SafeWhistle: Secure and Anonymous Reporting Solutions

Reporting workplace violations anonymously has evolved over time. Now, new web-based solutions are available to individuals. While in the past, phone numbers or hotlines offered limited options, website or digital submissions can now be gathered and investigated.

SafeWhistle Secure and Anonymous Reporting Solutions

This is important for several reasons

Protection for Whistleblowers: Anonymity provides protection for whistleblowers by shielding their identity from potential retaliation or backlash. It encourages individuals to come forward without fear of negative consequences, ensuring that important information about workplace violations can be disclosed.

Increased Reporting Rates: Some employees may hesitate to report misconduct openly or solely through a hotline due to concerns about their reputation, job security, or fear of retaliation. Anonymous online reporting provides a safe and confidential avenue for employees to report violations, which can lead to more incidents being brought to light and addressed.

Early Detection and Prevention: By addressing issues at an early stage, organizations can take appropriate action to prevent further harm, protect employee well-being, and maintain a positive work environment.

Uncovering Systemic Issues: When multiple employees report similar concerns anonymously, it may indicate a pattern of misconduct or underlying problems that need to be addressed. By aggregating and analyzing anonymous reports, organizations can identify recurring issues, conduct investigations, and implement necessary changes to improve the overall workplace culture.

Maintaining Trust and Transparency: It demonstrates that the organization values the well-being of its employees and takes workplace violations seriously. Employees are more likely to have confidence in the reporting process and believe that their concerns will be addressed appropriately, leading to a more positive work environment.

Organizations should have clear policies and procedures in place to handle anonymous reports, ensuring that they are taken seriously, thoroughly investigated, and treated with confidentiality and fairness. 

What do you do with the information reported? 

This is where the Orsus Group comes in. As licensed investigators, Orsus can, in conjunction with the technology, have individuals conduct those investigations, whether it is workplace violence, theft, fraud, threat, sexual harassment, racial discrimination, corporate espionage, or a variety of other misconducts.

What Technology piece is being offered as a solution?

SafeWhistle is a highly secure, two-way, anonymous communication tool that gives your employees and/or stakeholders the ability to come forward and report potential wrongdoings or unethical behavior anonymously. The platform also serves as a case management tool that can help you direct the reported concerns while giving the reporter the confidence that there is a built-in escalation process to help ensure transparency, accountability, and ethical behavior.

SafeWhistle offers numerous, user-friendly key features to not only its clients but also to those that report their concerns.  In summary, SafeWhistle offers:

  • A high level of privacy, anonymity, and security.  SafeWhistle is cloud-based and is hosted on a secure platform using encryption;

  • A customizable escalation workflow;

  • An SMS reporting option for those instances where a high level of confidentiality is not warranted;

  • A secure follow-up communication platform, which allows you to facilitate a secure and anonymous conversation with the reporter in real time;

  • Department and individual report assignments;

  • A customizable dashboard with an inbox feature; and

  • Custom QR codes for all clients to help their employees and stakeholders report their concerns easily. 

 Why is SafeWhistle Needed?

A whistleblower protection program is required by federal organizations such as the Occupational Safety and Health Administration (“OSHA”), the Security and Exchange Commission (“SEC”), the Office of Inspector General (“OIG”), the Department of Labor (“DOL”), and many other accreditation bodies.  

Unreported or unsolved issues may end up being reported to oversight agencies which can lead to larger fines.  In 2021 alone, the Department of Justice settlements exceeded $5.6 Billion.  The investment in SafeWhistle can assist in identifying the potential issues internally, leading to resolution and avoidance of financial and reputational impact.  

 

Detail on SafeWhistle’s Features

Building on the key features summarized in the overview, SafeWhistle offers clients:

  • Anonymous Reporting: Allows your employees and stakeholders to report their concerns securely from anywhere at any time. There is a dedicated 24-7 website and reporting number for your facilities. Individuals are able to report via the custom website, text message, or voicemail that converts to text. If requested, a live answering service is also available during business hours to facilitate the reporting.

  • Customizable Reporting Features: The questions asked to the reporter can be customized for the entity and by report category.

  • Case Management: Easy-to-use inbox that allows assigned personnel to review, categorize, investigate, and escalate cases. 

  • Escalation Workflow: Unattended reports are automatically escalated to the next level of management. This is a customized workflow based on the needs of the entity.

  • Messaging Center: Facilitates a secure and anonymous conversation with the reporter in real-time. The reporting party is provided with a code to log back into the platform and securely communicate.

  • Report Dashboard: Quickly view your organization's reports, report trends, concerns, and activities all in one place. This is helpful for reporting on the status in real time.

  • Cloud-Based: SafeWhistle is hosted on a secure cloud platform using state-of-the-art encryption. 

  • Technical Support: SafeWhistle provides technical support during working hours either via phone, email, or online chat. 

  • Training: SafeWhistle will provide training materials to help you implement and promote it to your employees and stakeholders. These materials include instructional videos, instructional manuals, and suggested policies.

 

Technical Side of SafeWhistle

SafeWhistle is encrypted in two layers:

In-transit

Transport Layer Security (TLS) cryptographic protocol 1.2 is used with a cipher. The platform includes Virtual Private Cloud security to protect the platform from unauthorized access, data breaches, and other security measures. When the reporter receives a code for anonymous communication, the code contains two parts: the report lookup code and their report key password. The former is used to quickly find the report in the entire database, much like an ID. The latter is only shown once to the user and never exists in any form in the database. Without it, their associated key is just random data.

At-rest and in-use 

Foundationally, SafeWhistle is built on the Ruby on Rails platform, and authentication is provided with the Devise gem using the latest versions, updated proactively, and following all best practices.  Both company data and reports are encrypted with symmetric and asymmetric keys.  SafeWhistle leverages the OpenSSL::PKey::RSA library that uses two keys for encryption and decryption.  Further security details are as follows:

  • The symmetric keys are capable of encrypting large amounts of data, so it is responsible for encrypting the reports and company metadata like names of report categories.

  • The asymmetric keys are capable of encrypting a fixed amount of data, so they are responsible for encrypting the symmetric keys.  Every user on the platform, including reporters, has their own unique asymmetric key pair, which are password protected.

    • A backup key is also created for lock-out prevention purposes.

      • Much like backup two-factor authentication codes, this is the only way a company can restore full access in the event they forget their passwords.

      • SafeWhistle never maintains any copy of the company or report keys, encrypted or not.

      • When setting up a company, you will be given a 36 alphanumeric password to the backup key, which is displayed once and should be kept safe. This robustly encrypts the asymmetric private key.

    • When a report is filed, a unique, high-entropy symmetric key is generated and used to encrypt the report data.

      • The reporter has a unique, asymmetric key generated for them, and a password is generated for them to protect their private key.

      • This speeds up the reporting process by not slowing down the user or making them worry about creating a password before reporting.

      • Following the company's reporting workflow, the report symmetric key is then encrypted with only the users who are permitted to see the report data: full administrator, the backup key, the reporter, and the specific agents handling the report.

  • Any user's private key is effectively encrypted with their password. Every transaction with SafeWhistle decrypts this with their password in session, in the user's browser, and is never stored decrypted. The user's browser stores an encrypted form of their password, so they do not have to enter it every page load. Without this, SafeWhistle, nor any administrator, can read any data at any layer.

 

The Orsus Group is a company specializing in background screening, investigations, and risk mitigation. Along with a platform like SafeWhistle, we have experienced investigators holding an average experience of 20 years. Whether it's theft, fraud, threats, harassment, or anything in the nature of supporting clients and protecting employees and their assets. 

The Orsus Group works with clients to handle cases, conduct investigations and filter them in a manner that allows them to provide administrative and support services, ensuring that inquiries are appropriately assigned to the responsible party.