Skip to Content
M9-Pro-03 Justice, Trade & Work Fiduciary & Professional Services CORE Excellence v2.9.7

Ethical Compliance & Whistleblowing Framework

This criterion assesses the robustness, operational effectiveness, and spiritual integrity of the organization's ethical compliance and whistleblowing framework. It evaluates the existence of a comprehensive policy suite (Code of Ethics, Speak-Up Policy, Investigation SOP, Retaliation Prevention Standard) that aligns with regulatory mandates (PIDA, FCA, SRA, Charity Commission) and Islamic principles of Justice (`Adl`), Trustworthiness (`Amanah`), and God-consciousness (`Taqwa`). The framework must ensure accessible, multi-channel reporting (including anonymous digital and non-digital routes) for all 'workers' and external stakeholders (suppliers, clients, patients). Crucially, it requires rigorous operational controls: defined Service Level Agreements (SLAs) for triage and investigation, strict independence and conflict-of-interest management, and a formal 'Anti-Retaliation Protocol' that actively monitors reporter welfare. The system must map internal concerns to external regulatory notifications (e.g., Serious Incident Reporting, SARs, ICO breaches) via a clear decision matrix. Islamic ethics are embedded not just in intent but in process—viewing reporting as `Nasiha` (sincere counsel) and `Shahada` (testimony) that must not be concealed (Q2:283), while ensuring investigations uphold `Adl` (due process) and avoid `Zulm` (injustice/harm). Effectiveness is measured through a composite scorecard of timeliness, substantiation, and reporter trust, ensuring the organization proactively blocks means to corruption (`Sadd al-Dharā'iʿ`).

Compliance 1
  • GDPR Controls: DPIA, Privacy Notice, Retention Schedule, DSAR handling, Encryption.
    Data Governance Essential
Good 8
  • Comprehensive Policy Suite (Code, Speak-Up Policy, SOP, Retaliation Standard) aligned with PIDA.
    Documentation Essential
  • Multi-channel intake (Web, Phone, Post, Officer) with accessibility features and external access.
    Process Essential
  • Formal Triage Taxonomy (S1-S4) with mandatory routing logic (AML, Safeguarding, etc.).
    Process Essential
  • Investigation Governance: Separation of duties, conflict checks, external panel for senior cases.
    Governance Essential
  • Defined SLAs: Ack ≤2 days, Triage ≤5 days, Plan ≤10 days, Completion targets.
    Performance Essential
  • Anti-Retaliation Protocol: Risk assessment, interim measures, HR flags, 3/6/12-month welfare checks.
    Protection Essential
  • Regulatory Notification Matrix (SIR, ICO, HSE, FCA) with decision logging.
    Compliance Essential
  • Quarterly Board/Audit Committee reporting with deep-dive analysis.
    Governance Essential
Better 3
  • Islamic Ethics Oversight (Shariah Adviser/Officer) for policy input.
    Leadership High
  • Mystery Shopper testing of reporting channels.
    Monitoring Medium
  • Independent psychological support for whistleblowers.
    Support High
Best 1
  • Biennial external assessment against ISO 37002.
    Assurance High

Related Criteria

M9-FPS-01 Client Fund Segregation & Protection M9-FPS-09 Fee Transparency & Ethical Justification M9-Pro-02 Adequate Professional Indemnity Insurance Coverage M9-Pro-04 Conflict Disclosure Policy & Practices M9-Pro-05 Robust Client Data Security & Confidentiality
Version
2.9.7 2025-11-05

Discussion (1)

Administrator 2026-03-07 11:08:17.654303

📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Updated islamic_references from mizan-297.json

Sign in to post a comment.

Back to Criteria