SECURITY ON WHITE SPARROW

In order to strengthen trust in dealing with whistleblowing, we rely on a highly secure platform with the most modern technology.

Our system ensures that reports submitted are always processed in a secure environment and – if requested by the whistleblower – anonymously. The main software has been further developed from a banking software and meets the highest standards in terms of legal requirements and compliance. This means, for example, that in the case of anonymous reports, no e-mail address, telephone number or other technical data is recorded and stored that would allow conclusions to be drawn about the whistleblower. Even metadata is only stored for a short time.

The application with its databases is stored in highly secure data centres in Germany and the processing of all data complies with the provisions of the General Data Protection Regulation (GDPR) – read more details below. All data and messages are transmitted in encrypted form and stored in a database

where only the persons designated by the company have access to the data.

Hosting in Germany

The White Sparrow whistleblowing system is hosted in a data centre in Frankfurt am Main in Germany. The hoster has no access to the data stored in the application.

The data centre is ISO/ IEC 27001/2 as well as ISO 22301 and 27018 certified and therefore meets the highest requirements. In doing so, the operator assumes responsibility for the security in your data centre.

We check these and the security of our own application through regular penetration tests.

Various access controls and processes ensure that only authorised individuals have access to the servers. Backups are automated and created periodically.

Logo_ISO_22301_5000px_x_3500px
Logo_ISO_27018_5000px_x_3500px
Logo_ISO_27001_5000px_x_3500px

System security

Our team of developers at Coperitus GmbH in Coburg can draw on years of experience in the banking environment and therefore ensure that security always comes first.

Above all, this means clean client separation, 2-factor authentication and regular maintenance and updates of the security-relevant systems.

Of course, all data traffic is TLS-encrypted, even within the application.

In addition, we have regular penetration tests carried out by an independent external service provider.

Audit trails at field level with historical values ensure that all changes are documented.

Data protection

With our MKM Datenschutz GmbH behind us, the GDPR was a core issue in the development of White Sparrow from the very beginning.

Our own experts ensured that all processes were set up in a data protection-compliant manner and could therefore also be used by the customer. In this context, deletion requirements can also be implemented in full compliance with the regulations of the GDPR and the requirements of the EU Whistleblower Directive. You will be reminded of the expiry date of two years.

The system thus naturally complies with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Depending on the scope of our commissioning, commissioning contracts are concluded with our customers.

Compliance

As a reporting platform, White Sparrow supports the most diverse compliance processes in your companies. Various, interantional, legal requirements for your companies can be supported with it.

A multi-client authorisation concept allows the rights of all users to be assigned granularly down to individual notes. The concept also ensures that no report can be concealed through a 4-eyes principle. All in all, only the required persons get access to the messages.

Of course, whistleblowers also enjoy the greatest possible protection, adapted to the necessary protection of confidentiality, as also required by law. This means, that no IP or MAC addresses, location information or other personal data is stored autmaotised and without the consent of the data subject.

All metadata that could lead to the identification of the whistleblower is removed as soon as it is no longer needed. Identities can therefore only be established by means of the voluntary information provided by the whistleblower.

Beyond the EU Whistleblowing Directive, White Sparrow is also suitable for making the following regulations legally compliant:

  • Supply Chain Act (CSR)
  • Sapin II
  • SOX
  • FCPA
  • Patient’s Rights Protection Act
  • WpHG

Help and availability

The White Sparrow whistleblower system is available to you throughout the year. We guarantee an availability of 99.8% minus planned and announced updates. If you have any problems, please contact our support team via email at kontakt@mkm-compliance.de.

Our experts at MKM Datenschutz GmbH will also be happy to support you in all data protection matters.

Our colleagues at MKM + PARTNER Rechtsanwälte PartmbB can help you with all your legal needs.

You are therefore fully covered and have a competent partner in us.

mkm_logo_datenschutz_neu
MKM_logo_neu

Start for free with our DEMO

You have questions or want to use our whistleblower system? Arrange a demo appointment. You can also reach us by e-mail or by phone.

kontakt@mkm-compliance.de
We will answer you as soon as possible

+49 30 / 544 53 510
Mo-Fr: 09:00 am till 06:00 pm.