Ethical Compliance & Whistleblowing Framework
This criterion assesses the robustness, operational effectiveness, and spiritual integrity of the organization's ethical compliance and whistleblowing framework. It evaluates the existence of a comprehensive policy suite (Code of Ethics, Speak-Up Policy, Investigation SOP, Retaliation Prevention Standard) that aligns with regulatory mandates (PIDA, FCA, SRA, Charity Commission) and Islamic principles of Justice (`Adl`), Trustworthiness (`Amanah`), and God-consciousness (`Taqwa`). The framework must ensure accessible, multi-channel reporting (including anonymous digital and non-digital routes) for all 'workers' and external stakeholders (suppliers, clients, patients). Crucially, it requires rigorous operational controls: defined Service Level Agreements (SLAs) for triage and investigation, strict independence and conflict-of-interest management, and a formal 'Anti-Retaliation Protocol' that actively monitors reporter welfare. The system must map internal concerns to external regulatory notifications (e.g., Serious Incident Reporting, SARs, ICO breaches) via a clear decision matrix. Islamic ethics are embedded not just in intent but in process—viewing reporting as `Nasiha` (sincere counsel) and `Shahada` (testimony) that must not be concealed (Q2:283), while ensuring investigations uphold `Adl` (due process) and avoid `Zulm` (injustice/harm). Effectiveness is measured through a composite scorecard of timeliness, substantiation, and reporter trust, ensuring the organization proactively blocks means to corruption (`Sadd al-Dharā'iʿ`).
| Metric | Whistleblowing Effectiveness Scorecard |
|---|---|
| Target | 100% SLA adherence; 0% Retaliation |
| Frequency | Quarterly |
| Method | Composite of: Ack Rate (≤2d), Triage Rate (≤5d), Cycle Time, Substantiation %, Retaliation %, Trust Score |
| Unit | Composite |
Level 1: Initial/Ad-hoc
Initial: Ad-hoc or non-existent framework. High risk of retaliation, regulatory non-compliance, and suppression of testimony (`Kitman al-Shahada`).
Level 2: Developing
Managed: Basic policy exists but lacks operational detail (no SOP/SLAs). Reporting channels are limited (e.g., only line manager). Confidentiality is promised but data controls are weak. No formal retaliation monitoring.
Level 3: Established
Defined: Formal policies and multiple channels exist. Basic regulatory compliance (PIDA, GDPR) is met. Investigations are documented, but SLAs or retaliation monitoring may lack consistency. Triage process is defined but manual.
Level 4: Advanced
Quantitatively Managed: Full policy suite and operational controls (SLAs, Triage, Retaliation checks) are in place and effective. Metrics are actively used to drive improvement. Regulatory notifications are robust. Independent investigation governance is evidenced.
Level 5: Optimizing
Optimizing: Framework is ISO 37002 aligned/certified with 'Optimizing' maturity. SLAs are consistently met (>95%). Anti-retaliation protocol is proactive with zero substantiated retaliation cases. Culture of `Nasiha` is evident; external audit confirms high trust and effectiveness.
Organisation Types
By Organisation Size
| Size | Applicability | Notes |
|---|---|---|
| Micro | exempt | Typically no formal staff to trigger PIDA; an enterprise-grade framework with dedicated portals and officers is highly disproportionate. |
| Small | partial | Requires a basic whistleblowing policy for any staff, but dedicated web portals, freephone lines, and separate ethics officers are disproportionate. |
| Medium | partial | Needs a formal policy, investigation SOP, and board reporting, but complex intake channels (freephone/portal) can be scaled down to direct reporting lines. |
| Large | full | |
| Major | full |
Applicable When
- All organizations with employees/workers.
- Higher scrutiny for regulated entities (FCA, SRA, CQC, Charity Commission).
Not Applicable When
- Micro-entities (<5 staff) may adapt by using a simplified external third-party channel and Board-level direct reporting, but core principles apply.
Related Criteria
Discussion (1)
📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Updated islamic_references from mizan-297.json
Sign in to post a comment.