Either from the purchasing area, from IT or directly from compliance, many times, it is difficult to define the basic list of requirements that an ethical or complaints channel must meet that we want to incorporate into our organization. We have created a basic Checklist for the selection of software from an ethical / complaints channel that can help the team that must search for a product that is often unknown.
On many occasions, they are part of a complaint channel by email, and with the aim of complying with the regulations, a market product is sought. In this other post we already commented the different alternatives to implement a complaints channel .
Those responsible for purchasing, especially those of IT, must take into account many factors to be able to carry out a good process of buying new software. To help you, in the specific case of an ethical channel / complaints channel solution / software, we have prepared a checklist or key elements that should be considered when selecting a complaints channel.
A complaint channel / ethical channel / whistleblower channel is a solution that generally has a restricted use, but when managing information that can have a strong impact on the organization, it must be very robust at the level of security and confidentiality of the information.
- Configuration of a channel with the look of the company that transmits professionalism and brand image.
- System configuration without programming.
- Personalization of the categories.
- Communications management flows. Who can do what.
- Notices and notifications.
- Helps to meet defined deadlines.
- User management.
- Audit, traceability and evidence.
- Anonymous communication with whistleblower.
- Management of different reporting channel needs in a unified way.
- Normative settings privacy, confidentiality and data protection.
- Certificates / Time stamp.
- Access app. Assess whether it makes sense for the type of functionality.
- Smart anonymization of content.
- Translation of the contents of the communication.
- Possibility of integration with LDAP / Corporate Active Directory.
- Integration API.
- There are solutions in the cloud and others installed at the customer’s home.
- Due to the type of information and service provided, it is a software that can typically be contracted in service / saas mode.
- Assess whether it makes sense to use an open source system.
- Costs per employee.
- Management internal user costs.
- Costs for billing volume.
- Costs by number of subsidiaries.
- Costs by number of channels.
- Hidden costs, for example using an open source.
SECURITY OF THE INFORMATION
- Security measures in the design of the solution. Data encryption, access protection, secure channels, …
- Compliance with the data protection law.
- In the case of cloud / saas solutions, location of the service.
- Information security certifications, recommended, not essential.
- Language of the support and implementation team.
- Cyber attack prevention systems.
- Meets the requirements of the European Directive 2019/1937
- Comply with data protection law
- Supports anonymity for the management of complaints
- Support in the implementation or self-service.
- Is it required to outsource the complaints management function?
- Is it necessary to define a code of ethics?
- Do you want to implement a compliance plan?
In this last section, we want to emphasize that the technological platform of the operator / compliance consultant that could manage it should be differentiated, to guarantee independence and be able to change the technology or the operator, if at any time either of the two does not work as appropriate form. Lawyers / consultants are experts in handling complaints, technologists in providing adequate tools to solve a need.
Sure there are more criteria or evaluation elements, but we believe that these are the most important when deciding which solution to implement in our organization.
And always remember the criteria of a sufficient solution for the need we are covering. In general, it is not advisable to pay more, for something that is not needed.