Whistleblower application ranking

Edition I, 2022

What is the best way to meet the requirements for whistleblower protection? This is a frequently asked question by our customers. We have therefore thoroughly tested the applications available on the Polish market.

Maciej Kaczmarski

Maciej Kaczmarski - CEO ODO 24

Assumptions for the whistleblower application ranking

We are pleased to present the results of the first edition of the application ranking for whistleblowers. For the study we invited the authors of all applications available on the Polish market as of 5 April 2022. The ranking is primarily intended to promote safe platforms for whistleblowers to report violations of the law. We have created a tool to explore applications that we can recommend with full confidence.

We intend to continue developing our ranking, taking into account an ever-growing number of criteria and applications. We want the application market for whistleblowers in Poland to develop dynamically, and for there to be an ever-growing range of high-quality, secure solutions.

Illustration – aeroplanes

TOP 10 whistleblower applications

We applied a simplified scoring scale within individual criteria:

  • criterion met
  • criterion not met or unavailable
Application
Ey logo
EQS logo
Sygnalisci logo
Whistboard logo
Whiblo logo
Sygnanet logo
Wemoral logo
CS Sygnalista logo
Liniaetyki logo
Gwizdek logo
Points

94

review

94

review

93

review

93

review

92

review

92

review

91

review

90

review

89

review

89

review
Free trialFree trialFree trialFree trialFree trialFree trialFree trialFree trialFree trialFree trialFree trial
Compliance with the EU Whistleblower Directive
Maintaining whistleblower confidentiality
Optional anonymity
Multi-factor authentication
Report encryption
Individual access codes for reports
Data stored in the EU
Protection against malicious software
Mobile version
Reports via the TOR network
Ease of use
Register of reports and documents
ISO 27001 certificate
Multilingual interface
Easy application configuration
Implementation support
Model SaaS
Client-server deployment (optional)

*Optional criterion – some applications offer the possibility to deploy both in both the SaaS and on-premise (client-server) models. Client-server deployment is preferred by organisations that want to store data only on their own servers.

For the 1st edition we also invited the authors of the following applications: 4Integrity, Animativ, CS-Sygnalista, Demaskator, E-nform, Gwizdek, HeroApp, Linia Etyki, LogPlus, Panel Sygnalisty, Signalink, Sygnalista, Sygnalista 24, SygnalistaOnline.eu, SygnalistaOnline.pl, Sygnalista.com, Sygnalista.net, Sygnaliści, SygnaliściApp,Sygnalo, Syon, WeMoral, Whistboard, Whistlee. We invite more companies!

For the next edition we will also invite: Alertador, Amodit, Notibox, Oxari, Qualitime, Sygnalia, Sygnalista+, WeMoral, Whistleblower Software and other new applications that appear on the market. We invite more companies!

What parameters have we considered?

For the first edition of the ranking, we developed a set of 10 categories and 18 criteria, based on the zero-one method, which made it possible to conduct a rigorous study. The criteria were divided into required (key) and useful (facilitating) criteria.

10 categories, 18 criteria

  • Compliance with the rules (3 criteria).
  • Method of reporting (4 criteria).
  • Protection of identity (10 criteria).
  • Security (criteria 13)
  • Simplicity (seven criteria).
  • Technology (eight criteria)
  • Available features (17 criteria).
  • The reporting procedure (8 criteria).
  • Universality (four criteria)
  • Implementation procedure (5 criteria)

How did we conduct the study?

Whistleblower applications were reviewed by our experts in the field of personal data protection law and IT security. The study consisted of testing and analysing individual applications, both from the perspective of the whistleblower reporting a breach and from administrators managing reports. We asked application authors to complete a confidential detailed form and to submit relevant documents confirming compliance with the selected criteria. Please note that our whistleblower application ranking serves only as an auxiliary aid when choosing an application, especially as the point differences within the TOP 10 are minor. ODO 24 does not accept liability for business decisions made solely on the basis of an analysis of the results of our ranking.

Man in a tie steering currencies – illustration

How to choose a whistleblower application on your own?

  • Review the TOP 10 application ranking in table form. Select two or three applications.
  • Read the descriptions of the applications you selected that we published below.
  • Based on the ranking and descriptions, select applications to test with a wider team.
  • Choose the application that you think performed best during testing.
  • To fully realise the potential of a whistleblower application, ensure proper implementation of a whistleblower protection system.

Whistleblower applications – ODO 24 reviews

EY

Number 1 in our ranking – EY Virtual Compliance Officer is a modular application enabling broader compliance activities. Despite extensive features, it is a simple and intuitive tool. According to the authors, the form is based on forensic best practices. In the most comprehensive package, there is an intelligent internal regulations repository module, as well as expert support in implementing procedures tailored to the client, evaluating reports, recommending follow-up actions, and conducting explanatory proceedings.

Strengths:

  • user-friendly mobile version
  • different permission levels for handling reports
  • anonymisation of whistleblower data during follow-up actions
  • ability to add a violation reported outside the system (e.g. orally or in writing)
  • intelligent internal regulations repository module
  • extensive package of additional services

Weaknesses:

  • we see no other weaknesses, except that accessing the full range of services requires purchasing the most expensive Premium package

Distinction:

  • application with an extensive package of additional services for follow-up actions
EQS Integrity Line

EQS Integrity Line is an application from the German company EQS Group, which – as we learn from the provider – is already used by more than 2,000 companies in Europe. That seems recommendation enough. Polish implementation and adaptation to Polish whistleblower law is handled by Cogit. Due to its universality, the application suits international companies and capital groups. It is a simple and intuitive tool that provides appropriate security measures and includes interesting features such as anonymising report content and whistleblower voice recordings, voice transcription, and automatic translation of reports into different languages.

Strengths:

  • More than 70 language versions
  • mobile version
  • anonymisation of whistleblower data during follow-up actions
  • ability for the whistleblower to record a report (voice anonymisation)
  • automatic translation of report content into different languages
  • ability to add to the application a violation reported outside the system (e.g. by phone)

Weaknesses:

  • application not fully translated into Polish
  • the system encourages whistleblowers to reveal their identity, which in Polish conditions may discourage reporting

Distinction:

  • simple application with the ability for whistleblowers to add voice information with anonymisation
Sygnalisci

This is a very simple and intuitive tool that ensures confidentiality for the reporter, enables confidential communication with the reporter, can be installed on the company's server, and supports multiple languages. In addition, Fraud Control has developed a report verification programme. FC uses, among other things, a voice analyser from the Israeli company Nemesysco (a so-called voice polygraph). Thanks to it, during an explanatory phone call FC consultants can determine whether a person is lying, which significantly speeds up and reduces the cost of explanatory proceedings. FC also uses digital forensics solutions.

Strengths:

  • ability to submit reports via the TOR network
  • report contexts aligned with forensic principles
  • anonymisation of whistleblower data during follow-up actions
  • report verification programme
  • whistleblower voice analyser (voice polygraph)
  • other digital forensics solutions

Weaknesses:

  • poor graphic design
  • not very readable statistics

Distinction:

  • ability to report via the TOR network and support for follow-up actions
Whistboard

Whistboard's whistleblower panel contains all essential elements and gives the reporter a choice of reporting mode and category. The security level matches the mode chosen by the whistleblower: anonymity, confidentiality, or openness. The more expensive package allows personalisation of the application to the needs and specifics of a given organisation. It is a recommendable, intuitive application providing an appropriate level of security that can also serve as a universal compliance tool.

Strengths:

  • 5 language versions
  • highly extended whistleblower reporting form tailored to company preferences
  • ability to attach audio files to a report
  • ability to communicate anonymously with the whistleblower
  • categorisation of breaches in the administrator panel
  • report deletion including spam filtering
  • ability to add and edit so-called streams by the administrator
  • whistleblower anonymity option and provision of personal data

Weaknesses:

  • editing streams is not very intuitive and requires using the manual
  • no account lockout after a set number of failed attempts

Distinction:

  • ability to create separate channels for whistleblowers within a company
Whiblo

The whiblo application is a simple, intuitive and universal breach reporting tool that can be used in any organisation. The whiblo system handles both open and anonymous reports. The whistleblower receives clear information about what will happen to the report and how to monitor it. The whistleblower panel contains short, readable instructions on navigating the application, including creating a report and monitoring its status. Easy report tracking and a clear layout with a vertical Gantt chart. The application does not record IP addresses and removes metadata from attachments.

Strengths:

  • breach reporting form tailored to company preferences
  • anonymous report without personal data fields
  • processing in accordance with the client's privacy notice
  • Two-factor authentication (SMS)
  • different permission levels
  • anonymisation of whistleblower data during follow-up actions

Weaknesses:

  • the reporter must provide their own password to check report status

Distinction:

  • simple, company-personalised breach reporting form and administrator panel
Sygnanet

Sygnanet is an application from Specfile Project in Poznań. Data related to a report is encrypted on the user's device (computer, smartphone). Data is transmitted to the server already encrypted and made available to the recipient on their device in that form. No cryptographic operations occur on the server or in transmission channels. The encryption and decryption process is based on RSA-4096 and AES-256 algorithms used worldwide for information protection and regarded as cryptographic standards. Thus the software provider has no access to report contents. The extensive implementation platform deserves special attention.

Strengths:

  • data encryption process
  • personalised breach reporting form tailored to company preferences
  • categorisation of breaches in the administrator panel
  • three whistleblower reporting options
  • ready-made response templates for reports
  • different permission levels for handling reports
  • anonymisation of whistleblower data during follow-up actions
  • extensive implementation and training platform

Weaknesses:

  • overly simple captcha for verification when reporting a breach
  • basic graphics

Distinction:

  • messages and attachments are encrypted locally on whistleblowers' devices; data is sent to the server already encrypted; extensive implementation and training platform
Wemoral

WeMoral offers an exceptionally simple, uncomplicated, intuitive and easy-to-use breach reporting tool. The company offers one-day service deployment. The report, preceded by basic information for the whistleblower, is anonymous by default, but there is an option to add a name field marked as personal data in the system. Two-way communication between the whistleblower and the administrator is encrypted. After logging in, the administrator panel requires an additional password to read report content.

Strengths:

  • 25 language versions
  • comprehensive reporting form
  • different permission levels
  • decryption of report content after entering a password
  • anonymisation of whistleblower data during follow-up actions
  • ability to visually configure the form

Weaknesses:

  • lack of extensive support for follow-up actions

Distinction:

  • simple and easy-to-use application after quick deployment
CS-Sygnalista

CS-Sygnalista is an application module of the larger CasuSoft programme for law firms and legal departments. Managed by a law firm, it can serve multiple companies for whistleblower breach reporting. This drove a very comprehensive reporting form with variants preferred by companies, requiring many separate reporting channels and many permissions – in application terms, creating objects and processes. After familiarisation with the instructions and specific vocabulary, using the application is not problematic.

Strengths:

  • this application is a module of a larger system
  • personalised widgets for reporting incidents
  • configurable incident reporting form
  • categorisation of breaches in the administrator panel
  • anonymisation of whistleblower data during follow-up actions

Weaknesses:

  • not very intuitive way of personalising the application, requiring instructions
  • not very intuitive access to detailed statistics

Distinction:

  • whistleblower application as a module of specialised software for law firms and legal departments
Linia Etyki

Linia Etyki is a graphically attractive, user-friendly whistleblower application with required functionality and an appropriate level of anonymity protection, while also allowing personal data to be provided. The application can link reports concerning the same matter and offers an initial filter for unfounded reports. In the extended package LE staff (including psychologists and lawyers) conduct dialogue with the whistleblower on behalf of the company, operate a dedicated hotline, perform initial report analysis, and provide impartial advice on individual cases.

Strengths:

  • auxiliary questions for describing the breach by the whistleblower, classic in forensic practice
  • anonymisation of whistleblower data during follow-up actions
  • ability to enter an external report in the application (via hotline, e-mail)
  • authentication of external report content by the whistleblower
  • creating groups of report recipients
  • possible report handling by LE, initial analysis, advice on follow-up actions

Weaknesses:

  • no multi-factor authentication

Distinction:

  • ability to conduct dialogue with the whistleblower on behalf of the company, operate a dedicated hotline, perform initial report analysis, and provide advice on follow-up actions
Gwizdek

Gwizdek is a functional, simple-to-use application. Login to the administrator and whistleblower panels is via the product website www.gwizdek.legal. The system offers two reporting channels: a dedicated hotline and an online form. When designing the system, its authors emphasised broadly understood security, implementing anonymisation tools, multi-level user authentication, and other measures described in the full review.

Strengths:

  • handling internal reporting channels for any number of entities depending on the subscription plan
  • generating dedicated online forms and hotlines
  • accessibility for people with special needs
  • anonymisation of whistleblower voice recorded via the hotline
  • multi-factor authentication
  • Polish application name

Weaknesses:

  • Polish language version only
  • no mobile application version

Distinction:

  • application simplicity and a dedicated company hotline with whistleblower voice anonymisation
Odo24

How to implement whistleblower protection correctly and in compliance with the GDPR?

Processing the personal data of whistleblowers and persons whose report relates to them involves a high level of risk. That is why it is worth preparing for implementation of whistleblower protection in line with GDPR requirementswith due care for the personal data of persons submitting reports as well aspersons who are the subject of a report.

  • Analysis of organisational needs
  • Template document package
  • Individual implementation consultations
  • Data protection impact assessment (DPIA)
  • Help with selecting a whistleblower application
  • Training for the team handling reports
  • Employee training (e-learning)

What are whistleblower applications for?

The European Parliament and Council Directive (EU) on the protection of persons reporting breaches of Union law (the Whistleblower Directive) imposes on entities from the private sector and public liabilitythe ownership of channels and the internal reporting procedure.

The obligation applies to, among others:

  • private entities employing more than 50 employees
  • private entities in the financial sector (regardless of the number of employees)
  • central government administration bodies
  • local government authorities with more than 10,000 inhabitants
  • State Treasury companies

What are the requirements for a whistleblower application?

Illustration – whistleblower applications
  • The web application should provide an adequate level of protection for whistleblowers reporting legal violations, enable internal reporting channels through dedicated online forms and a helpline.
  • The application should above all protect the whistleblower's identity through a confidential and secure reporting process.
  • The platform should also allow the whistleblower access to complex reports and communication with the persons or entity handling reports.

How can we assist you today?

Please contact us and we will find a solution.
Form decoration

Use the form

The data controller will be ODO 24 sp. z o.o. with its registered office in Warsaw at ul. Kamionkowska 45. Your data will be processed for the purpose of preparing, sending and archiving the cooperation offer. More information can be found in the Privacy Policy

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.