System Guides

ISO 18788 Clause 7.4.5 highlights the importance of communicating the whistle-blower policy within the Security Operations Management System (SOMS). This policy encourages individuals working on behalf of the organization, who have a reasonable belief that a non-conformance with the International Standard has occurred, to report such instances either internally or externally to the appropriate authorities. Here are the key elements of this clause:

Clause 7.4.5 - Communicating Whistle-Blower Policy:

1. Policy Communication: The organization is responsible for communicating the existence and details of its whistle-blower policy to individuals working on its behalf. This policy should be made known to employees, contractors, subcontractors, and other relevant stakeholders.

2. Reporting Non-Conformance: The policy should explicitly state that individuals who have a reasonable belief that a non-conformance with the International Standard has occurred have the right to report it.

3. Anonymous Reporting: The policy should emphasize that individuals can choose to report non-conformance anonymously. This means that their identity will not be disclosed when making a report.

4. Internal and External Reporting: Individuals should be informed that they can report non-conformance internally within the organization. Additionally, they should be aware of the option to report non-conformance externally to appropriate authorities if they choose to do so.

5. Protection of Whistle-Blowers: The policy should include provisions to protect whistle-blowers from retaliation or adverse actions as a result of their reporting.

6. Confidentiality: Measures should be in place to maintain the confidentiality of whistle-blower reports, protecting the identity of those who choose to remain anonymous.

7. Awareness and Training: The organization should ensure that individuals working on its behalf are aware of the whistle-blower policy and receive appropriate training on how to use the reporting mechanism.

In summary, Clause 7.4.5 encourages organizations to establish and communicate a whistle-blower policy that allows individuals to report non-conformance with the International Standard without fear of retaliation. This policy should provide options for both internal and external reporting and emphasize the protection of whistle-blowers' identities.