Auburn University was advised by an external auditor to outsource its employee hotline system. The university wanted to provide a system that could guarantee anonymity and increase employee confidence in reporting incidents. The previous system, an internally-operated phone number and recording device, was found to be unsuccessful. The university understood that confidence in the system would increase if it was managed outside of the institution.

Berry Gardens, a co-operative of British berry growers, was facing challenges in its reporting system. Traditional avenues of reporting, such as through line managers or HR representatives, or via suggestion boxes, were not providing the level of confidentiality and security required. Some employees felt uncomfortable reporting face-to-face, while the anonymity of suggestion boxes could not be guaranteed. The senior leadership team was looking for ways to improve the current processes and culture, focusing on enabling and encouraging confidential reporting to help maintain and improve the company's high ethical standards.

EnerSys, a global leader in stored energy solutions for industrial operations, recently deepened their commitment to Environmental, Social, and Governance (ESG) objectives. The management team hired an ESG team to accelerate the company's sustainability maturity curve. This decision was made to promote a responsible culture at EnerSys, and also aligned with the increasing expectations of the board of directors, investors, and customers from around the world. As a key part of their program, EnerSys needed to establish a baseline GHG footprint across 173 locations for reporting, analysis, site comparison, improvement planning, and commitment management. Standard PC software could not be reliably used to manage this process.

The fintech company was looking to expand into consumer-facing technology, but they had to address their processes for identifying, mitigating, and reducing risk. They had a strong internal audit program, but the issues identified were not getting the necessary attention across the organization. The management of risks associated with daily operational activities was weak, leading to low audit ratings. Stakeholders were concerned whether the business could make risk-based decisions necessary to safely implement cutting-edge fintech. The organization’s management committee charged their risk management function with building a traditional three-lines of defense program. This meant cultivating accountability and ownership at the first line of the business, where risks are introduced to the organization. It required standing up a true second-line defense reporting to the Chief Risk Officer. Most importantly, it necessitated a risk culture in which everyone is responsible for identifying and reporting issues.

Kerry Group was faced with the challenge of adapting to the new requirements of the EU Whistleblower Protection Directive. The company's internal legal function took over the speak-up program and the NAVEX account as a legal responsibility. They needed a new focus team to quickly understand the software and adapt the solution to meet new requirements. Another challenge was making resources available across their operations. The company wanted to go beyond standard directive requirements and provide documentation for the system across all languages used in the business, including online, external and offline resources. Finally, there was little to no visibility over the progress of whistleblowing cases, which made it difficult to measure improvements, case-type volumes over time or to report in detail where areas of concern lay.

Before implementing PolicyTech, St. Joseph’s relied on personal drives, shared drives, and binders containing the various policies and procedures. This led to version control issues and inefficiencies, as well as duplicative work. The organization also faced unique policy challenges due to its specific nature. The lack of a centralized system led to silos between departments and a lack of transparency. Team members were often working on the same thing without knowing it, leading to unnecessary duplication of efforts.

In 2017, after the acquisition by TICO, Vanderlande and other group business entities needed to launch a new speak-up program that would meet the needs of a scattered and role-diverse workforce. The company had to ensure that the local entities could meet the regulatory requirements, such as those in the EU Whistleblower Protection Directive. There were also cultural challenges to overcome. For example, speaking up in Europe is largely seen as ‘doing the right thing’, but is often less so in Asia Pacific or the Middle East.

Before transferring to NAVEX EthicsPoint, Currys had no case management system, working from an online reporting platform and manually downloading spreadsheets into an Excel tracking table – a time-consuming manual process. The Compliance Team, which manages and monitors Currys whistleblowing cases, needed a modernized system that would streamline, save time, and add GDPR security when dealing with reports. In addition, Currys’ old whistleblowing system had no automatic functions reporting on enhanced data analytics, limiting the Compliance Team in its effectiveness and efficiency of tracking case types, numbers, potential areas of concern, and topic trends.

Before implementing an incident reporting system, DP World relied on collecting reports submitted by email or through a phone line based at the company headquarters in Dubai. Calls were answered in English or Arabic, but with employees speaking dozens of languages across many time zones, the company needed a scalable solution that could be implemented with consistency globally. The old setup did not address the whistleblower’s needs, or the internal information needed for incident reporting. The company was essentially capturing reports in an unformatted email or documenting from a phone call that may not even be answered because it was not staffed 24/7/365.

The enterprise software developer, a small company with about 85 employees, set a goal to achieve ISO 27001 certification. This certification sets the standard for information security and requires a sustainable information security management system (ISMS) that can comply with all seven ISO 27001 categories. The company knew that using spreadsheets for compliance would not be sufficient due to the rigorous requirements of the certification. The Chief Technology Officer (CTO) was leading the project and needed a technology solution to build an ISMS capable of earning ISO certification.

Castolin Eutectic, an industrial Maintenance and Repair technology company, needed a more holistic view of its compliance strategy. The company required a new code of conduct, compliance with the incoming EU Whistleblowing Directive, and an ESG framework to effectively manage how it measures multiple important factors. The company's most recent code of conduct was outdated and needed a new version that complied with regulations and would overcome barriers between regions. Castolin Eutectic was also in need of an incident management platform, as required by the EU Whistleblowing Directive. The challenge was finding a cultural fit across different regions, as not every market felt it would be suitable. Other parts of this revamp were to educate employees about ethics and compliance, to improve the organization’s culture and for its compliance suite to be effective.

ECHO Health, a company operating in highly regulated sectors, had to ensure its third-party vendors satisfy any related requirements. This involved sending a periodic compliance survey to around 10 vendors who handled a variety of work for ECHO, such as printing or call center services, which involved the handling of regulated information. Those involved in assessing third-party risk at ECHO would rely on tools like spreadsheets, calendar reminders and emailed forms to track vendor compliance. However, to support a recent opportunity for rapid growth, ECHO saw a major increase in the number of third-party vendors necessary for its operations. Each new vendor represented a new need to evaluate risk. The 130-person firm was on the precipice of a major business opportunity. It recognized the growth potential could only be realized with an efficient, scalable strategy to vet and monitor third-party partnerships.