Painless ethics management methodology

Our methodology
Ethicontrol platform
We developed a vision reflecting our philosophy, industry experience and subject matter expertise.
It comprised of the 19 principles and key vision statements:
Our initial idea was to help clients succeed in integrity management and avoid common mistakes and pitfalls.
So, we have embedded the methodology into Ethicontrol's operating model and default configuration of the software platform.

Afterwards, most of the statements were confirmed by industry frameworks like EU Whistleblowing Directive and ISO 37002 Whistleblowing Management System.


ethics incident management


ethics incident management
No mistakes
Fair cost

Outsourced whistleblowing should be a low hanging fruit project for compliance officers.

We normally rollout our solutions within a week.
Starting from a day one, you can use our systems within standard configuration not waiting for your own SOP or adaptations.
Our systems are web-based and independent of user terminals or operating systems, multilingual and mobile-friendly.
Just send us your standard operating procedures (SOPs) or brand guidelines, and we will take care of the rest.
All of the process attributes (statues, priorities, risks, workflows), notifications, buttons, colors can be changed.
We are also flexible in terms of server locations or rollout scenarios.
Rapid rollouts
Highly customisable
Apart from software, we will also take care of legal requirements, translations, telecommunication arrangements (toll-free numbers, IVRs etc.), communication campaign, training, ongoing support.
Should you need to enrich your data with business intelligence or with open data, we have got an API for that.
As well as for information exchange with your ERP or CRM system.
One stop shop
API for integrations

Ethics is not for trial & error. Our clients must succeed from the first attempt.

Our solutions will help you comply with EU Whistleblowing Directive, FCPA, FCA, SOX, FSGO, SAPIN 2, UKBA, ISO 37001, ISO 37002, Global Compact, GDPR and your local regulations.
At the same time, our features enable you to go further, improving your processes and risk management.
We know what works as well as what process design decisions can harm.
Our regular monthly fees depend on your success.
So, we developed the methodology and embedded it into our systems in addition to compliance requirements to help you avoid pitfalls and mistakes.
Beyond compliance
Proven methodology
We have prepared a bunch of posters, stickers, risk-forms, web-pages or email templates to be used during your setup and communication campaign.
Should you need inspiration for your Code of Conduct, Standards Operating Procedures (SOP) or Compliance policies, we will equip you with our templates.
We will train your user, making sure you get most from our solutions.
We will advise you on key decisions during rollout, making sure you succeed with your compliance program and projects.
Supporting materials
Training and help

Ethics is a must, not a luxury. Compliance software pricing should be fair.

Involve as many users as possible. Leverage other departments in your compliance / security / risk management workflows.
Our solutions are priced per company and per feature basis.
Ethics management should be available for a company of any size!
You can mix & combine features and options irrespective of our standard tariff plans. We will provide you with our best quotation tailored to your jurisdiction, ToR, compliance requirements or maturity of the company.
No user seats charges
Flexible tariff plans
Regardless of your feature plan we provide with all available features for the first 9 months.
You get all updates and new features instantly on the subscription model.
Or you get three years of free updates and new feature releases when using our boxed (on premise) solutions.
Full feature period
Free updates & support
Encourage reporting and protect whistleblowers
Promote speak-up culture. Establish a culture of free and open discussions. Support open door policy.
Help employees express their thoughts whenever possible.
Train employees to identify retaliation for speaking up.
Train employees to identify fraud and misconduct and how to report it.

Run culture, trust and fraud awareness surveys with a special section on whistleblowing.

Insert whistleblowing and speak-up into staff welcome packs and introduction training.
Establish a tone from the top respecting the importance of ugly truth.

Establish zero tolerance and the most severe disciplinary sanctions for retaliation of whistleblowers or those who openly speak up. Showing a bad attitude towards whistleblowing as a cause should also be considered retaliation.
Protect confidentiality and anonymity
When it comes to whistleblowing the trust of reporters is the key success factor. A company gains the trust by different actions, from secure intake of reports to fair decisions and remediation actions.

All messages should be kept confidential. The confidentiality is the best source of reporters protection and hotline promotion.
The company should:
  • guarantee that all information will remain confidential and no-one except for designated investigation team and ethics committee will be informed about the existence of the report, the case or its details.
  • train top managers, investigation team to keep confidentiality during investigation, interviews, document requests or reporting.
  • establish responsibility for breaching the confidentiality
  • establish controls over information assets which store confidential information.

The best way to keep reporters protected is let them stay anonymous. The anonymity is one of the ways to keep confidentiality.

The best way to keep reporters anonymous is to make sure that it will be impossible to trace them (by phone, by digital footprints, by voice, by metadata). This can be achieved engaging an independent third-party like Ethicontrol.
Third-party providers don't depend on the owners, management, security services and any other employees of a company. Ethicontrol's autonomy allows us to call things by their proper names and not deviate from the main task of our company - preservation of reporters anonymity and confidentiality.
The best way to protect whistleblowers for Ethicontrol is to know nothing about them not being technically to uncover, log or analyse. That is why as a part of Ethicontrol's "Zero-knowledge policy" we came up with the architecture of our system which separates physically reporters' portal from a case management system. The reporters portal does not collect any digital footprints and is script free, meeting that reporters can use identity blockage tools and still be able to use the whistleblowing tool.
Protect reported messages
All incoming reports (100%) must be registered, provided that they contain the minimum information necessary for the next steps.
There is no space for discussions about the risks of spam or a need for filtering of any kind.

The reporters' messages and other info should be protected from deletion and alteration. It should never be deleted. Even wrong or spam messages should be protected from deletion.

To the possible extent, there should be no barriers or intermediaries between a reporter and an investigation team. Most reporting channels should support the direct registration of reports without any human or manual involvement, except for the phone channel. Even for the phone channel, the reporters should have the option to review the original transcript and provide more details on their own.

The best way to ensure the messages are protected is to pass the control over them beyond the company. It is the company which is mostly interested in hiding / altering the information. A reputable third-party whistleblowing provider is a guarantee that a company will not have any control over the data and that most of the risks concerning messages are covered.
Structuring instead of filtering
According to principle No 3, all incoming messages should be registered, provided that they contain the minimum information necessary for the next steps.

But, how to deal with messages:
  • with wrongful information;
  • with incomplete information;
  • with not understandable rubbish;
  • with intentional and unintentional spam?
What if the capacity of a response team is not sufficient to deal with a massive number of unreliable and unclear incoming info?

We believe that our clients should successfully deal with such challenges. And the ideal way is through training reporters.
Such training can be done live or through video explainers, posters, articles, and published policies and manuals.

Also, you can do it via a guided step by step registration of the report. We suggest carefully drafting interview scripts and web intake user experience, ensuring that a poorly trained whistleblower will leave a well structured and useful message.

Continuous dialogue with the reporter and accountability.
Whistleblowing is effective when one side is ensured it will be heard and the other is ready to listen.

Appreciate sincere reporters. The information we get is not always pleasant and serves the interests of the company - still, every report has to be analysed and answered. Regardless of the company's decision, the reporter should feel that the company cares about its employees and takes all concerns seriously. The reporters know their future reports will be considered by getting feedback, so they are more encouraged to report.

Do not forget about the aftercare of those involved. Following up on a reporter should be standard practice. Reporters should be informed not only about the start of the investigation but its closure and results. Let the reporter know if any actions were taken - if not, explain why the company dismissed the report. If any delay takes place, it is normal to inform the reporters, so they understand the approximate investigation time.

This way, you manage the reporters' expectations and train them to be more efficient in the future by uploading relevant information and knowing the process.

Maximum transparency.
Investigate with integrity
Visible handle and complete reports

Avoid conflicts of interest throughout the process: from registration to ethics decision
Escalation procedure to avoid self-review.

The information is reviewed only by persons who are not biased and involved in the relevant process, allowing them to objectively and independently define facts and draw conclusions.

A prioritisation is an important tool in managing reports - you do not miss the urgent ones but also keep track of the less important ones at the moment.

Make sure you have a set of criteria to evaluate the case: it can be reputational damage, a threat to life, financial damage and more. Sorting out the cases will also help you manage your time. You will be given limited days to finish the investigation and submit a report. An assigned priority to a simple case can also ensure that the case is not forgotten and evaluated, so the reporter knows about the estimated timeframe.
Whole event life cycle in a single system
We built a system that allows tracking all the events and keeping a clear focus on them by using three components with one strategy.

Speak up / Whistleblowing communication platform. The reporters can use the platform to file their reports and later track the case's progress. With notifications, the reporter will always be aware of the updates on the case and be ready to provide additional information.

Ethics incident management.

Investigations & case management.
Involve non-compliance users.
You might need people outside of your team to accomplish the investigation and speed up the process in general.
We encourage inviting different professionals from other teams to share the experience and help each other with the case details. Accountants, HRs, managers - anyone can contribute to the process.

An investigation officer cannot be an expert in everything and should not be doing anything - taking care of the best use of own resources. Thus, the officer should focus on his / her core competences: the investigation strategy, methodology and manage the team, leaving the fact finding and number crunching to more applicable staff.

We made this communication secure by creating tasks - it allows compliance officers to invite anyone for the investigation and, at the same time, limit their access rights.
Set due dates control
Restriction of tasks by time and control of their execution.
Validate and evaluate evidence
Set clear criteria for case materials to be considered as evidence.
Differentiate different level of evidence reliability.
Make sure that the case is compiled of reliable evidence.
Only substantiated facts with verified evidence are taken into account.
Fair sanctions
Standardisation and automation to increase productivity and fairness.
You will study History of Art, which covers the period from the fall of the Roman Empire until the end of the Counter-Reformation. This will include non-Western material.
Case report ready from the first day.
You will study History of Art, which covers the period from the fall of the Roman Empire until the end of the Counter-Reformation. This will include non-Western material.
Lack of a conclusion is also a conclusion.
You will study History of Art, which covers the period from the fall of the Roman Empire until the end of the Counter-Reformation. This will include non-Western material.
Fair decisions and sanctions
You will study History of Art, which covers the period from the fall of the Roman Empire until the end of the Counter-Reformation. This will include non-Western material.
Learn from violations
You will study History of Art, which covers the period from the fall of the Roman Empire until the end of the Counter-Reformation. This will include non-Western material.
Report on reports
You will study History of Art, which covers the period from the fall of the Roman Empire until the end of the Counter-Reformation. This will include non-Western material.
We will get in touch with you!
Painless ethics management and compliance is a click away from you.
Approximate employees count
Confirm your interest
We promise not to spam you. We also care about confidentiality and personal data protection.