ISO 37002-2021 pdf download

ISO 37002-2021 pdf download.Whistleblowing management systems一Guidelines. 4 Context of the organization 4.1 Understanding the organization and its context The organization should determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended result(s) of its whistleblowing management system. These issues may include, but are not limited to, the following factors: a) the size and structure of the organization; b) the locations and sectors in which the organization operates or anticipates operating; c] the nature, culture, scale and complexity of the organization’s activities and operations; d) the nature and needs of personnel; e) the organization’s business model; f) the entities over which the organization has control and entities which exercise control over the organization, including beneficial owner(s) of the organization; g) the organization’s business associates; h) the organization’s exposure to public interest obligations or issues; i) applicable statutory, regulatory, contractual and other obligations and duties. NOTE An organization has control over another organization if it directly or indirectly controls the anagement of the organization. 4.2 Understanding the needs and expectations of interested parties The organization should determine: a) the interested parties that are relevant to the whistleblowing management system; b) the relevant requirements of these interested parties; c) which of these requirements will be addressed through the whistleblowing management system. 4.3 Determining the scope of the whistleblowing management system The organization should determine the boundaries and applicability of the whistleblowing management system to establish its scope. When determining this scope, the organization should consider: a) the external and internal issues referred to in 4ZL b) the requirements referred to in 42; c) who can report (internal/external interested parties), from where (regions/geographic) and what types of wrongdoing are covered by the system (see Figure 2) d) the outcomes of any compliance risk assessment or equivalent, as available. Organizations can reference ISO 37301 for compliance risk assessment and ISO 31000 for risk management. The types of wrongdoing that can be addressed through the whistleblowing management system, if reported, are important to its scope. Not all reports made to the whistleblowing management system will be within its scope, and a single report can include information about multiple types of wrongdoing, some within scope and others outside of scope. The organization should identify what other processes. existing or planned, will he used to resolve reported wrongdoing that is not within the scope of the whistleblowing management...