System Guides

ISO 18788 Clause 7.4.4 focuses on the communication of complaint and grievance procedures within the Security Operations Management System (SOMS). This clause emphasizes the importance of making these procedures accessible and transparent to both internal and external stakeholders. Here are the key elements of this clause:

Clause 7.4.4 - Communicating Complaint and Grievance Procedures:

1. Communication to Stakeholders: The organization is required to communicate its complaint and grievance procedures to both internal and external stakeholders. This ensures that individuals and entities interacting with the organization are aware of how to raise concerns or issues.

2. Public Availability: The procedures should be made publicly available, preferably on a website. This approach makes it easier for stakeholders to access the information they need to file complaints or grievances.

3. Minimizing Obstacles: The organization should take steps to minimize obstacles to access these procedures. This includes considering factors such as language barriers, educational levels, and fears of reprisal. The goal is to ensure that anyone, regardless of their background or circumstances, can easily use the complaint and grievance mechanisms.

4. Confidentiality and Privacy: The procedures should take into account the need for confidentiality and privacy. Stakeholders should feel comfortable using the mechanisms without concerns about their information being disclosed without their consent.

In summary, Clause 7.4.4 underscores the importance of transparent communication regarding complaint and grievance procedures. Making these procedures publicly available and accessible to all stakeholders, while addressing language and privacy concerns, contributes to the effectiveness of the SOMS and the organization's commitment to addressing concerns and issues raised by stakeholders.

ISO 18788 Clause 7.4.5 highlights the importance of communicating the whistle-blower policy within the Security Operations Management System (SOMS). This policy encourages individuals working on behalf of the organization, who have a reasonable belief that a non-conformance with the International Standard has occurred, to report such instances either internally or externally to the appropriate authorities. Here are the key elements of this clause:

Clause 7.4.5 - Communicating Whistle-Blower Policy:

1. Policy Communication: The organization is responsible for communicating the existence and details of its whistle-blower policy to individuals working on its behalf. This policy should be made known to employees, contractors, subcontractors, and other relevant stakeholders.

2. Reporting Non-Conformance: The policy should explicitly state that individuals who have a reasonable belief that a non-conformance with the International Standard has occurred have the right to report it.

3. Anonymous Reporting: The policy should emphasize that individuals can choose to report non-conformance anonymously. This means that their identity will not be disclosed when making a report.

4. Internal and External Reporting: Individuals should be informed that they can report non-conformance internally within the organization. Additionally, they should be aware of the option to report non-conformance externally to appropriate authorities if they choose to do so.

5. Protection of Whistle-Blowers: The policy should include provisions to protect whistle-blowers from retaliation or adverse actions as a result of their reporting.

6. Confidentiality: Measures should be in place to maintain the confidentiality of whistle-blower reports, protecting the identity of those who choose to remain anonymous.

7. Awareness and Training: The organization should ensure that individuals working on its behalf are aware of the whistle-blower policy and receive appropriate training on how to use the reporting mechanism.

In summary, Clause 7.4.5 encourages organizations to establish and communicate a whistle-blower policy that allows individuals to report non-conformance with the International Standard without fear of retaliation. This policy should provide options for both internal and external reporting and emphasize the protection of whistle-blowers' identities.