Skip to Content
JTW-JME-04 Justice, Trade & Work Justice & Market Ethics CORE Excellence v2.9.7

Whistleblowing protection tested (Speak‑Up)

Verifies the annual testing of whistleblower protections to uphold justice (‘adl), trust (amānah), and the duty of enjoining right and forbidding wrong (Qur’an 3:104). This ensures employees and volunteers can safely report misconduct as a form of sincere counsel (naṣīḥah), safeguarding organizational integrity by proactively addressing ethical risks before they harm stakeholders.

Assessment Questions
  1. Does the organization have a formal, documented process for testing the effectiveness and security of its whistleblower channels and protection mechanisms?
  2. Show the last year’s test script(s) and pass/fail criteria used for each channel. Did they verify acknowledgment, triage, and confidentiality?
  3. Provide evidence of Conflict of Interest (COI) triage routing (e.g., when senior leaders are implicated) and how this was tested.
  4. Show the ‘Prescribed Persons’ decision-tree and a test case proving correct signposting, including Charity Commission Serious Incident Reporting triggers.
  5. How does the organization ensure the testing process is independent and objective? Provide the independent reviewer’s report and management responses.
  6. What data protection controls are in place (Whistleblowing Privacy Notice, DPIA, vendor due diligence for hotlines)?
  7. How do whistleblowing and safeguarding pathways interface in practice? Show the decision-tree for immediate escalation (e.g., LADO/MASH).
  8. What aftercare and retaliation monitoring are provided to reporters? Show the retaliation monitoring log and metrics for the last 12 months.
  9. How are volunteers, contractors, and trustees covered by the policy and informed of their protections?
  10. What proportion of staff/volunteers can identify at least two channels (last pulse %)?
  11. How are findings from tests used to implement improvements (e.g., policy updates, enhanced training)?
Evidence Requirements
  • Documented whistleblower protection testing plan and schedule.
  • Test scripts and records of tests conducted (e.g., mystery reporter logs, penetration tests).
  • Independent Whistleblowing Effectiveness Report submitted to the board/Audit & Risk Committee.
  • Prescribed Persons & Regulators Register and SIR Trigger Matrix.
  • Safeguarding/Whistleblowing escalation decision-tree.
  • Whistleblowing Privacy Notice and vendor due diligence records (contracts/security certs).
  • Retaliation monitoring logs and aftercare records.
  • Evidence of implemented improvements (action log) and re-test results.
  • Staff/volunteer awareness survey results.
  • Evidence of external benchmarking/assurance (e.g., ISO 37002 gap assessment).
Scoring Guidelines
LevelRatingDescription
5 5/5 ≥95% channels tested; SLA adherence ≥95%; external benchmarking/assurance (e.g., ISO 37002 gap assessment); culture index tracked; zero unresolved retaliation; ERM linkage evidenced.
4 4/5 ≥80% channels tested; SLA adherence ≥80%; re-test evidence for failed controls (within 60 days); retaliation monitoring log active; independent committee review evidenced.
3 3/5 Annual test plan covers ≥50% channels; at least 2 scenario scripts used; basic documentation of results and action log; some follow‑up.
2 2/5 Ad‑hoc tests or <50% coverage; limited documentation; no formal SLA metrics.
1 1/5 No testing of whistleblower protections.

Related Criteria

JTW-JME-01 Independent Maẓālim panel active JTW-JME-02 Dispute resolution timeliness JTW-JME-03 Restorative-justice policy JTW-JME-05 Staff awareness of grievance mechanism JTW-JME-06 Code-compliant complaints policy; learning log published
Version
2.9.7 2025-11-05

Discussion (1)

Administrator 2026-03-07 11:07:54.632258

📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Updated islamic_references from mizan-297.json

Sign in to post a comment.

Back to Criteria