At NAVEX WhistleB, we prioritize data privacy and protecting our customers. Our data centers are located within the EU, using customer-controlled encryption to ensure sensitive data remains secure. The storage of customer data is also compliant with the General Data Protection Regulation (GDPR).
Protecting sensitive data is vital for our customers – and it’s at the heart of all NAVEX WhistleB functions. By default and design, security is embedded within the system, protecting organizations across Europe and the world and ensuring their confidential data remains confidential.
We use Microsoft Azure as our hosting and development platform service, which gives us the most comprehensive compliance offerings, certifications and 24/7/365 operation.
These platform services have data center security measures to protect against power failure, physical intrusion and network outages.
Microsoft Azure has a broad range of certifications and is committed to their annual renewal. Their certifications include:
You can access Microsoft Azure’s security management and compliance statements through the Microsoft Trust Center.
NAVEX WhistleB operates and complies with current data protection laws in 150 countries, including the EU Global Data Protection Regulation (GDPR) and the EU Whistleblower Protection Directive.
Data is stored in the EU with customer-controlled encryption, so NAVEX and its suppliers are unable to access sensitive customer data.
Microsoft Translator is included in the NAVEX WhistleB case management tool. Text submitted through the safe machine translation function is not stored or written to persistent storage; the functionality of Microsoft Translator is GDPR compliant.
Our Information Security Management System (ISMS) complies with ISO/IEC 27001:2017. It ensures information security and personal data management are considered throughout the service lifecycle.
The ISMS governs NAVEX WhistleB’s internal processes and our relationships with customers, partners and suppliers, helping us ensure customer data confidentiality, integrity and availability.
The NAVEX WhistleB whistleblowing system adheres to the EU Whistleblower Protection Directive (“Directive”) requirements and continuously monitors national legislation to maintain compliance. Using NAVEX WhistleB, your organization can meet the Directive’s minimum standards.
These standards, along with the ways our system supports you in meeting them, include:
NAVEX WhistleB’s end-to-end encrypted communication guarantees technical anonymity for whistleblowers and protects the identities of all involved.
Secure communications and clear next steps allow organizations to provide confirmation to whistleblowers within seven days of receiving the report – and understand what to do afterward.
The NAVEX WhistleB Case Management tool allows users to follow up on cases after receiving a report.
NAVEX WhistleB includes activity and user logs, ensuring secure record-keeping throughout case management and investigation.
Our Resource Center provides information on national legal requirements, guiding organizations in meeting reporting standards. You can also set automated case deadline reminders for case managers.
NAVEX WhistleB enables feedback to be provided to the reporter within three months of the acknowledgment of receipt.
Once confirmed by each region’s legislation, the NAVEX WhistleB Resource Centre offers up-to-date, clear information on external reporting procedures.
NAVEX WhistleB’s encrypted system, secure EU data storage and controlled access ensure compliance with the GDPR requirements for handling personal data.
Datasheet
Schrems II: Customer Assurance Guide
Datasheet
Microsoft AzureLearn more about NAVEX WhistleB.
