Whistleblower application ranking

Edition II, 2023

How best to meet the requirements for whistleblower protection? This question has been asked by our customers for a long time. Therefore, in 2022 we have already tested the applications available on the Polish market and published the results in the form of a ranking.

Maciej Kaczmarski

Maciej Kaczmarski - CEO ODO 24

Whistleblower application ranking – assumptions

We are pleased to present the results of the TOP 10 ranking of whistleblower applications that support proper implementation of whistleblower protection. For the study we invited the authors of all applications available on 15 August 2023. Our ranking primarily promotes safe platforms for whistleblowers to report legal violations. It is a useful resource for exploring applications that we can recommend with full confidence.

As declared last year, we continue to develop our ranking. We are delighted that more companies have joined this year, as our ambition is for the ranking to cover the full market offering and become the most trusted source of information in this area.

Office with people standing in flames - drawing

TOP 10 whistleblower applications

The ranking order was determined based on points earned for required criteria. In case of a tie, the order was decided by the total points for useful criteria. Due to the large number of criteria, for greater clarity we divided the set of 100 criteria into additional subcategories. Specific colours were assigned to the points for each criterion, according to the following scale:

  • highest rating
  • high rating
  • average rating
  • criterion not met
Application
Ethicontrol logo
SygnaApp logo
EY Virtual Compliance Officer logo
Whistlelink logo
Hintbox logo
EQS Integrity Line logo
Whiblo logo
e-Sygnalista logo
Statlook logo
e-SDS logo
Base points

137

review

137

review

137

review

137

review

136

review

136

review

136

review

135

review

135

review

135

review
Free application trialFree trialFree trialFree trialFree trialFree trialFree trialFree trialFree trialFree trialFree trial
Availability of whistleblower applications
Ability to provide required information
Response deadline reminders
Ability to send feedback
Support for multiple entities
Attaching scans, transcripts, recordings
Report register
Deletion of data after the retention period
Fulfilment of individuals' rights under the GDPR
Data processing agreement between Client and Provider
Data are not transferred outside the EEA
Provider supports DPIA execution
Provider is responsible for staff and subcontractors
Provider is responsible for hacking attacks
Provider is responsible for failures of its infrastructure
All subcontractors explicitly listed
Possibility to object to a change of subcontractor
Subcontractors are verified by the Provider
Ensuring anonymity – optional
Handling of reports by authorised persons
No linking of IP address to report content
Application security
Encryption / secure communication channel
Access control
Event logging
Intuitive interface, self-configuration

2 points

3 points

3 points

3 points

2 points

1 points

3 points

2 points

2 points

2 points

Additional features supporting follow-up actions

3 points

2 points

5 points

5 points

2 points

3 points

1 points

1 points

1 points

1 points

As you can see in the table above, the TOP 10 of the ranking included applications that meet the vast majority of required criteria, to the highest or high degree. The last two criteria were subject to an individual and therefore by nature subjective assessment by ODO 24 experts. This assessment is however based on a reliable review of all applications. For distinction we present it in traditional scoring form.

Application
Ethicontrol logo
SygnaApp logo
EY Virtual Compliance Officer logo
Whistlelink logo
Hintbox logo
EQS Integrity Line logo
Whiblo logo
e-Sygnalista logo
Statlook logo
e-SDS logo
Optional features

91

86

85

80

92

85

83

69

59

36

Reports via form and helpline
Provider liability insurance
Provider liability cap
Compliance with KNF guidelines
Document copy anonymization
Security management
ISO 27000 certificate
Advanced encryption
Advanced access control
Extended interface
No integration with HR systems
Accessibility for people with disabilities
Management of breach reports
Mobile application

Below is a list of companies that were invited to this year's edition of the whistleblower application ranking. More companies have registered and agreed to have their application assessed. We note that not all of the platforms listed below participated in the ranking. The list includes: Alertador, Amodit, Animativ, Anonimowy Sygnalista, CS-Sygnalista, Demaskator,* E-nform, EQS Integrity Line, e-SDS, e-Sygnalista, Ethicontrol, EY VCO, Genprox, GoWhistle, Gwizdek, HeroApp, Hintbox, Just Report, Linia Etyki, LogPlus, Notibox, Oxari, Panel Sygnalisty, Qualitime, Signalink, Sygnalista SygnaliściApp, Sygnalista.com, Sygnalisci.org, Sygnalista.net, Sygnalo, Syon, Sygnanet, WeMoral, Whiblo, Whistboard, Whistleblower Software, Whistlee, Whistlelink, Whistlesystem. We invite more companies!

* did not participate in the ranking

Who created the ranking – meet the team of experts

Paweł Radecki

Paweł Radecki

Compliance expert

Leszek Kępa

Leszek Kępa

IT security expert

Katarzyna Szczypińska

Katarzyna
Szczypińska

Data protection expert

Waldemar Oleksiak

Waldemar Oleksiak

Market analyst

What parameters have we considered?

We have developed a set of 9 categories and 100 specific criteria based ona zero-one method, which made it possible to conduct a rigorous study. We divided these criteria into required (key) and useful (facilitations), and we assigned points according to weight from 1 to 3 points. Only two criteria (simplicity and intuitiveness of the interface and additional features supporting follow-up actions) were subject to individual assessment by ODO 24 experts, based on research conducted in stage I. For the remaining criteria, we relied on the explicit statements of the application authors.

Ranking position was determined by the total points for required criteria, and in case of a tie – by the total points for useful criteria. The maximum possible points were 140 and 96 respectively.

9 categories and 100 criteria

  • Compliance with the draft law on protection of persons reporting violations of law of March 27, 2023 (14 criteria).
  • Compliance with GDPR (9 criteria).
  • Protection of the identity of the whistleblower and third parties mentioned in the report (4 criteria).
  • Data security (29 criteria)
  • Ease of use (5 criteria).
  • Functionality (27 criteria)
  • Accountability (5 criteria)
  • Subcontractors (4 criteria).
  • Additional functions (3 criteria).

See more

How did we conduct the study?

Whistleblower applications were reviewed by our experts in the field of personal data protection law, whistleblower protection and IT security in two stages. In the first stage, the review consisted of testing and analysing individual applications, both from the whistleblower reporting a breach and from administrators (coordinators, case managers, compliance officers, etc.) managing reports and the application itself. We were also interested in how follow-up actions after receiving a report are organised.

In the second stage, we asked application authors to complete a confidential detailed form containing 100 criteria subject to evaluation.

Please note that our whistleblower application ranking serves only as an auxiliary function when choosing an application, especially as point differences within the TOP 10 are minor. ODO 24 does not accept liability for business decisions made solely on the basis of an analysis of the results of our ranking.

Before you deploy a whistleblower application, update your security procedures. The law requires it.

See the offer

Katarzyna Szczypińska
Man in a tie steering currencies – illustration

How to choose a whistleblower application on your own?

  • Step 1. Review the TOP 10 application ranking in table form. Select two or three applications.
  • Step 2. Read the descriptions of applications selected by you that we published below.
  • Step 3. Based on the ranking and descriptions, select with a wider team.
  • Step 4. Choose the application that you think performed best during testing.
  • To fully realise the potential of a whistleblower application, ensure proper implementation of a whistleblower protection system.

Whistleblower applications – ODO 24 reviews

Ethicontrol

As the application authors explain, Ethicontrol is a platform created by professionals who were dissatisfied with standard solutions and approaches to whistleblowers. The application allows not only receiving reports but also providing feedback, initiating and documenting explanatory proceedings, assigning responsible persons, escalating cases, generating reports, and analysing the effectiveness of the hotline and response team. The platform can simultaneously work with multiple portals or several business processes within a single client's operations.

Strengths:

  • three options for reporting violations (anonymous, confidential, open)
  • over 70 language versions
  • multi-channel violation reporting system
  • compliance with ISO standards, information security certificates
  • extensive application configuration options

Weaknesses:

  • language inaccuracies resulting from automatic translation

Distinction:

  • highly detailed whistleblower form
Odo24

How to implement whistleblower protection correctly and in compliance with the GDPR?

Processing the personal data of whistleblowers and persons whose report relates to them involves a high level of risk. That is why it is worth preparing for implementation of whistleblower protection in line with GDPR requirements with due care for the personal data of persons submitting reports as well as persons who are the subject of a report.

  • Analysis of organisational needs
  • Template document package
  • Individual implementation consultations
  • Data protection impact assessment (DPIA)
  • Help with selecting a whistleblower application
  • Training for the team handling reports
  • Employee training (e-learning)
SygnaApp

SygnaApp is a fully compliant, secure and intuitive tool for receiving and handling whistleblower reports, also supporting explanatory proceedings. Thanks to extensive configuration options, it allows quick adaptation to the needs of any organisation. The application is designed for both internal and external reports. SygnaApp is used by companies of various sizes and public entities. The system supports capital groups and enables external entities to conduct explanatory proceedings.

Strengths:

  • comprehensive violation reporting form
  • personalised, user-friendly and clear administrator panel
  • the system suggests next steps when handling a report
  • automatic generation of message templates
  • ability to add reports from other channels as well

Weaknesses:

  • two language versions of the application (more options available on client request)

Distinction:

  • easy configuration of the report form according to company needs
EY Virtual Compliance Officer

EY Virtual Compliance Officer is a modular application enabling broader compliance activities. Despite extensive features, it is a simple and intuitive tool. According to the authors, the form is based on forensic best practices. In the most comprehensive package, there is an intelligent internal regulations repository module, as well as expert support in implementing procedures tailored to the client, evaluating reports, recommending follow-up actions, and conducting explanatory proceedings.

Strengths:

  • user-friendly mobile version
  • different permission levels for handling reports
  • anonymisation of whistleblower data during follow-up actions
  • ability to add a violation reported outside the system (e.g. orally or in writing)
  • intelligent internal regulations repository module

Weaknesses:

  • access to the full range of services requires purchasing the most expensive Premium package

Distinction:

  • extensive package of additional services for follow-up actions
Hintbox

Hintbox is an intuitive system for whistleblowers that can be configured to your needs in less than 5 minutes. The system has ISO 27001 security certification and is GDPR compliant. Hintbox has gained the trust of many clients in Poland and Europe, is available in over 30 language versions, and can handle many types of reports. Thanks to end-to-end encryption, all data is stored securely. Even when submitting an anonymous report, the whistleblower remains in secure and confidential contact with the person managing reports.

Strengths:

  • easy and fast system configuration
  • ISO information security certificate
  • over 30 language versions
  • compatibility with various devices (smartphone, tablet, computer)
  • easy configuration of the application to company needs

Weaknesses:

  • application personalisation slows down page loading

Distinction:

  • multi-channel violation reporting system
EQS Integrity Line

EQS Integrity Line is an advanced application created to provide a secure and confidential platform for reporting incidents, complaints, abuses and other actions inconsistent with organisational ethics and principles. EQS Integrity Line has been on the European market for over 20 years. More than 2,500 companies use it, including the European Commission itself. The application enables reporting via various channels such as mobile app, website, e-mail and phone, giving employees and other stakeholders access anytime, anywhere.

Strengths:

  • over 70 language versions
  • mobile version
  • anonymisation of whistleblower data during follow-up actions
  • ability for the whistleblower to record a report (voice anonymisation)
  • automatic translation of report content into different languages
  • ability to add to the application a violation reported outside the system (e.g. by phone)

Weaknesses:

  • the system encourages whistleblowers to reveal their identity, which in Polish conditions may discourage reporting

Distinction:

  • ability for whistleblowers to add voice information with anonymisation
Whiblo

Whiblo is a service that enables confidential written reporting of suspected illegal or unethical activities in an organisation. It allows an anonymous, encrypted dialogue between the whistleblower and the organisation after a report is submitted. The solution also supports report management through assignment to coordinators, status tracking, document storage, a report register and report generation. The application is compliant with regulations and ensures data security. It is a user-friendly system for any organisation.

Strengths:

  • ability to configure the violation reporting form
  • ISO information security certificate
  • two-factor authentication (SMS)
  • anonymisation of whistleblower data while handling a violation report
  • application customisation to company needs

Weaknesses:

  • the reporter must provide their own password to check report status

Distinction:

  • simple, clear breach reporting form and administrator panel
e-Sygnalista

The e-sygnalista.com platform is a Polish application also used in the USA, the UK and other European countries. Organisations can currently use it free of charge (the purchased annual licence period is counted from the entry into force of the act). The application was built on the experience of a team specialising in abuse risk analysis, investigative audit, anonymous reporting, and comprehensive explanatory proceedings. It works in a modern, anonymity-preserving way in the user's browser.

Strengths:

  • no limit on reports or people handling them
  • data anonymisation while handling a report
  • ability to expand the catalogue of optional reports, e.g. bullying
  • ability to add reports from channels other than the application
  • ability to enable an additional feature – submitting ideas for improving internal processes

Weaknesses:

  • option to remember password in the platform login panel

Distinction:

  • simple, intuitive application
Statlook

Statlook is a simple, intuitive and secure tool for reporting and handling irregularities in an organisation. It allows employees to confidentially or anonymously report workplace abuses. The system enables secure two-way communication between the whistleblower (including anonymous) and the person handling the report. The application can be an integral module of Statlook software, a standalone tool alongside that system, or completely independent. Statlook is software, not a SaaS service, ensuring compliance with Polish and European law.

Strengths:

  • compliance with ISO 37002 on whistleblower report management
  • multilingual interface
  • form adapted for mobile devices
  • ability to submit reports via the TOR network
  • application customisation to company needs

Weaknesses:

  • graphics may be overly minimalist

Distinction:

  • simple, clear and efficiently operating application
e-SDS

e-SDS is an advanced tool for secure breach reporting, designed by Codefellow sp. z o.o. in close cooperation with Data Protection Advisory Group sp. z o.o. By combining modern technology with deep personal data protection expertise, the application ensures maximum information security. The platform operates on a SaaS model but also offers on-premises installation. Implemented security mechanisms meet the highest industry standards, guaranteeing reliability and protection of transmitted data.

Strengths:

  • data anonymisation, deletion and modification of user data
  • encryption of attachments to reports
  • compatibility with various devices (computer, tablet, smartphone)
  • alerts about new reports and important changes in real time
  • automation of report management

Weaknesses:

  • the breach reporting form could offer more options

Distinction:

  • simple, clear application enabling easy customisation to company needs

What are the requirements for a whistleblower application?

Illustration – whistleblower applications
  • The web application should provide an adequate level of protection for whistleblowers reporting legal violations, enable internal reporting channels through dedicated online forms and a helpline.
  • The application should above all protect the whistleblower's identity through a confidential and secure reporting process.
  • The platform should also allow the whistleblower access to complex reports and communication with the persons or entity handling reports.

How can we assist you today?

Please contact us and we will find a solution.
Form decoration

Use the form

The data controller will be ODO 24 sp. z o.o. with its registered office in Warsaw at ul. Kamionkowska 45. Your data will be processed for the purpose of preparing, sending and archiving the cooperation offer. More information can be found in the Privacy Policy

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.