ISO & SOC 2 Whistleblower Hotline

CMS delivers confidential and secure third party hotline services that help organizations achieve compliance under ISO, SOC 2, and other data security and systems standards.

  • 24/7/365 hotline services
  • Anonymous third party reporting
  • Live operator, automated, and web-based reporting channels
  • Over 52 years’ experience
  • Data privacy and security
  • Online, two party case communication
  • International capabilities
  • Custom notifications and reporting

Get Pricing

Learn more about our ISO and SOC 2 compliant hotline services:

Secure, Anonymous Third Party Whistleblower Hotlines for Companies Seeking ISO and SOC 2 Compliance

After hours virtual receptionist taking medical calls

Data security is important to all organizations. ISO and SOC 2 are common compliance standards that service providers and technology companies must meet in order to be considered for valuable outsourcing contracts and vendor agreements. 

Improve Your Ethics & Security Standards

A third-party whistleblower hotline is critical to modern security standards because it provides organizations with a means to collect information outside of regular communication channels. Without a secure, 24 hour hotline, fraud, ethics violations, and other incidents may go unreported.

Achieving compliance with standards such as SOC 2 and ISO requires your organization to have established ethics, fraud, and whistleblower policies. To enforce and support these policies, necessary software and accompanying processes are required to help maintain compliance.

One such system is an anonymous reporting tool that can enable stakeholders to safely and securely report incidents.

Facilitate Anonymous Reporting

In instances of illegal or improper conduct, established communication channels are often ineffective. Employees may feel uncomfortable lodging internal complaints even when there are policies in place to protect them.

Instead of allowing potentially damaging situations to go undisclosed, our fraud and ethics hotline encourages individuals to report information confidentially and without the threat of retaliation.

Frequently Asked Questions

Yes. Each whistleblower hotline managed by CMS is distinct to your organization. We will help you establish a dedicated hotline number and website address that can be promoted throughout your organization.

Anonymous incident reports can be made 24 hours a day by calling your hotline or visiting your ethics compliance website (both provided by CMS).

Yes. The Sarbanes-Oxley Act of 2002, or SOX, requires publicly-traded companies to log collection and and provide audit trail for all access and activity to sensitive business information. By presenting a single, confidential solution for incidence receipt and retention, our fraud and ethics hotline consolidates and centralizes measures to maintain direct compliance with SOX whistleblower provisions.

Your whistleblower hotline can be used to collect any anonymous report. Things that often get reported include:

  • General Harassment
  • Discrimination
  • Sexual Harassment
  • Product Substitution
  • Asset Misrepresentation
  • Check Forgery, Kiting, and
  • Tampering
  • Embezzlement
  • Account payable fraud
  • Accounts receivable fraud
  • Procurement fraud
  • Payroll fraud
  • Workers compensation fraud
  • Commission fraud
  • Policy violations
  • Other misconduct

Yes. Our secure systems log each incident clearly and consistently, with respect to your organization-specific code of conduct, contain only actionable information, and reach only purposefully designated personnel. 

Our incident management application enables anonymous two-way communication between whistleblowers and compliance personnel, encouraging both parties to address and resolve problems as quickly as possible. Record incidents, resolve complaints, and reflect on results– all in one place– with a whistleblower compliant hotline from CMS.

SOC 2 Whistleblower Policy Requirements

SOC 2 requirements dictate that compliant organizations must maintain a whistleblower policy that provides “separate communication lines.” Specifically, “separate communication channels, such as whistleblower hotlines, are in place and serve as fail-safe mechanisms to enable anonymous or confidential communication when normal channels are inoperative or effective.”

Developed by the American Institute of CPAs (AICPA), SOC 2 is an auditing procedure that ensures service providers securely manage data. SOC 2 is specifically designed for service providers storing customer data in the cloud. That means SOC 2 applies to nearly every SaaS company, as well as any company that uses the cloud to store its customers’ information.

ISO Compliant Whistleblower Management Systems

The International Organization for Standardization (ISO) has several international standards for governing anti-bribery, quality management, and whistleblower management systems. ISO 37002, the newest standard coming in 2021, is the guidelines for whistleblowing management systems. ISO 37002 will provide “guidelines for implementing, managing, evaluating, maintaining and improving a robust and effective management system within an organization for whistleblowing”.

Other ISO standards with anonymous reporting and whistleblower provisions include ISO 37001 (anti-bribery management systems) and ISO 9001 (quality management systems). 

A 24 Hour, Third Party Whistleblower Hotline That Ensures Compliance

CMS helps companies meet and exceed the whistleblower compliance provisions of SOC 2 and ISO by providing 24-hour anonymous hotline services and web-based incident reporting solutions. Together, these systems give organizations a secure, third-party system for fielding and processing whistleblower complaints and other incident reports. 

Our third-party compliance hotline service helps organizations meet all of the reporting and data security requirements of their whistleblower policies. With CMS, you can create a protective environment where people can confidently report concerns in order to help your organization prevent and deal with wrongdoing.


Hear what our customers have to say about our telephone answering services and anonymous hotline solutions.

We’ve been a customer since 2012. They do a great job of answering our phones after hours & scheduling appointments. We’ve tried many other answering services in our 17 years of business but they are by far the best.

Penny Luker