Whistleblowing doesn't have to be complicated.

The whistleblowing law made simple. We guide you all the way & with our comprehensive offering you can have a full-fledged whistleblowing solution in no time.

Explore how
Visslan whistleblowing system
Kami Compliance logoEurocon logoStockholms Auktionsverks logoASUS logoKungliga Hovstaterna logoBRA logoVICI logoJollyroom logoDlaw logoFBI Integrity Project logoUnsquare Law logoKungl. Konsthögskolan logoRosenssons logoKungl. Konsthögskolan logoNGL Legal logoMainly Silver logoKami Compliance logoEurocon logoStockholms Auktionsverks logoASUS logoKungliga Hovstaterna logoBRA logoVICI logoJollyroom logoDlaw logoFBI Integrity Project logoUnsquare Law logoKungl. Konsthögskolan logoRosenssons logoKungl. Konsthögskolan logoNGL Legal logoMainly Silver logo

Is this really the right way to work with the EU whistleblowing law?

Many people believe that email is simple and that advanced functionality is good. That's not always true. There is no need to spend more time on administration or to have more systems in an organization. A new way is needed. A golden mean.
Complicated email solution
Email or Microsoft-forms aren't enough anymore when it comes to whistleblowing.
  • Unnecessarily much administration
  • Major security & compliance risks
  • Waste of valuable time & money

Too advanced system

Advanced systems become a hassle to use
Whistleblowing doesn't have to be complicated and advanced systems helps no one.
  • High fees & start-up costs
  • More systems to administer
  • Unnecessary work & long processes

Get more time for other things. Be ready in

999 minutes.
Nothing meaningful gets done in 5 minutes, but by eliminating unnecessary work and complexity, we have shortened the time it takes as far as possible.
*Estimated total time to comply with the EU Whistleblowing Directive with Visslan

Whistleblowing has
never been easier.

We don't need more complicated systems to maintain or expensive lawyers to pay.

Visslan offers simplicity, clarity and efficiency with an intuitive and user-friendly whistleblower system, a whistleblower policy according to the EU Directive and, if desired, cost-efficient case management by lawyers.

EU Whistleblowing Directive compliant
ISO 27001 icon
ISO 37002 whistleblowing icon
GDPR icon
EU Whistleblowing Directive
ISO 27001-hosting
According to ISO 37002
GDPR-secured

What our customers say.

Listen to our customers. They have experienced the simplicity.
"
Customer testimonial

Visslan is a simple & flexible way to solve the new whistleblower law.

Background image for testimonials
HR Manager Nordic
Tobias Bodlander
"

I want to encourage companies that do not already use a whistleblowing system to do so. It is so much easier and much more serious than coming up with your own solution.

Background image for testimonials
Nicole Bellman
HR Manager
Stockholms Auktionsverk logo
"

The implementation was very simple and Visslan's solution feels safe considering that it is encrypted, penetration tested and completely anonymous.

Background image for testimonials
Åsa Söderström
IT Manager
Eurocon logo
"

We got started quickly and were guided through learning the platform to how we could launch the function internally. It was all very simple!

Background image for testimonials
Li Pamp
CEO
Stockholms Auktionsverk logo
"

Visslan enabled us to provide the anonymity & security whistleblowers often need to feel comfortable springing into action when they witness wrongdoing

Background image for testimonials
James Davidson
President
Customer testimonial logo
Jollyroom använder VisslanCustomer logoRosenssons använder Visslan
Rosenssons använder VisslanKungliga Hovstaterna använder VisslanStockholms Auktionsverks visselblåsarkanal

These companies are already experiencing the simplicity, when will you?

We help companies on three continents in all industries and sizes, from the local staffing company to the world-leading computer manufacturer ASUS, multinational and listed companies and all the way to FBI agents and the Royal Court of Sweden.
  • Everything you need
  • No implementation fees
  • We help you all the way
Discover the new way - risk free
Get started for free
Girl meditating
No implementation fees
Possibility of external handling
Whistleblower policy included
searching for solution

Not sure if we are right for you?

We know your problems because we have been there ourselves. Whistleblowing should be simple, it shouldn't create headaches and be an administrative nightmare. Simple and efficient whistling. No hassle.

FAQ.

What does the new whistleblower law say?

The whistleblower law often refers to the EU Whistleblower Directive and imposes a number of requirements on companies, including the establishment of whistleblowing channels for all companies with more than 50 employees. Strict confidentiality applies and there are requirements to be able to follow up with the whistleblower within certain time frames. As a company, you also need to inform, for example, about the channel, how to report and the whistleblower's rights and freedoms. Many companies choose to enable anonymous reporting, but this is not a legal requirement in itself.

Who receives the cases?

You decide for yourself who should be the case manager(s), but the case manager(s) should be independent and autonomous. This can be someone within your company, but also someone external, such as a lawyer or accountant. The case manager receives cases in the whistleblower system, follows up with the whistleblower and possibly appoints an investigation. In Visslan's system, you can receive cases internally, but also via one of our partners' external recipient functions.

Can you report anonymously? If so, how does follow-up work?

Through Visslan's whistleblower system, those who report can choose whether they want to be anonymous or confidential. If they choose to disclose their identity, only case managers (one or more designated by the company as independent) may access the information. The person who reports can always choose to remain anonymous at first and reveal their identity later instead.

The benefit compared to a mailbox or email function is that the whistleblower can be both anonymous and with the possibility of follow-up in the anonymous chat.

How can whistleblowers make reports via the system?

Visslan enables both written and verbal whistleblowing. Verbal can be done for example by uploading an audio file as an attachment to the report. That follows the "best practices" that exist in whistleblowing and is preferable to reporting via a telephone hotline. According to the whistleblowing laws, whistleblowers should also be able to report by scheduling a physical meeting, which can for example be asked for by submitting a report in Visslan's whistleblower system. At a physical meeting, we recommend that a report is still set up regarding the case where documentation can be collected securely.

All this type of information is described in our standardized whistleblower policy. Most likely, written reporting will be most common.

How quickly can we access the whistleblower system?

In the case of Standard, you get access to the platform directly and you can set up your system directly with a 14-day free trial period, while Enterprise customizations can take a couple of days to set up, subject to the risk of bottlenecks. You get access to the whistleblower policy and other onboarding information directly.

How is onboarding of the whistleblower system conducted?

We always offer an onboarding of the reporting channel with the person or persons who will be the case manager (others are also welcome to participate if desired), which usually takes about 30 minutes. You also get access to onboarding materials such as user manuals, FAQs, videos and more. In addition to this, we are personally available to answer any questions. Completely free of course!

Which languages are available?

Visslan has built-in support for many of the world's languages and the vast majority within the EU. Our team is constantly working to expand and improve our language library.

How is the dialogue between case manager and whistleblower handled?

The whistleblower is completely anonymous to both Visslan and you and instead he/she receives a code as a login to their case. Once logged in, the whistleblower can still be anonymous and chat with the case manager. All communication can thus be handled and documented via the platform in a legally compliant manner.

How does the whistleblower access the reporting channel?

You get a company-unique link, for example https://name.visslan-report.se/, which you give out to your employees. There, the whistleblower can easily make a whistleblower report.

Who can blow the whistle?

Everyone who has access to your company's unique reporting link can submit a report through the reporting channel.

Is there a limit to the number of cases we can get through the whistleblower function?

No, you can get an unlimited number of cases through Visslan. However, the system has a spam protection that can act as a limitation in special cases where spam is suspected.

Do I need Enterprise or is the Standard package enough?

For most organizations, Standard is sufficient. There, you get everything you need for smooth and efficient reporting, handling and investigation. We recommend Enterprise for multinational organizations or for groups where one of the companies has more than 250 employees, since you may need more advanced functionality such as more and customized questionnaires, advanced case allocation and so on.

What happens after the 14-day free trial?

After 14 days, your subscription according to the agreement begins. You will receive a reminder e-mail before the trial period expires and if you had forgotten to cancel the trial period, we are usually forgiving.

What are the payment terms after the trial period?

You are invoiced annually at the beginning of the subscription period. The invoice has an expiration date after 30 days.

What is the notice period?

Visslan has no notice period. You can cancel the subscription at any time, even during the trial period.

What do I do if I need customizations like those in Enterprise?

Enterprise functionality can not be tried or tested via the website. You will need to contact us.

Can Visslan guarantee system security?

No one can guarantee the security of a system. As we have seen recently, authorities as well as banks and other "secure" systems have proven to have shortcomings. Visslan works actively to prevent and remedy any deficiencies by following modern safety standards while protecting the whistleblower's anonymity. An important part of our security work is the platform's continuous security audits and penetration tests.

If you are promised an impenetrable system, you are most probably being lied to.

What support are we entitled to?

We help you all the way, both with intuitive guides, instructions and videos, but also personally. If you are a customer of Visslan and need help, do not hesitate to contact us if you have questions, concerns or want any tips. We have seen most things and are happy to share our experiences or contacts.

For larger support matters at your request and which are not necessary for the use of the platform, such as adaptations of it, a small service fee is charged. Should this be the case, we always inform about this in advance

Who is behind Visslan?

The Swedish company The Whistle Compliance Solutions AB with organisational number 559327-2999 and VAT-number SE559327299901 is behind Visslan.

Who receives the whistleblowing cases?

Lawyers with one of our partners who specialize in whistleblowing, labor law, data protection and other relevant areas. They act as receivers in your Visslan's whistleblower system. Our partners' offers may differ slightly, both in layout and price. You are completely free to choose which of our partners you want to get help from, but a peer review must first be carried out.

Can we see the report ourselves?

Normally, no, but you can wish to have it if you want. We always create an account for you in the system but without access to the cases that come in. The lawyers can then give you access to cases, for example if they are personnel matters or if you are to carry out an investigation internally.

What does conflict of interest review mean to us?

Our partners are often bound by special rules such as law firms, including reviewing clients for conflict of interests before they can offer services to a new client. This is done to ensure that the lawyers can help you without ending up in a conflict situation themselves, for example against an existing client. The risk of the conflict of interest review resulting in a declining of services is generally small. The conflict of interest review does not mean any work for you.

What do you really get with external handling of whistleblower cases?

Although this may differ slightly between our different partners, the basics are always the same. First and foremost, an unlimited number of cases are received by most of our partners (not all), where the lawyers make an initial assessment of whether the case may be a whistleblower or rather a personnel matter. In the event that it is a whistleblowing, special processes are required by law, but if it is a personnel matter, it is in principle handed over directly to you.

Dialogue with the whistleblower for any initial follow-up questions and additional information is included in the fixed price. In addition, a recommendation is included about the next step, for example if an investigation should be made or if the case should be taken directly to the relevant authority.

Some of our partners have a scheme where you pay per case, but unless otherwise stated, that is not the case.

What is not included in the external case management?

The short answer is that further investigation of the case is not included. If you choose to hire the same lawyer that is the recipient also for the investigation of the case, it will be an hourly fee and you will get a custom proposal.

Do we have to hire the external recipient for investigation?

No, it is always up to you if you choose to hire this party for the potential investigation, another external party or if you choose to carry out the investigation yourself internally if a whistleblowing case should be received.

Are the conditions for the external reception function regulated through our agreement with Visslan?

No. Visslan is not responsible for the external reception function. However, we have great confidence that you will be well treated by all our partners and in normal cases you do not need to sign another agreement but the partner then sends an assignment confirmation to you.

We work closely with our partners to provide such a seamless workflow as possible.

How does the external reception function help us to follow the whistleblower law?

The external recipients are experts on the Whistleblower Act and will adhere strictly to various rules, processes and time frames to ensure compliance with the Whistleblower Act. You will also receive a recommendation about the next step, and that you will not have to worry about the recipient not being sufficiently independent and autonomous.

How can it be cheaper for us to outsource case management of whistleblower reports?

Many organizations lack the competence for whistleblowing and investigation internally. In many cases, especially in smaller organizations, it can thus be more cost-effective to hire an external recipient than having to familiarize yourself with what is a whistleblower and not, how whistleblower reports should be processed and so on every time a new notification is received.

You can thus save valuable working time by letting an experienced expert do the job instead.

Does Visslan receive a commission if we choose external case management?

Visslan will not receive compensation if you choose one of our partners as a case manager. We have organized the offer only because we see that it can be of great benefit to you.

How secure is my data?

With Visslan, your data is safe. Our whistleblower system is built so that whistleblowers can be sure that the data reaches the case manager without anyone else being able to see it on the way. No system can promise that it is impenetrable, in which case they are lying, but through penetration testing, encryption and modern security mechanisms, you do not have to worry that your data might not be secure with Visslan. Your data is sent and stored encrypted.

Where is the whistleblower system data stored?

Visslan's servers are based in Sweden. Your data is never transported outside the EU.

Which cloud service platform is used for the whistleblower system?

Visslan uses AWS (Amazon Web Services) for their high security standards and good capabilities to maintain the data within the EU, in accordance with Schrems II and GDPR. Our hosting is certified with, among other things, ISO 27001. Visslan has close contact with AWS regarding data protection in relation to, for example, Schrems II and has actively chosen not to participate in AWS AI programs, which could then have sent data temporarily to the US.

Visslan also has an agreement in place with AWS which gives us full control over the data. AWS does not copy data from the EU to the US.

Can Visslan see our whistleblower cases?

No, Visslan can never see your whistleblower cases.

How is my data encrypted?

The data is encrypted "End to End", both in transport and at rest. Visslan implements an encryption protocol specifically designed for anonymous whistleblowing applications.

The protocol has been developed and validated in collaboration with the Open Technology Fund to be user-friendly for whistleblowers with security from attackers who could have seized the backend and attempted a so-called brute-force decryption.

Every report is encrypted and protects the questionnaire's responses, comments, attachments and metadata involved. The keys involved in the encryption are per user and per submission and only users to whom the data was sent can access the data.

What does the encryption workflow look like?

1. User chooses a personal secure password at the first login;
2. The system creates a personal user key pair and stores it asymmetrically encrypted with a secret derived from the personal user password;
3. The whistleblower makes a report;
4. The system assigns personal access data to the whistleblower;
5. The system generates a symmetric key for encrypting the report, the attachments and comments and the metadata involved, and starts encrypting the data;
6. The system generates an asymmetric key pair and stores it symmetrically encrypted using a secret derived from the whistleblower's access data;
7. The system gives each recipient and whistleblower involved access to the report's symmetric encryption key by assigning each user an asymmetrically encrypted copy of the key;
8. Users continue to exchange information about the report by using their personal access information and unlocking their own personal asymmetric keys and symmetric keys for the opened report.

How is it guaranteed that the data is encrypted and that Visslan does not have access to the data?

Encryption keys are always encrypted at rest (when stored on disk) and are only decrypted in RAM when the whistleblower / receivers are logged in to the system. Visslan does not have an interface that can allow direct access to the encryption keys in any situation (at runtime or at rest).

Visslan, like all other web-based whistleblower systems as far as we know (and which offers the necessary usability and a wide range of security measures related to protection against leaks of "forensic traces") can not technically implement a perfect end-to-end encryption mechanism that encrypts data from the whistleblower terminal to the case manager's terminal, but it needs to use the server as a reliable party that performs encryption and decryption on behalf of the system's users.

Such a function is only offered when it is possible to get users to install a software, which we do not consider acceptable in a whistleblowing context, both for usability but also for security reasons (for example when proof is submitted for submission of a report on the user's device).

In the whistleblower system today, the administrator (we) can decide if we want to reset the case manager password to simply support users in the event of a password loss, which acts as a "key escrow" mechanism. This is usually accepted in commercial contexts where we must be able to do our utmost to ensure that no data is lost (even when the customer loses access to the data in the event of a forgotten password). In future system updates however, we plan to make it possible for the customer to specifically opt out of this option and at their own risk accept that data in the event of a password loss will be completely lost.

In any case, the system maintains an audit log and tracks actions to try to prevent as well as support the detection of abuses performed by administrators.

In other words, from a technical perspective, Visslan can have access to encryption keys and data (which, as described, becomes a requirement for a web-based application where Visslan cannot install anything locally, which would also have created other more serious risks). We therefore also refer to our customer agreement and the appendices DPA and Confidentiality Agreement, where it is clearly stated that we may not have access to your whistleblower cases or related data.

Can we get access to Visslan's Security Documentation?

Yes, you can. Please contact us if you would like to get access.

Is it a legal requirement to have a whistleblower policy?

The whistleblower policy is an important part of your whistleblower function, not least because you as an employer must provide easily accessible and clear information about your reporting channel, routines, how whistleblower matters should be reported, etc. The legal requirement thus does not apply to having a whistleblower policy in itself, but that information fits best in a whistleblower policy as it can easily become over 5 pages long.

What do we actually need to inform about?

Your whistleblower policy should include information not only about whistleblowers' rights and obligations (such as that reports must be made in the belief that they are true), but also your routines for handling whistleblower reports and how your employees can whistleblow. This includes descriptions of how to report orally or in writing, or how to book a physical meeting, as well as the routines for, for example, a physical meeting or oral report where the case manager should ask the whistleblower if he / she can record the conversation, and otherwise that the case manager has the right to document it in a lasting way.

What is included in Visslan's whistleblowing policy

Amongst other things, it includes: Complete policy with instructions and alternative wording or additions, reporting routines, simplified versions of the whistleblower policy for, for example, launch, step-by-step guide, paths for external reporting, checklist before launch and so on.

Can we adapt the whistleblowing policy?

Yes, of course you can. We even encourage you to. You get the whistleblower policy as a Word document and can thus edit, change, add or delete parts.

cookie symbol
Cookies Preferences
Close Cookie Preference Manager
Cookie Settings
Strictly Necessary (Always Active)
Cookies required to enable basic website functionality.
Made by Flinch 77
Oops! Something went wrong while submitting the form.