ISO 37002 Whistleblowing
Management System
ISO 37002 Whistleblowing Management System
Whistleblowing is the act of reporting suspected wrongdoing or risk of wrongdoing. A large number of wrongdoings are reported to organizations or other authority from employees within the organization. According to ACFE’s (Association of Certified Fraud Examiners) 2020 Report to the Nations, 43% of occupational frauds were detected by tips, half of those coming from employees.
This has encouraged many organizations to consider improving their whistleblowing policies, creating safe channels for whistleblowers, as well as protecting and supporting them. ISO 37002’s guidelines for a WMS aim to provide just that.Â
Published in July 2021, ISO 37002 is an international standard that provides guidelines for establishing, implementing, maintaining, and improving a whistleblowing management system (WMS) based on the principles of trust, impartiality, and protection. It provides guidelines on a four-step process: receiving reports of wrongdoing, assessing them, addressing them, and concluding whistleblowing cases. Organizations using ISO 37002 to implement a WMS can achieve the following:Â
- Encouragement and facilitation of reporting a wrongdoingÂ
- Support and protection for whistleblowers and other interested parties involved
- Proper means of dealing with reports
- Improved organizational culture and governance
- Reduced risks of wrongdoing
ISO 37002 follows the High-Level Structure (HLS) and shares the common terminology with other management system standards developed by ISO. It is applicable to all organizations, regardless of their type, size, and industry. It can be used as a stand-alone guidance or as part of a more comprehensive set of management system standards. This standard is a Type B management system standard, meaning that it is not intended for certification.Â
This training course will help you understand the:
- Section 1: Training course objectives and structure
- Section 2: Standards and regulatory frameworks
- Section 3: Introduction to whistleblowing and ISO 37002
- Section 4: An overview of ISO 37002 guidelines — Clauses 4 to 10
- Section 5: Closing of the training course
- Main concepts and definitions related to whistleblowing
- Structure and elements of a whistleblowing management system (WMS) based on the guidelines of ISO 37002
- Individuals aspiring to become whistleblowing management consultants or work in whistleblowing management
- Managers and members of governance, risk management, and compliance teams
- Individuals wishing to contribute in maintaining organizational integrity by establishing and maintaining whistleblowing mechanisms
- Employees looking to enhance their knowledge regarding whistleblowing and its importance to organizations, as well as their rights to confidentiality, support, and protection
CompTIA Advanced Security Practitioner (CASP+) Certification Course
Self-paced or Instructor Led Online Course
CASP+ is the only hands-on, performance-based certification for practitioners — not managers — at the advanced skill level of cybersecurity. While cybersecurity managers help identify what cybersecurity policies and frameworks could be implemented, CASP+ certified professionals figure out how to implement solutions within those policies and frameworks.
The CASP+ certification validates advanced-level competency in risk management, enterprise security operations and architecture, research and collaboration, and integration of enterprise security. The CASP+ exam covers the following:
- Enterprise security domain expanded to include operations and architecture concepts, techniques and requirements
- More emphasis on analyzing risk through interpreting trend data and anticipating cyberdefense needs to meet business goals
- Expanding security control topics to include mobile and small-form factor devices, as well as software vulnerability
- Broader coverage of integrating cloud and virtualization technologies into a secure enterprise architecture
- Inclusion of implementing cryptographic techniques, such as blockchain, cryptocurrency and mobile device encryption
CASP+ is compliant with ISO 17024 standards and approved by the US DoD to meet directive 8140/8570.01-M requirements. Regulators and government rely on ANSI accreditation, because it provides confidence and trust in the outputs of an accredited program. Over 2.3 million CompTIA ISO/ANSI-accredited exams have been delivered since January 1, 2011.
- Support IT governance in the enterprise with an emphasis on managing risk
- Leverage collaboration tools and technology to support enterprise security
- Use research and analysis to secure the enterprise
- Integrate advanced authentication and authorization techniques
- Implement cryptographic techniques
- Implement security controls for hosts
- Implement security controls for mobile devices
- Implement network security
- Implement security in the systems and software development lifecycle
- Integrate hosts, storage, networks, applications, virtual environments, and cloud technologies in a secure enterprise architecture
- Conduct security assessments
- Respond to and recover from security incidents
- Lesson 1: Supporting IT Governance and Risk Management
- Lesson 2: Leveraging Collaboration to Support Security
- Lesson 3: Using Research and Analysis to Secure the Enterprise
- Lesson 4: Integrating Advanced Authentication and Authorization Techniques
- Lesson 5: Implementing Cryptographic Techniques
- Lesson 6: Implementing Security Controls for Hosts
- Lesson 7: Implementing Security Controls for Mobile Devices
- Lesson 8: Implementing Network Security
- Lesson 9: Implementing Security in the Systems and Software Development Lifecycle
- Lesson 10: Integrating Assets in a Secure Enterprise Architecture
- Lesson 11: Conducting Security Assessments
- Lesson 12: Responding to and Recovering from Incidents
- Content aligned to work in the real world – Lessons refer to functional areas within the job role while Topics relate to discrete job tasks
- Comprehensive glossary with important terms and acronyms
- E-Book and course material
- CompTIA Exam Voucher
- Access to a field expert and advice
Exam Voucher Details
- Vouchers are non-refundable and non-returnable.
- One voucher is applicable towards one exam at an authorized CompTIA Test Service Provider.
- All vouchers, including any retakes, are valid for 12 months from the date of purchase unless otherwise noted.
- You must register and take your exam prior to the voucher expiration date.
- Voucher expiration dates cannot be extended under any circumstances.
- Certification exam retirement dates supersede voucher expiration dates. CompTIA may retire certifications and corresponding exams prior to voucher expiration dates.
- Visit the CompTIA website for certification exam information, including exam launch and retirement dates.
- Vouchers are country and currency restricted.
Exam Details
- Max of 90 multiple choice and performance based questions
- Passing score: this test has no scaled score; it’s pass/fail only
- Length of the exam: 165 minutes
Recommended Prerequisites
- A minimum of ten years of experience in IT administration
- Minimum five years of hands-on technical security experience.
Jobs that use CompTIA CASP+
- Security Architect
- Technical Lead Analyst
- Application Security Engineer
- Security Engineer
Upcoming Advanced Security Practitioner CASP+ Classes
For more info about this course, download the PDF using this form.
Other Trainings
A SAFe certification will empower you to
play an integral role in driving business transformation.Â
From learning about DevOps to sharpening your Agile Engineering skills – ICAgile certifications are crucial in embracing the Lean-Agile mindset.
Cybercriminals are becoming increasingly sophisticated, but with our training
programs you can learn how to protect your business from them.
From machine learning to SQL
programming – our Data Analytics training will help you become an expert data analyst.
Enter the world of Lean Six Sigma and discover the Lean manufacturing and Lean enterprise benefits.
Become an ISO/IEC certified information security implementer or auditor able to work in any organization.
Learn how to help businesses prepare for and deal with disruptive events that threaten their operation.