iBlow Logo
iBlow Logo

Objectives & Results?

From legal requirement to real impact

Objectives
  • Make your organisation compliant and secure
&
  • Operational reporting channel, clear processes and proof of compliance
Results
  • Guaranteed privacy and confidentiality, mitigating the risk of sanctions and reputational damage

In your project, if you wish, we can cover the entire process or choose the ones we can integrate with your existing processes:

  • Policies
  • Channel
  • Screening
  • Investigation
  • Report

The Mandatory Triangle




RGPC
(DL 109-E/2021)



RGDI
(Lei 93/2021)



RGPD
(Lei 58/2019)


Enquadramento
Legal Essencial


Plano de prevenção, código de conduta,
formação, gestão de riscos


Canal interno,
confidencialidade, prazos,
proibição de retaliação


Bases legais, minimização,
DPIA quando aplicável,
registos & retenção

RGPC
(DL 109-E/2021)

Prevention plan, code of conduct, training, risk management

Essential legal
framework

Internal channel, confidentiality, deadlines, prohibition of retaliation

Legal bases, minimisation, DPIA where applicable, records & retention

RGPDi
(Law 93/2021)

GDPR
(Law 58/2019)

Would you be interested in implementing ISO 37001?

Typical coverage

  • Public and private entities with >= 50 collaborators
  • Business groups, centralised vs decentralised models
  • Internal channel vs. external solution

What do we deliver?

iBlow Services

1.
Obligations
Map & Gap
Analysis
  • Documentary survey and key interviews
  • “Legal requirement vs evidence” matrix
  • 90-day roadmap with quick wins and critical milestones
2.
Complaints
Policy &
Procedures
  • RGPDI Policy (scope, confidentiality, protection)
  • Procedures: receipt, screening, investigation, deadlines, filing
  • Playbooks by type (harassment, corruption, fraud, security, etc.)
3.
Internal
Channel
iBlow.eu
(Technology)
  • Submissions with end‑to‑end confidentiality and anonymity option
  • Secure box for messages and evidence; recording of deadlines and decisions
  • Profiles and access segregation; logs for auditing
4.
Screening &
Case
Management
  • Admissibility and prioritisation criteria
  • Tasks, SLAs and alerts; templates for contacting whistleblowers
  • Closure with reasoned decision and learning loop
5.
Investigation
(Methodology &
Guarantees)
  • Proportionate and recorded investigation plan
  • Preservation of evidence, interviews, fact‑finding
  • Legal privilege where applicable; interface with audit/forensics
6.
Privacy &
Data Protection
(GDPR)
  • DPIA/PIA for the channel, where necessary
  • Processing records (ROPA), retention policies & data subject rights
  • Clauses with suppliers; access tests & privacy by design
7.
RGPC:
Corruption
Prevention
  • Corruption Risk Prevention Plan aligned with the business
  • Code of Conduct and risk/control matrix
  • Conflict of interest mechanisms; integration with reporting channel for early detection
8.
Appointments &
Governance
  • Channel Manager/Ethics Committee Model
  • RACI (who approves, who executes, who reports)
  • Committee charter, calendar and periodic reporting
9.
Training &
Internal
Communication
  • E‑learning and face‑to‑face sessions by audience (leadership, HR, frontline)
  • Communication kit: FAQs, posters, intranet, email copy
  • Anti‑retaliation programme: psychological safety culture
10.
Mandatory
Documents &
Evidence
  • Policy, Procedures, Case Records, Decision Logs
  • Response templates, acknowledgements and closure letters
  • Half‑yearly/annual reports (KPIs and lessons learned)
11.
Continuous
Auditing &
Monitoring
  • Quarterly/half‑yearly health check of controls
  • Effectiveness tests (mystery report, table‑top)
  • Benchmarking and regulatory updates
12.
Third‑party
Management &
External
Whistleblowing
  • Channel extension to suppliers/partners
  • Contractual clauses and onboarding pack
  • Interface with authorities where applicable

Three Ways to Implement

STARTER
Basic Compliance 60–90 days:
Policy + iBlow Channel + Procedures + Basic training + Essential records
PLUS
Plus (Governance & RGPC):
Starter + RGPC Risk Plan/Map + Code of Conduct + Committee + Communication Kit
PREMIUM
Premium (360º & Audit):
Plus + DPIA/ROPA + Half-yearly audit + Third-party management + Annual executive report

Implementation & Operations

 

12‑Week
Schedule
S1–2: Diagnosis & Gap
S3–4: Policies/Procedures
S5: Go‑live Channel
S6–7: Training & Communication
S8–10: Assisted operation
S11–12: Initial audit & fine‑tuning

White plus sign on black background

Responsib
ilities
(RACI)
  • Client: approves policies, appoints responsible parties, provides information
  • iBlow: design, configuration, case coaching, document compliance
  • Team: training, communication, periodic review

Simbol Responsabilities (RACI)

KPIs &
Reporting
  • Acknowledgement and resolution time
  • Percentage of admissible cases, trend lines by category
  • Corrective actions and lessons learned (effectiveness, not volume)

Simbol for KPI's & Reporting

Security &
Confidentia
lity
  • Access control, audit logs, encryption in transit/at rest
  • Backups and BCP; segregation of duties
  • Quarterly permission reviews

Simbol for Security & Confidenciality

Risks &
Mitigations
  • Retaliation (measures, speak-up policy)
  • Data leaks (access control, anonymisation where possible)
  • Biased investigations (committee, double review)
  • We show risk > control matrix

Simbol for Risks & Mitigations