Reading time: ~ 3 min.
The management of internal investigations of organizations according to the ISO/TS 37008 standard
For internal investigation we understand the professional fact-finding process lead by (or for, if this process leading is transfered outside) an organization to establish facts in relation to supposed or suspicious wrongdoing, misconduct or noncompliance.
The internal investigation in indeed an integral part of organizational management and the standard ISO/TS 37008:2023 on «Internal investigations of organizations – Guidance» provides support for its implementation.
The internal investigation of organizations can examine cases such as bribery, fraudulent activities, harassment, violence or discrimination (just to mention some typical situations we can apply the standard to manage the process of fact-finding).
We can have different reasons why we need to lead an internal investigation, such as:
- civil actions (liability, responsibility,...);
- whistleblowing reports (discern between substantiated or unsubstantiated allegation);
- external investigations led by regulators (need for reporting);
- decision-making process (requirements set by laws, regulations, codes, policies,...).
We have to keep in mind that internal investigation is part of a compliance management system of an organization.
The ISO/TS 37008 standard structure
The ISO/TS 37008 standard has 11 main chapters and an «ANNEX A». This is an overview on the structure:
- Chapter 1: scope
- Chapter 2: normative reference
- Chapter 3: terms and definitions
- Chapter 4: Principles
- 4.1 Independent
- 4.2 Confidential
- 4.3 Competent and professional
- 4.4 Objective and impartial
- 4.5 Legal and lawful
- Chapter 5: Support of internal investigations
- 5.1 Resources
- 5.2 Leadership and commitment
- Chapter 6: Establishment of investigation policy or procedure
- Chapter 7: Safety and protection measures
- 7.1 Preserving and securing evidence
- 7.2 Protection of and support to personnel involved in investigations
- 7.3 Anti-retaliation
- 7.4 Safeguarding
- Chapter 8: Investigative process
- 8.1 Investigation team
- 8.2 Preliminary assessment
- 8.3 Determining the scope of the investigation
- 8.4 Investigation planning
- 8.5 Maintaining confidentiality
- 8.6 Liability caution to deter disclosure
- 8.7 No interference
- 8.8 Evidence
- 8.9 Interviews
- 8.10 Finalization process
- 8.11 Investigation report
- Chapter 9: Potential remedial measures or improvements
- 9.1 Proposal of remedial measures and improvements
- 9.2 Interim remedial measures
- 9.3 A final plan for post-investigation remedial measures
- 9.4 Proportionality of remediation and improvement measures
- 9.5 Monitoring and enforcement of remedial measures
- Chapter 10: Interaction with stakeholders
- 10.1 General
- 10.2 Planning
- 10.3 Measures for the communication process
- 10.4 Effective communication channels
- 10.5 Government and regulator communication
- 10.6 Self-disclosure to the authorities
- Chapter 11: Disciplinary actions
- Annex A Guidance on the use of this document (10
ISO 37008 standard: correlations between other standards and regulations
The ISO/TS 37008 standard is logically downstream of whistleblowing reports (we can consider for example the Italian Legislative Decree 24/2023 on whistleblowing).
This standard is also useful in correlation with:
- ISO 37002:2021«Whistleblowing management systems – Guidelines»;
- ISO 37001:2016«Anti-bribery management systems standard».
ISO 37008 provides support also in the implementation of the organization and management models (OMM) set by the Italian Legislative Decree 231/01 (corporate criminal Liability).
Our infographic on ISO/TS 37008 standard
To better figure out the «big picture» about the ISO/TS 37008 standard, take a look at our infographic:
If you want to keep you up-to-date with the most recent news on this topic, don't forget to subscribe to our newsletter: you will get a monthly update with the most relevant and valuable content from our experts!
Our sponsors
A special thanks to our Advanced Sponsors:
