Features: Case management

Zero trust access

Users aren't trusted by default, having no access to any case unless specifically granted.

The access rights are managed according to Role-Based Access Control (RBAC).

Roles

There are default roles (Admin, Supervisor, Lead investigator, Team member etc.) with varying access levels.

Custom roles are supported to align with company workflow.

Split of access rights ⭐

Managers can control access to case information based on region, division, and organizational hierarchy.

Users can only see cases within their own region, division, or unit.

Additional organisational levels ⭐

Additional levels of hierarchy can be added to companies with complex structures, including subregions, units, or divisions. This will be particularly useful for matrix structures.

You can also assign coordinators and teams, or establish special procedures for each additional level.

Audit log

All actions of users are collected in the audit log and can be filtered by dates or case variables, like lead investigator, case ID, category, unit, etc.

⭐ — feature is included in tariff plans “Advanced” and/or “Pro”

	Procedures ⭐ Every procedure stands as an individual business process within our unified platform, distinguished by unique access permissions, assigned coordinators, process milestones, deadlines, automated features, and alert systems. Supervisors overseeing these procedures enjoy the benefit of exclusive dashboards, ensuring no overlap with others. This level of customization is achieved regardless of shared characteristics such as category, department, or method of initiation. Variety defines our approach to procedures. Whether it's implementing escalation protocols to sidestep potential conflicts of interest, or segregating specific functions like Health, Safety and Environment (HSE), Human Resources (HR), Security, and general inquiries into distinct categories away from standard compliance activities, our platform accommodates diverse operational needs.
	Assign lead investigator To delegate a case within the system, you can click on the Case Manager and reassign it based on the case's category, unit, or as needed. You can also automate delegation for specific categories, units, or procedures. Once a case manager (lead investigator) is assigned, they will receive access rights to the case and a notification email.
	Case team In the “Involved” section, you can add and delete case team members. You can add team members to a case team to view and edit the case. If a team member leaves, they lose access. However, the platform tracks all users who ever accessed the case.
	Team messages Use the platform to communicate with the team and keep all messages in one place. Ensure all sensitive discussions are confined exclusively to the platform, pertaining solely to the relevant case. Receive email notifications for new messages.
	Investigation stages / workflow The investigation review process seamlessly integrates with your organization's existing standard operating procedures (SOPs) and guidelines. For those who are in the process of developing their SOPs, our platform offers a collection of best practice templates as a foundational resource. Each phase of the investigation can be customized with specific deadlines, notification protocols, and access controls to ensure a streamlined and secure process. To streamline interactions with reporters, our platform features a dedicated reporter's web room, equipped with response phases that align thoroughly or in part with your organization's business processes.
	Tasks and task workflows Lead investigators and supervisors can assign tasks to team members or colleagues via the platform. The tasks can be setup in different case sections: Investigation tasks, Disciplinary actions or Remediation actions. Set deadlines, assign responsibility, and attach relevant documents and facts to guide task completion. Given the repetitive nature of many investigation tasks across different cases, our platform allows you to establish a Task Workflow in advance. This can then serve as a comprehensive investigation framework or a quality assurance checklist for any subsequent case, ensuring consistency and efficiency in your process management.

Case materials

Users can securely upload files to the case describing, evaluating reliability, and citing sources.

Later materials can be used in Facts as evidence or in Tasks as an isolated item of access.

Case facts_1

Case facts

Document hypotheses or arguments and connect them between each other.

Each fact can be associated with involved parties, tasks, and supporting case materials.

To improve the quality of conclusions, each fact can be marked as confirmation or disproof of the initial allegation.

Involved parties

The platform allows you to account all individuals involved in the case, including those who had the access to a case or reviewed a notification email about it.

There are following kinds of involved parties: reporter, initiator, case manager, team members, non-team members task executors, suspects, witnesses and wrongdoers.

Case connections

Connect relevant cases automatically by involved persons or similar risks. You can also manually connect cases between each other.

Case activity log

Each case has a log that links all actions of the case participants, allowing for easy checking of what has been done. The bulk of activities trigger notifications to the designated case manager or respective stakeholders. Tailored notification preferences can be established upon request.

Case report with PDF export

The case report amalgamates every segment of the case into a meticulously organized document. It's accessible for review at any point during the response process, displaying sections that have been completed.

You have the option to either print the report or export it in PDF format

Dossier / People profiles ⭐

For every individual or company mentioned, the platform automatically generates a profile. This feature serves not only for analysis, but also for streamlining the management of gathered and stored personal data.

Such profiles encompass a range of information, including general, biographical, and contact details. They prove invaluable for monitoring the involvement of a person or entity across multiple cases, teams, or regions.

Moreover, these profiles facilitate the automatic enhancement of risk data, leveraging insights from business intelligence platforms.

Interconnectivity between profiles highlights the nature of relationships, enabling a comprehensive view of connections and interactions.

Search

Search for cases, facts, tasks, case materials, and suspect index.

Use a filter to sort cases by region, date, lead investigator, and other.

Customer care

Every user enjoys complimentary round-the-clock support through our Help portal or an in-app support widget, aligned with our standard SLA policy. Meanwhile, enterprise clients receive privileged access to direct communication channels—including phone, MS Teams, and WhatsApp—with customer success managers, who are on standby to offer more tailored or enhanced SLA support.

Our commitment to supporting all customers extends to communication campaigns, where we provide live user training sessions, along with a suite of graphic and textual resources. For enterprises, we go a step further by offering exclusive access to video explainers and extra consultation services, ensuring a comprehensive support experience.

Case team

Case team conclusions

After completing an investigation, it's important to form conclusions as a team and record them.

This involves selecting the outcome of the investigation and filling in key facts supported by evidence. Additionally, a summary should be written that will appear in the Consolidated Report and Export Table of Cases.

The assessment of substantiation is an essential part of the Team Conclusions section, serving as the cornerstone for deriving analytics on the Substantiation Rate. This metric is a critical performance indicator for evaluating the effectiveness of whistleblowing hotlines.

Management decision

Once the case team has made their conclusions, the managers can review the team's recommendations, decide whether to take action against any wrongdoers, determine what disciplinary actions need to be taken, and then compose the final message to the reporter.

Finally, there is a checklist for managers to ensure that all necessary actions have been taken.

Disciplinary actions_1-1

Disciplinary actions ⭐

After identifying wrongdoers, you can assign disciplinary actions to them.

These actions are set as tasks, including responsibilities, deadlines, and descriptions.

The responsible party can add case files and facts for better documentation.

Corrective actions - remediation plan

Corrective actions / remediation plan ⭐

To address the underlying issues and avert future complications, implementing a remediation strategy is key.

The remediation plan includes tasks where you can add responsibles, deadlines, and descriptions. Additionally, you can link the actions to risks, controls and business processes out of predefined registers located in our Echo module.

Internal control deficiencies and remediations

Simply select the specific control you want to improve and choose the corresponding risk from our risk register, Echo.

You can also create tasks with deadlines, assign responsibilities, and attach case files and relevant facts.

Templates ⭐

Create templates for feedback and final messages to reporters, with an option for automatic translation.

Business rules engine / Automations ⭐

As an automation, companies can set their rules for cases, which will automatically apply.

As a condition for starting the automation, you can set an update on the category or status of the case.

As action, users can set changing priority or status, assigning lead investigator or case flow procedure, and executing scenario.

Enterprise level uptime-1

Enterprise level uptime

We are committed to providing a 99.9% uptime on our platform and portals. To ensure this, an independent service monitors our services.

We offer a default Service Level Agreement (SLA) policy that outlines all the terms and conditions. In addition, we also sign customized SLAs with our clients as per their requirements.

Diverse data center locations

We use secured certified data centers only. We have them in different regions to comply with local laws. Currently, we have servers in EU countries, US, UAE, KSA, India and Tanzania.

Active web application firewall (WAF)

We use a web application firewall (WAF) that keeps the platform and portal secure and productive, thwarts DDoS attacks, keeps bots at bay, and detects anomalies and malicious payloads, all while monitoring for browser supply chain attacks. If requested, it allows us to set additional protection of a certain portal or a client's platform.

Encryption of communication channels

Ethicontrol's end-to-end encrypted communication guarantees that confidential information will remain such during connections between a reporter, reporting portal and case management platform.

Encryption at rest

By default, the stored data is encrypted on OS and database level.
Upon request, the client key encryption is also possible for enterprises.

Multifactor authentication ⭐

Multifactor Authentication (MFA) and Two-Factor Authentication (2FA) have emerged as the gold standards for safeguarding sensitive information.

Every user is empowered to pair an additional device and configure an authentication application for secure sign-in.

Single sign-on (SSO) ⭐

Dealing with passwords is painful for admins and less secure. Ethicontrol's platform allows users to log in with a corporate ID (MS Azure AD, Okta, Ping etc.) to the platform.

Evidence based decisions

Preserve confidentiality