Whistleblower applications – ODO 24 reviews

Number 1 in our ranking – EY Virtual Compliance Officer is a modular application enabling broader compliance activities. Despite extensive features, it is a simple and intuitive tool. According to the authors, the form is based on forensic best practices. In the most comprehensive package, there is an intelligent internal regulations repository module, as well as expert support in implementing procedures tailored to the client, evaluating reports, recommending follow-up actions, and conducting explanatory proceedings.
Strengths:
- user-friendly mobile version
- different permission levels for handling reports
- anonymisation of whistleblower data during follow-up actions
- ability to add a violation reported outside the system (e.g. orally or in writing)
- intelligent internal regulations repository module
- extensive package of additional services
Weaknesses:
- we see no other weaknesses, except that accessing the full range of services requires purchasing the most expensive Premium package
Distinction:
- application with an extensive package of additional services for follow-up actions

EQS Integrity Line is an application from the German company EQS Group, which – as we learn from the provider – is already used by more than 2,000 companies in Europe. That seems recommendation enough. Polish implementation and adaptation to Polish whistleblower law is handled by Cogit. Due to its universality, the application suits international companies and capital groups. It is a simple and intuitive tool that provides appropriate security measures and includes interesting features such as anonymising report content and whistleblower voice recordings, voice transcription, and automatic translation of reports into different languages.
Strengths:
- More than 70 language versions
- mobile version
- anonymisation of whistleblower data during follow-up actions
- ability for the whistleblower to record a report (voice anonymisation)
- automatic translation of report content into different languages
- ability to add to the application a violation reported outside the system (e.g. by phone)
Weaknesses:
- application not fully translated into Polish
- the system encourages whistleblowers to reveal their identity, which in Polish conditions may discourage reporting
Distinction:
- simple application with the ability for whistleblowers to add voice information with anonymisation

This is a very simple and intuitive tool that ensures confidentiality for the reporter, enables confidential communication with the reporter, can be installed on the company's server, and supports multiple languages. In addition, Fraud Control has developed a report verification programme. FC uses, among other things, a voice analyser from the Israeli company Nemesysco (a so-called voice polygraph). Thanks to it, during an explanatory phone call FC consultants can determine whether a person is lying, which significantly speeds up and reduces the cost of explanatory proceedings. FC also uses digital forensics solutions.
Strengths:
- ability to submit reports via the TOR network
- report contexts aligned with forensic principles
- anonymisation of whistleblower data during follow-up actions
- report verification programme
- whistleblower voice analyser (voice polygraph)
- other digital forensics solutions
Weaknesses:
- poor graphic design
- not very readable statistics
Distinction:
- ability to report via the TOR network and support for follow-up actions

Whistboard's whistleblower panel contains all essential elements and gives the reporter a choice of reporting mode and category. The security level matches the mode chosen by the whistleblower: anonymity, confidentiality, or openness. The more expensive package allows personalisation of the application to the needs and specifics of a given organisation. It is a recommendable, intuitive application providing an appropriate level of security that can also serve as a universal compliance tool.
Strengths:
- 5 language versions
- highly extended whistleblower reporting form tailored to company preferences
- ability to attach audio files to a report
- ability to communicate anonymously with the whistleblower
- categorisation of breaches in the administrator panel
- report deletion including spam filtering
- ability to add and edit so-called streams by the administrator
- whistleblower anonymity option and provision of personal data
Weaknesses:
- editing streams is not very intuitive and requires using the manual
- no account lockout after a set number of failed attempts
Distinction:
- ability to create separate channels for whistleblowers within a company

The whiblo application is a simple, intuitive and universal breach reporting tool that can be used in any organisation. The whiblo system handles both open and anonymous reports. The whistleblower receives clear information about what will happen to the report and how to monitor it. The whistleblower panel contains short, readable instructions on navigating the application, including creating a report and monitoring its status. Easy report tracking and a clear layout with a vertical Gantt chart. The application does not record IP addresses and removes metadata from attachments.
Strengths:
- breach reporting form tailored to company preferences
- anonymous report without personal data fields
- processing in accordance with the client's privacy notice
- Two-factor authentication (SMS)
- different permission levels
- anonymisation of whistleblower data during follow-up actions
Weaknesses:
- the reporter must provide their own password to check report status
Distinction:
- simple, company-personalised breach reporting form and administrator panel

Sygnanet is an application from Specfile Project in Poznań. Data related to a report is encrypted on the user's device (computer, smartphone). Data is transmitted to the server already encrypted and made available to the recipient on their device in that form. No cryptographic operations occur on the server or in transmission channels. The encryption and decryption process is based on RSA-4096 and AES-256 algorithms used worldwide for information protection and regarded as cryptographic standards. Thus the software provider has no access to report contents. The extensive implementation platform deserves special attention.
Strengths:
- data encryption process
- personalised breach reporting form tailored to company preferences
- categorisation of breaches in the administrator panel
- three whistleblower reporting options
- ready-made response templates for reports
- different permission levels for handling reports
- anonymisation of whistleblower data during follow-up actions
- extensive implementation and training platform
Weaknesses:
- overly simple captcha for verification when reporting a breach
- basic graphics
Distinction:
- messages and attachments are encrypted locally on whistleblowers' devices; data is sent to the server already encrypted; extensive implementation and training platform

WeMoral offers an exceptionally simple, uncomplicated, intuitive and easy-to-use breach reporting tool. The company offers one-day service deployment. The report, preceded by basic information for the whistleblower, is anonymous by default, but there is an option to add a name field marked as personal data in the system. Two-way communication between the whistleblower and the administrator is encrypted. After logging in, the administrator panel requires an additional password to read report content.
Strengths:
- 25 language versions
- comprehensive reporting form
- different permission levels
- decryption of report content after entering a password
- anonymisation of whistleblower data during follow-up actions
- ability to visually configure the form
Weaknesses:
- lack of extensive support for follow-up actions
Distinction:
- simple and easy-to-use application after quick deployment

CS-Sygnalista is an application module of the larger CasuSoft programme for law firms and legal departments. Managed by a law firm, it can serve multiple companies for whistleblower breach reporting. This drove a very comprehensive reporting form with variants preferred by companies, requiring many separate reporting channels and many permissions – in application terms, creating objects and processes. After familiarisation with the instructions and specific vocabulary, using the application is not problematic.
Strengths:
- this application is a module of a larger system
- personalised widgets for reporting incidents
- configurable incident reporting form
- categorisation of breaches in the administrator panel
- anonymisation of whistleblower data during follow-up actions
Weaknesses:
- not very intuitive way of personalising the application, requiring instructions
- not very intuitive access to detailed statistics
Distinction:
- whistleblower application as a module of specialised software for law firms and legal departments

Linia Etyki is a graphically attractive, user-friendly whistleblower application with required functionality and an appropriate level of anonymity protection, while also allowing personal data to be provided. The application can link reports concerning the same matter and offers an initial filter for unfounded reports. In the extended package LE staff (including psychologists and lawyers) conduct dialogue with the whistleblower on behalf of the company, operate a dedicated hotline, perform initial report analysis, and provide impartial advice on individual cases.
Strengths:
- auxiliary questions for describing the breach by the whistleblower, classic in forensic practice
- anonymisation of whistleblower data during follow-up actions
- ability to enter an external report in the application (via hotline, e-mail)
- authentication of external report content by the whistleblower
- creating groups of report recipients
- possible report handling by LE, initial analysis, advice on follow-up actions
Weaknesses:
- no multi-factor authentication
Distinction:
- ability to conduct dialogue with the whistleblower on behalf of the company, operate a dedicated hotline, perform initial report analysis, and provide advice on follow-up actions

Gwizdek is a functional, simple-to-use application. Login to the administrator and whistleblower panels is via the product website www.gwizdek.legal. The system offers two reporting channels: a dedicated hotline and an online form. When designing the system, its authors emphasised broadly understood security, implementing anonymisation tools, multi-level user authentication, and other measures described in the full review.
Strengths:
- handling internal reporting channels for any number of entities depending on the subscription plan
- generating dedicated online forms and hotlines
- accessibility for people with special needs
- anonymisation of whistleblower voice recorded via the hotline
- multi-factor authentication
- Polish application name
Weaknesses:
- Polish language version only
- no mobile application version
Distinction:
- application simplicity and a dedicated company hotline with whistleblower voice anonymisation

How to implement whistleblower protection correctly and in compliance with the GDPR?
Processing the personal data of whistleblowers and persons whose report relates to them involves a high level of risk. That is why it is worth preparing for implementation of whistleblower protection in line with GDPR requirementswith due care for the personal data of persons submitting reports as well aspersons who are the subject of a report.
- Analysis of organisational needs
- Template document package
- Individual implementation consultations
- Data protection impact assessment (DPIA)
- Help with selecting a whistleblower application
- Training for the team handling reports
- Employee training (e-learning)