1. Home
  2. Certificato IWZ Whistleblowing Policy

Certificato IWZ Whistleblowing Policy

Governance & Compliance

Certificato IWZ Whistleblowing Policy

This Policy outlines how Certificato IWZ manages whistleblowing reports relating to potential violations of laws, regulations, accreditation requirements and internal rules, ensuring a secure, confidential and impartial process, in line with best practices and applicable legislation.

Last update: 2025-12-08  |  Owner: Supervisory Body (OdV) – Certificato IWZ

1. Overview and purpose

The whistleblowing system of Certificato IWZ is a key element of our governance and compliance framework. It enables the prompt detection and management of conduct that may be inconsistent with applicable laws, accreditation rules, international standards, the Organisation, Management and Control Model pursuant to Legislative Decree 231/2001 and internal policies.

This Whistleblowing Policy aims to ensure that individuals can raise concerns in a secure, confidential and protected manner, and that reports are analysed in a timely, impartial and professional way, in line with:

  • applicable national and European whistleblowing legislation;
  • requirements of accreditation bodies and applicable ISO standards;
  • internal governance rules adopted by Certificato IWZ.

The Policy applies to all reports submitted via the whistleblowing channels specifically designated by Certificato IWZ and published on the institutional website.

The objectives of the whistleblowing framework are to:

  • support a culture of integrity, transparency and accountability in all certification and assurance activities;
  • prevent and manage situations that could damage impartiality, independence or reputation;
  • provide a structured and traceable process for the assessment and follow-up of reports;
  • protect whistleblowers acting in good faith against any form of retaliation or unfair treatment.

2. Persons entitled to report

The whistleblowing channels of Certificato IWZ are available to a wide range of internal and external stakeholders who may become aware of potential irregularities in connection with the activities of Certificato IWZ. By way of example, the following may submit a report:

  • employees and collaborators of Certificato IWZ, irrespective of function, level or type of contract;
  • members of governing bodies, committees and the Supervisory Body (OdV);
  • auditors, consultants, trainers and other professionals engaged by Certificato IWZ;
  • suppliers, distributors, partners and subcontractors involved in the delivery of services;
  • clients and other third parties who interact with Certificato IWZ in the context of certification and related services.

Reports may relate to facts that have occurred, are ongoing or are reasonably foreseeable, provided that they are grounded on factual elements and submitted in good faith.

3. What can be reported

The whistleblowing channel is intended for the reporting of serious concerns relating to the integrity, legality and compliance of activities carried out by or on behalf of Certificato IWZ. By way of example and without limitation, this includes:

  • conduct that may constitute offences relevant under Legislative Decree 231/2001 and/or breaches of the Organisation, Management and Control Model;
  • violations or suspected violations of laws, regulations, accreditation rules or binding provisions issued by competent authorities;
  • serious and repeated breaches of internal procedures, the Code of Ethics, impartiality and independence policies, or other mandatory internal rules;
  • practices that may compromise the impartiality of certification decisions, the independence of auditors or the integrity of audit processes;
  • fraud, corruption, bribery or any other form of unlawful conduct in connection with certification or related activities;
  • intentional concealment of nonconformities, manipulation of records or falsification of documentation relevant to certification processes.

The whistleblowing channel is not normally intended for:

  • purely commercial complaints or service-level issues, which should be handled via the standard complaints and appeals procedures;
  • personal conflicts or grievances unrelated to potential violations of law, regulations or internal compliance rules.

If a report is submitted through the whistleblowing channel but is more appropriately treated as a complaint, suggestion or standard customer-service issue, Certificato IWZ may reclassify it and manage it under the relevant process, informing the whistleblower where possible.

4. Reporting channels and process

4.1 Whistleblowing channelsOnline form

Certificato IWZ provides a dedicated online whistleblowing form, available on the institutional website in the “Whistleblowing” section. The form allows the whistleblower to submit a report:

  • by providing their identity and contact details (identified report), or
  • without indicating their identity (anonymous report), subject to the limitations outlined in this Policy.

Additional channels (for example, a dedicated postal address or other secure communication tools) may be activated and communicated by Certificato IWZ, where appropriate.

4.2 Minimum content of a report

To enable adequate assessment and follow-up, reports should contain, as far as possible:

  • a clear description of the facts (what happened, where, when);
  • information on how the whistleblower became aware of the facts (direct witness, documentation, third-party information, etc.);
  • identification of the persons or organisational units involved or potentially affected;
  • any supporting documentation (e-mails, records, images or other relevant material), ensuring compliance with applicable privacy rules;
  • an indication of whether the matter has already been reported to other internal or external bodies and, if so, with what outcome.

Reports should be factual, precise and as detailed as possible, even if the whistleblower does not have complete information.

4.3 Management process

Reports received through the whistleblowing channels are handled by the Supervisory Body (OdV) or by another function formally designated by Certificato IWZ. The process typically includes:

  1. Receipt and registration – the report is received via the designated channel, registered in a secure manner and assigned a unique reference.
  2. Preliminary assessment – verification of admissibility, relevance to the scope of this Policy and sufficiency of the information provided.
  3. Investigation – where appropriate, further information is gathered, including documentation review, interviews or specialist input, while maintaining impartiality and confidentiality.
  4. Conclusions and actions – the Supervisory Body (or competent function) evaluates the findings and may recommend corrective, disciplinary, contractual or organisational measures to the relevant governing bodies.
  5. Feedback to the whistleblower – where the whistleblower is identifiable and contact is possible, Certificato IWZ may provide feedback on the receipt and status, and on the outcome to the extent permitted by law and confidentiality requirements.

5. Protection, non-retaliation and confidentiality

5.1 Protection against retaliation

Certificato IWZ expressly prohibits any form of retaliation, discrimination or unjustified adverse consequence towards persons who, in good faith, submit a report through the whistleblowing channels. This protection applies regardless of whether the alleged facts are ultimately confirmed, provided the report was made honestly and without malicious intent.

Potential forms of retaliation include, for example:

  • unjustified disciplinary measures, demotion or changes to duties that are punitive in nature;
  • denial of training or career opportunities linked to the submission of the report;
  • harassment, mobbing or other forms of hostile work environment;
  • termination or non-renewal of a contract for reasons directly related to the report.

Any retaliatory behaviour will be considered a serious breach of this Policy and may give rise to disciplinary and/or contractual consequences.

5.2 Confidentiality of identity and information

Certificato IWZ treats all whistleblowing reports and related documentation with a high level of confidentiality. The identity of the whistleblower (where disclosed) and of the persons mentioned in the report is protected and disclosed only to those who strictly need to know for the purposes of managing the case, in compliance with applicable legislation.

Anonymous reports are accepted and may be investigated, provided that they contain sufficiently specific and verifiable elements. However, anonymity may limit the ability of Certificato IWZ to request clarifications or additional information and to provide feedback on the outcome.

Access to reports is restricted to authorised personnel within the Supervisory Body and/or the designated internal functions, on a strict “need to know” basis.

6. Personal data protection and retention

The processing of personal data in the context of whistleblowing is carried out by Certificato IWZ in accordance with applicable data protection legislation and with the specific privacy notice for the whistleblowing channel, as made available on the institutional website.

In particular, personal data are processed in order to:

  • receive, register, assess and manage whistleblowing reports and any related follow-up;
  • comply with legal obligations, including those relating to whistleblowing regulations, corporate liability and accreditation requirements;
  • safeguard the rights of individuals involved in the report and of Certificato IWZ.

Data are processed using appropriate technical and organisational security measures, aimed at protecting confidentiality, integrity and availability, including restricted access to authorised personnel only.

Personal data and documentation relating to whistleblowing reports are retained for a period not exceeding that necessary to achieve the purposes for which they were collected, and in any case in line with applicable legal or regulatory retention periods and limitation periods.

7. Misuse of the channel and Policy updates

7.1 Misuse and bad faith reports

The whistleblowing channel must not be used to submit reports that are knowingly false, defamatory or made with malicious or purely instrumental intent. Certificato IWZ reserves the right to take appropriate action, including disciplinary or contractual measures, where misuse of the whistleblowing system is identified.

Making a report in good faith does not require the whistleblower to be certain that a violation has occurred, but it does require a genuine belief, based on reasonable grounds, that the information reported is accurate and relevant.

7.2 Communication, review and governance of the Policy

This Whistleblowing Policy is approved by the competent governing bodies of Certificato IWZ and is:

  • published on the institutional website and accessible to all interested stakeholders;
  • communicated internally to employees, collaborators and relevant functions through appropriate channels;
  • periodically reviewed to ensure its consistency with legislative developments, best practices and changes in the organisational and accreditation framework.

Any updates or substantial amendments to this Policy are approved by the relevant governing bodies and promptly communicated. For clarifications regarding the content of the Policy or the operation of the whistleblowing channels, stakeholders may contact Certificato IWZ through the contact details provided on the institutional website.

Search