The German Whistleblower Protection Act (HinSchG) came into force on July 2, 2023. This means that companies and organizations with 250 or more employees must first have a whistleblower system in place that enables the confidential reporting of compliance violations and protects the identity of whistleblowers. Companies with 50 or more employees are obliged to set up such a whistleblower system by December 17, 2023.
The industry-open, digital whistleblower system in our integrated software solution R2C_GRC not only supports your company in implementing the far-reaching requirements of the German Whistleblower Protection Act (HinSchG) in full and in compliance with the GDPR.
The reporting processes of the digital whistleblowing system in R2C_GRC are based on three workflows: Standard, Validation and Whistleblowing. These determine how incoming reports are processed. The standard reporting forms can be flexibly adapted to the types of reports used and can be accessed via a central entry page. Alternatively, it is possible to integrate the reporting forms into an intranet page.
The whistleblowing software module in R2C_GRC offers a flexible public reporting platform on the intranet or internet. Whistleblowers can use it to initiate the reporting process easily and confidentially, for example by reporting an incident, a breach of rules or an idea. "Public" means that no login to the system is required. Whistleblowers can track their report using the report key that they receive when sending the report and in the optional automatic confirmation of receipt.
Confirmations of receipt are sent by e-mail for confidential reports in which the reporting person voluntarily enters personal data. In the case of anonymous reports where the reporting person is unknown, the confirmation of receipt is entered in a communication history. Reports received via other reporting channels, e.g. in writing, by telephone or in person, can be easily documented in the system by R2C_GRC users with the "Report manager" role.
The notification managers process all notifications received in the R2C_GRC whistleblower system. The reports can be evaluated and linked to risks and causes. To clarify the reported issue, anonymous communication with the whistleblower is possible and expert opinions can be requested. Finally, measures can be derived and documents attached. A dashboard and individual reports are available for evaluating the reports.
Full flexibility with our tariffs! Even after the introduction of our R2C software solution, we won't leave you on your own: our services take the strain off your work. When you book one of the various framework tariffs, you can select exactly the modules that meet your requirements from the following modules.
- Individual welcome page
- Freely configurable registration forms, depending on the context
- Documents, images etc. can be linked and uploaded
- Feedback function
- The whistleblower can subsequently communicate with the processing team or the report managers, even anonymously
- Message is forwarded to "Anonymizer " (message validator) via workflow.
- Message is only visible to this role.
- "Anonymizer" is informed of receipt of new message by e-mail.
- Report is checked and approved by "Anonymizer".
- Editorial processing of the report
- Release of the report and forwarding to the processing team or report manager.
- Message is forwarded to processor (message manager). Assignment of rights by means of role concept.
- Processor is informed of receipt of new message by e-mail.
- Report is processed by report manager.
- Possibility to ask questions to whistleblowers (anonymous or non-anonymous).
- Possibility to obtain opinions from technical experts, e.g. legal department.
- Multi-dimensional evaluation possible, e.g. FMEA
- Causes can be stored.
- Reports can be categorized.
- Linking with other entities possible (risks, processes, measures, controls, indicators, damage, etc.)
- Message status freely definable
- Linking with other entities possible (e.g. risks)
- Tracking of measures
- E-mail reminders
- Outlook integration, using Outlook tasks
- Various online overviews
- Confirmation function for controls
- Control managers can be automatically prompted by the software at regular intervals to confirm the controls and provide a result for the effectiveness of the control.
- The evaluation team can monitor the follow-up in the overview of control confirmations and make a statement on the effectiveness of the implemented controls.
- Customized reporting
- Possibility to create your own reports.
- Excel report generator enables the creation of reports using all Excel functions (diagrams, formulas, macros...).
- Storage of your own corporate design
- Lists and online overviews / reports
- List views can be freely configured for each user.
- Export of list views to Excel
- Dashboard
- Message description (Word report)
In order to generate the best possible benefit for your company, our integrated R2C_GRC software goes far beyond the functional scope of standard solutions. Equipped with special functionalities and features, our whistleblowing system is able to make the reporting process in your company so efficient that you can achieve the goal of transparent business processes more quickly:
Notifications received via the public notification platform must go through the "Validate notification" process step before they can be processed. Only when a user with the role of "message validator" has checked, anonymized and released the message for processing are the messages visible to message managers. Validation is integrated as the first process step in the "Validation" and "Whistleblowing" workflows.
The "Whistleblowing" workflow takes into account the requirements of the German Whistleblower Protection Act (HinSchG) and the so-called "EU Whistleblower Directive".
When obtaining statements, the experts created for this purpose can be saved and used again later for further statements. The "Save expert" option can be used for this in the statement. Experts can also be managed centrally in the settings menu of the digital whistleblowing system. Existing experts can be selected in the statement via "Expert".
For comments, a deadline can be set by which the experts should submit their statement. If no response is received by the deadline, the application automatically sends reminder emails. These can be configured in the options dialog "Email options (reporting system)" in the notification "Reminder of pending statement".
The whistleblowing system dashboard can be saved by users as their own start page. This is displayed directly after the application.
The R2C_GRC whistleblower system not only provides an overview, but also a separate evaluation of the reporting measures. Filtering by notification type is also possible here.
The "Message description" report can also be called up contextually in the Reports menu, starting from the list of messages. This makes it possible to create the report for a selected subset of the messages.
The "My portfolio" report shows the notifications for which the respective user is responsible in separate lists for each notification type.
To prevent attackers from overfilling the whistlerblower system in R2C_GRC with computer-generated messages, an optional CAPTCHA verification can be activated for the external creation of messages. An alphanumeric code must be entered if an anonymous report page is used. Verification can be activated via the "Use CAPTCHA for external message entry" option in the options.
If an external notification is recorded, a QR code is displayed to the notifier. This can be scanned with mobile devices to obtain a link to the report. This link can be saved for later message tracking. This is an alternative option to calling up the message via key entry.
