regular security audits and penetration tests
EQS Integrity Line can be provided in any language worldwide. Text templates are already available in the Best Practice Standard in over 43 languages.
EQS Integrity Line offers various packages and configurations to meet different customer requirements. Out of the box solutions can be available within a few days with minimal effort on the customer’s side. Customized solutions with extended case management functions are usually available for operational use within 4 to 8 weeks. During implementation, our experienced project managers are at the customer’s side for optimal implementation and best practice consulting.
EQS offers the client various best practice templates for quick and easy whistleblower system implementation. These templates can be adopted 1:1 or adapted according to the customer’s requirements. Templates are already available in over 30 languages and can also be transferred into any language. In addition to templates, our experienced project managers are also available at any time to provide advice and support to the customer throughout the entire implementation phase of the whistleblowing system.
EQS supports compliance with the European Data Protection Regulation (GDPR) and other data protection regulations worldwide through various measures at the organizational, technical and functional level:
At the organizational level, through measures taken for information security and data protection in the form of a proper and certified ISMS according to ISO27001 standards. This is subject to regular internal and independent audits.
On the technical level, EQS Integrity Line was developed according to the highest standards for data protection and security. This means
- no logging of personal data of visitors and whistleblowers
- encryption of data in transit and stored data
- no metadata analysis or research with our customer data
- opportunities for data protection notifications (disclaimers) and other information during the reporting process
- activating various security functions in relation to access and processing of data
At the functional level, EQS Integrity Line supports the case handler in the frequent tasks and activities related to internal data protection processes. This includes:
- dynamic reminders and notifications when certain data protection criteria occur, including indication of necessary actions
- Support of anonymization of case details (e.g. personal data) and optionally also file attachments
- Automation of internal approval procedures and dual control principle for sensitive case handling actions
- Granular authorization management and role concept for fine-tuning access to sensitive case contents
Whistleblowing systems are a central component of an effective compliance management system in companies according to international standards. Approximately two thirds of company irregularities detected are uncovered by whistleblowers. A functioning whistleblower system is therefore more important as a control element than management and external and internal audit combined.
In recent years, many countries have spoken out unequivocally in favor of the legal protection of whistleblowers and thus the establishment of safe and protected whistleblower systems, for example France with its Sapin 2 law and the EU with its directive on the protection of persons reporting on breaches of Union law. The EU directive came into force on 16 December 2019 and must be implemented by EU member states by the end of 2021. By this date at the latest, companies must make internal whistleblower systems available.
Whistleblower systems thus not only protect whistleblowers (employees, customers, suppliers, etc.), but also protect the company from reputational damage and financial risks.