Edition III, 2024
How best to meet the requirements for whistleblower protection? This question has been asked by our customers for a long time. Therefore, in 2022 we have already tested the applications available on the Polish market and published the results in the form of a ranking.
Maciej Kaczmarski - CEO ODO 24
We are pleased to present the results of the third edition of the TOP 10 ranking of applications for whistleblowers that support proper implementation of whistleblower protection. For the study we invited the authors of all applications available on 1 September 2024. The ranking primarily promotes safe platforms for whistleblowers to report legal violations. We have created a tool to explore applications that we can recommend with full confidence.
The order in the ranking was determined based on points earned for key criteria. In the case of an equal number of points, the order was determined by the total score for useful (facilitating) criteria. Due to the large number of criteria, for greater presentation clarity we divided the set of more than 100 criteria into additional subcategories.
The points for each criterion are assigned certain colours, according to the following scale:
| Application |  |  |  |  |  |  |  |  |  |  |
| Base points | 152 review | 150 review | 145 review | 143 review | 143 review | 137 review | 137 review | 137 review | 134 review | 131* review |
| Free trial of the application | TEST | TEST | TEST | TEST | TEST | TEST | TEST | TEST | TEST | TEST |
| Availability of signalling applications | ||||||||||
| Availability of the required information | ||||||||||
| Response deadline reminders | ||||||||||
| Ability to send feedback | ||||||||||
| Support for multiple entities including corporate groups | ||||||||||
| Connecting scans, transcripts, recordings | ||||||||||
| Register of notifications | ||||||||||
| Deletion of data after retention period expires | ||||||||||
| Fulfilment of individuals' rights under the GDPR | ||||||||||
| Data minimization | ✕ | |||||||||
| Data processing agreement between the Client and the Provider | ||||||||||
| Data are not transferred outside the EEA | ||||||||||
| Provider supports DPIA execution | ||||||||||
| Assurance of anonymity | ||||||||||
| Handling of reports by authorized persons | ||||||||||
| No linking of IP address to the content of the report | ||||||||||
| Possibility to anonymize a copy of the document | ||||||||||
| Vulnerability management and protection against malicious software | ||||||||||
| Security of applications and files | ||||||||||
| Encryption / secure communication channel | ||||||||||
| Access controls | ||||||||||
| Authentication | ||||||||||
| Registration of events | ||||||||||
| Intuitive interface, self-configuration | ||||||||||
| Facilitation of breach report management | ||||||||||
| Automatic logging of operation history | ||||||||||
| Provider is responsible for personnel and subcontractors | ✕ | |||||||||
| Provider is responsible for hacking attacks | ✕ | |||||||||
| Provider is responsible for failures of its infrastructure | ✕ | |||||||||
| All subcontractors explicitly identified | ||||||||||
| Possibility to object to a change of subcontractor | ||||||||||
| Subcontractors are vetted by the Provider | ||||||||||
| Comprehensive interface and efficient notification mechanism (max. 3 pts) | 3 points | 1 points | 3 points | 2 points | 1 points | 2 points | 2 points | 1 points | 1 points | 2 points |
| Easy-to-use breach reporting panel (max. 2 pts) | 2 points | 2 points | 2 points | 1 points | 2 points | 2 points | 2 points | 2 points | 2 points | 2 points |
As you can see in the table above, the TOP 10 of the rankings were: applications that meet the vast majority of the required criteria, To the highest or highest degree. an individual's personal view, as subjectively assessed by an expert The difference is presented in the traditional scoring form.
*Optional criterion — some applications (2024) The Statlook Signalist app was created on-premise. Such a solution is preferred by a certain group of customers who do not authorise the processing of alerts from whistleblowers outside their territory; The criteria for the SaaS model are supported, but their The manufacturer's instructions are not fulfilled because the manufacturer's instructions are not fulfilled. the on-premise system, the ability to implement them is on the customer's side.
For the second edition we invited ranking of applications for whistleblowers. The number of companies that have submitted their applications and agreed to be evaluated. We would like to point out that not all of the platforms listed below participated in the ranking. Alertador, BluSezam, CS-Sygnalista, Demaskator, E-nform, e-Signaller, Fraud Control, Gwizdek, EQS Integrity Line, e-SDS, e-Sygnalista, Ethicontrol, EY VCO, Genprox, GoWhistle, HeroApp, Hintbox, Just Report, Linia Etyki, Notibox, Panel Sygnalisty, Qualitime, Safelink, Sygnali, Sygnalista, I'm not sure if I'm going to be able to do that.SygnalistaOnline.eu, SygnalistaOnline.pl, Sygnalista+, Sygnaliści,Sygnalist@ka, Sygnalista Online, Sygnalista.com, Sygnalista.net, Sygnaliści.app, Sygnalisci.org, Sygnalix, Sygnalizuj.net, Sygnalizuje.com, Syon, Sygnanet, WeMoral, Whistboard, Whistleblower, WhistleblowerProductive 24, Whistlesystem.Whistlelink, Whistlesystem. We invite more companies!
We have developed a set of 9 categories and 100 specific criteria based ona zero-one method, which made it possible to conduct a rigorous study. We divided these criteria into required (key) and useful (facilitating) criteria and assigned points from 1 to 3 according to weight. Only two criteria (comprehensive interface, effective notification mechanism notifications and an easy-to-use breach reporting panel) were subject to individual assessment by ODO 24 experts, based on research conducted in stage I. For the remaining criteria, we relied on the explicit statements of the application authors.
In order to objectively verify certain criteria, we have reservedthe possibility to request additional documents. Verification of these documents we carried out in the final stage. We requested evidence for:
We've verified these documents in the final stages.
Position in the ranking determined by the number of points for the requirementsbasic, and in the case of an equal number of points the sum of points perUseful criteria and ease of use.It was £152.00 and £75.00 respectively.
See more
Due to the large number of evaluation criteria, for greater transparencyWe've put together a set of criteria for the rankings in the subgroup.confidentiality of some of the solutions used in the tested applications, on for example in the "Data security" category. The level of detail our study may certify, for example, a list of useful criteria,Ease of use applications, most of which arehas been added to the 'Functionality' category.
Here are some of them: automatic logging of operations performed, operations, automatic allocation of notifications to designated persons,self-designation of dedicated links to forms, possibilityExporting data from applications in popular formatsTo migrate to another application, the ability to customise the application's appearancefor the client, the possibility to extend the forms to additional fieldsfields for the signal and data controller, document conversion to formatPDF, the ability to collect additional documents within the applicationReport-related, visible only to the administrator, conversionrecorded conversations to audio files (e.g. MP3/MP4), changing statuses, priorities and categories of applications; possibility of labellingreports (categorisation), the ability to create notes and attachments by the signalling coordinator, the ability to generate reportsthe statistical and analytical data on applications, the possibilitythe creation of working teams the involvement of external users,the right to withdraw at any time, with an application availablealso in the mobile version (Android / iOS / Huawei), reporting telephone or SMS, e-mail notification, online chat(within the application, with a live operator), text recognition when attached documents are in graphic format (OCR – character recognition the characteristics), multilingual interface, automatic confirmation of acceptancereports, predefining responses for whistleblowers (confirmation of In addition to the information provided by the Commission, the following information is also available:a notification taking into account the data animation, the possibility to verify whether:whether the whistleblower (including anonymous) checked the report status, repository of the system authorisations, together with a confirmation of acceptance.
Whistleblower applications were reviewed by our experts in the field of personal data protection law, whistleblower protection and IT security in three stages. In the first stage, the review consisted of testing and analysing individual applications, both from the whistleblower reporting a breach and from administrators (coordinators, case managers, compliance officers, etc.) managing reports and the application itself. We were also interested in how follow-up actions after receiving a report are organised.
In the second stage, we asked application authors to complete a confidential detailed form containing 100 criteria subject to evaluation. In the next stage, to objectively verify certain responses, we asked for relevant documents confirming that a given criterion was met.
Please note that our whistleblower application ranking serves only as an auxiliary function when choosing an application. ODO 24 does not accept liability for business decisions made solely on the basis of an analysis of the results of our ranking.
Before you deploy a whistleblower application, update your security procedures. The law requires it.
SygnaApp moved significantly into the lead and was the only participant from the previous edition of the ranking to retain a podium position. This shows the vendor's established position in the market. SygnaApp is a fully compliant, user-friendly and intuitive tool for receiving and handling whistleblower reports, with high cybersecurity standards, which also supports internal investigations. Thanks to extensive configuration options, it can be quickly tailored to the needs of any organisation – in both the private and public sectors. The application supports internal and external reporting processes. SygnaApp is used by companies of various sizes and organisational complexity (including capital groups) as well as public bodies and authorities, including central government institutions.
With the processing of personal data of whistleblowers and persons whose reporting It's very risky, so it's very important to prepare Implementation of the protection of whistleblowers in accordance with the requirements of the GDPR Personal data of persons reporting as: And the individuals concerned by the notification.
e-SDS is an advanced tool for reporting breaches securely, designed by Codefellow sp. z o.o. in close cooperation with Data Protection Advisory Group sp. z o.o. By combining modern technology with deep expertise in personal data protection, the application ensures maximum information security. The platform operates on a SaaS model but also offers installation on the client's local servers. The implemented security mechanisms meet the highest industry standards, guaranteeing reliability and protection of transmitted data.
Whistleblower Software is one of the leading tools for handling whistleblower reports, recognised worldwide. The platform is the highest-rated solution in this category on G2, a renowned business software review portal. It is currently used by over 5 million employees in 7,000 organisations operating in more than 80 countries. Thanks to its broad reach and flexibility, Whistleblower Software helps companies and institutions meet legal requirements for whistleblower protection across many international markets.
Whiblo is a service that enables confidential written reporting of suspected illegal or unethical activities within an organisation. It allows an anonymous, encrypted dialogue between the whistleblower and the organisation after a report is submitted. The solution also supports report management through assignment to coordinators, status tracking, document storage, a report register and report generation. The application is compliant with regulations and ensures data security. It is a user-friendly system for any organisation.
AMODIT is a comprehensive whistleblower protection system combining security, flexibility and regulatory compliance. Fast deployment, full whistleblower anonymity and advanced report management features make it an ideal solution for companies of any size. A dedicated panel, process automation and system personalisation provide full control over reports. With AMODIT, organisations can effectively protect whistleblowers while streamlining internal processes and minimising the risk of retaliation.
WeMoral offers an exceptionally simple, uncomplicated, intuitive and easy-to-use tool for reporting breaches. The company offers one-day service deployment. Reports preceded by basic information for the whistleblower are anonymous by default, but a name field can be added and marked as personal data in the system. Two-way communication between the whistleblower and the administrator is encrypted. The administrator panel requires an additional password after login to read report content.
Whistlelink is a whistleblower platform compliant with the EU Directive, the Polish Whistleblower Protection Act and GDPR. As an ISO 27001 certified provider, it regularly conducts penetration tests. Hosting and data processing in Whistlelink take place exclusively in the EU. The platform is easy to implement, and ten years of experience ensures full functionality for organisations. Whistlelink is a fully configurable reporting system, easy to personalise in terms of content and graphics. The system can be launched in as little as 10 minutes and provides secure, encrypted internal reporting channels – confidential and anonymous, oral and written.
Sygnalista365 is an advanced SaaS (Software as a Service) platform designed for secure and anonymous reporting of irregularities in organisations. The application helps companies build a culture of ethics and responsibility while ensuring full protection of whistleblower identity. Sygnalista365 is a comprehensive irregularity reporting solution combining security, anonymity and ease of use. With flexible pricing plans and technical support, Sygnalista365 is a reliable partner in report management and building trust within the company.
Sygnanet is an encrypted system for receiving and processing whistleblower reports. Ready to set up in 5 minutes, it is simple, secure, helps fulfil obligations and protects the employer and those investigating reports. Data is transmitted to the server already encrypted and made available to the recipient on their device in that form. Together with the system, Sygnanet clients receive: an internal procedure template, deployment for report recipients, employee training and a deployment platform with educational materials for report recipients and employees.
Statlook is a simple, intuitive and secure tool for reporting and handling irregularities in an organisation. It allows employees to report workplace misconduct confidentially or anonymously. The system enables secure two-way communication between the whistleblower (including anonymous) and the person handling the report. The application can be an integral module of Statlook software, a standalone tool alongside that system, or used entirely independently. Statlook is software, not a SaaS service, ensuring compliance with Polish and European law.
