CMS delivers confidential and secure third-party hotline services that help organizations achieve compliance under ISO, SOC 2, and other data security and systems standards.
Secure, Anonymous Third Party Whistleblower Hotlines for Companies Seeking ISO and SOC 2 Compliance
Data security is essential to all organizations. ISO and SOC 2 are common compliance standards that service providers and technology companies must meet to be considered for valuable outsourcing contracts and vendor agreements.
Improve Your Ethics & Security Standards
A third-party whistleblower hotline is critical to modern security standards because it provides organizations with a means to collect information outside regular communication channels. Without a secure, 24-hour hotline, fraud, ethics violations, and other incidents may go unreported.
Achieving compliance with SOC 2 and ISO requires your organization to have established ethics, fraud, and whistleblower policies. To enforce and support these policies, software and accompanying processes are needed to help maintain compliance.
One such system is an anonymous reporting tool that enables stakeholders to report incidents safely and securely.
Facilitate Anonymous Reporting
Established communication channels are often ineffective in instances of illegal or improper conduct. Employees may feel uncomfortable lodging internal complaints even when there are policies in place to protect them.
Instead of allowing potentially damaging situations to go undisclosed, our fraud and ethics hotline encourages individuals to report information confidentially and without the threat of retaliation.
Features and Benefits
- Anonymous Third Party Reporting. Collect incident reports anonymously via a hotline or web-based application.
- Whistleblower Compliance Hotline. Meet whistleblower compliance standards with a secure, 24/7 reporting system.
- Enforce Proper Protocol. Enforce your fraud and ethics policies with custom scripting, notifications, reporting, and security standards.
- Two-Way Communication. Our online case management tool facilitates two-way communication between your organization and individuals making reports.
- Around-the-Clock Reporting. Gather reports 24/7 with around-the-clock whistleblower hotline availability.
SOC 2 Whistleblower Policy Requirements
SOC 2 requirements dictate that compliant organizations must maintain a whistleblower policy that provides “separate communication lines.” Specifically, “separate communication channels, such as whistleblower hotlines, are in place and serve as fail-safe mechanisms to enable anonymous or confidential communication when normal channels are inoperative or effective.”
Developed by the American Institute of CPAs (AICPA), SOC 2 is an auditing procedure that ensures service providers securely manage data. SOC 2 is specifically designed for service providers storing customer data in the cloud. That means SOC 2 applies to nearly every SaaS company and any company that uses the cloud to keep its customers’ information.
ISO Compliant Whistleblower Management Systems
The International Organization for Standardization (ISO) has several international standards governing anti-bribery, quality management, and whistleblower management systems. ISO 37002, the newest standard coming in 2021, is the guideline for whistleblowing management systems. ISO 37002 will provide “guidelines for implementing, managing, evaluating, maintaining and improving a robust and effective management system within an organization for whistleblowing.”
Other ISO standards with anonymous reporting and whistleblower provisions include ISO 37001 (anti-bribery management systems) and ISO 9001 (quality management systems).
A 24-Hour, Third-Party Whistleblower Hotline That Ensures Compliance
CMS helps companies meet and exceed the whistleblower compliance provisions of SOC 2 and ISO by providing 24-hour anonymous hotline services and web-based incident reporting solutions. These systems give organizations a secure, third-party system for fielding and processing whistleblower complaints and other incident reports.
Our third-party compliance hotline helps organizations meet all the reporting and data security requirements of their whistleblower policies. With CMS, you can create a protective environment where people can confidently report concerns to help your organization prevent and deal with wrongdoing.
- 24/7/365 hotline services
- Anonymous third-party reporting
- Live operator, automated, and web-based reporting channels
- Over 50 years of experience
- Data privacy and security
- Online, two-party case communication
- International Capabilities
- Custom notifications and reporting
Frequently Asked Questions
Is our hotline number unique to our organization?
Yes. Each hotline managed by CMS is distinct to your organization. We will help you establish a dedicated hotline number and website address that can be promoted throughout your organization.
How do employees make anonymous reports?
Anonymous incident reports can be made 24 hours a day by calling your hotline or visiting your ethics compliance website (both provided by CMS).
What can be reported?
Your whistleblower hotline can be used to collect any anonymous report. Things that often get reported include:
- General Harassment
- Sexual Harassment
- Product Substitution
- Asset Misrepresentation
- Check Forgery, Kiting, and
- Account payable fraud
- Accounts receivable fraud
- Procurement fraud
- Payroll fraud
- Workers compensation fraud
- Commission fraud
- Policy violations
- Other misconduct
Are all reports logged securely?
Yes. Our secure systems log each incident clearly and consistently, contain only actionable information, and reach only purposefully designated personnel.
How do we follow up on and manage incident reports?
Our incident management application enables anonymous two-way communication between whistleblowers and compliance personnel, encouraging both parties to address and resolve problems as quickly as possible. Record incidents, resolve complaints, and reflect on results– all in one place– with an anonymous employee hotline from CMS.