Understanding the requirements of Clause 1.1.6

Who does it affect?

The BRC Global Standard for Food Safety is a globally recognised set of standards that applies to retailers, manufacturers, ingredients companies, food service organisations, and raw material processors as part of their supplier approval process.

The eagerly anticipated Issue 8 arrived in August 2018 and introduced a number of new regulations, including Clause 1.1.6 (Confidential Reporting System). Audits against the new standard commenced on 1st February 2019.

Components of a Confidential Reporting System

The Confidential Reporting System requirement is broken down into three key components:

1. The company shall have a confidential reporting system to enable staff to report concerns relating to product safety, integrity, quality and legality.
2. The mechanism (e.g. the relevant telephone number) for reporting concerns must be clearly communicated to staff.
3. The company’s senior management shall have a process for assessing any concerns raised. Records of the assessment and, where appropriate, actions taken, shall be documented.

- Clause 1.1.6, BRC Global Standard for Food Safety (Issue 8)

What does it mean for your business?

The need for a “Confidential Reporting System” – more commonly known as a “whistleblowing hotline” or “Speak Up service” - will be a first for many organisations affected by the updated Standard.

As such, it’s important that business owners ask themselves the right questions before deciding how to implement a compliant solution.

Getting it right: What steps should you take now?

Reporting channels

Reporting an issue can be difficult at the best of times, so it’s vital to establish a trustworthy Speak Up process that’s as straightforward as possible for employees.

Encourage employees to Speak Up

Facilitating a friendly open-door policy for employees to come forward internally is always a good place to start, but not everyone will feel entirely comfortable with this approach. Employees might feel unable to come forward internally due to a number of reasons, including:

• Fear of reprisal following a disclosure
• Inability to report issues anonymously
• Lack of faith that the issue will be resolved at all
• The issue relates directly to a member of senior management
• The issue has been previously reported and nothing has happened

Offering multiple confidential reporting channels alongside an open-door policy will provide your employees with vital choice that improves the chance of an issue being reported, and dealt with appropriately.

Provide access to Anonymous Reporting

According to data from our 2019 Regional Whistleblowing Hotline Benchmark Report, 54% of reports received by European-headquartered organisations were anonymous.

There are a number of reasons an employee might want to remain anonymous, but providing a truly anonymous reporting channel internally can be a challenge for many businesses.

Consider implementing a third-party solution

Implementing a third party whistleblowing hotline will provide a secure, confidential method of reporting that can easily enable anonymity. Employees may feel more comfortable speaking to someone outside their organisation, especially if the report is concerning another employee or illicit internal activity.

Effective communication

It may seem obvious, but it’s surprising how often organisations invest time and energy into setting up a reporting system – and then fail to promote it effectively.

Consider the best way to raise awareness

The way your reporting system is positioned and promoted will influence not just awareness, but trust and confidence levels too. You should think about things like:

• ‘Tone from the top’ – are senior management fully engaged?
• Promotion channels – what’s the best way to reach your audience?
• Accessibility – how can you ensure contact details are easy to find?
• Branding – will the service be labelled as independent or ‘on brand’?
• Messaging – how will you show that speaking up is a positive thing to do?

It is also important to plan future communications and employee training to ensure awareness remains high at all times – not just around the launch date.

Ensure your messaging is appropriate

Ineffective or inconsistent messaging can also have a negative impact. The wrong tone is likely to discourage employees from using the hotline, while generalised messaging might generate too many reports about the wrong type of issue.

If in doubt you can survey your colleagues once a solution is in place to gauge awareness of your hotline. The results will help you develop an ongoing awareness campaign. Think about how you can reach all of your colleagues to encourage them to report the issues you want to hear about.

Processing reports

Having worked out how to generate reports, you’ll need to think about how you’re going to handle them. A badly handled report not only presents a risk to your business, but it can also destroy trust in your entire reporting system.

Define your case handling process

Here are some key initial areas to consider when deciding how to receive and manage reports:

• Who will receive reports?
• How will reports be processed?
• How will you investigate cases?
• What will your feedback process be (during and after the investigation)?
• How will you protect all parties (discloser and accused)?
• How will you prevent retaliation?

Once agreed, your procedure should be documented (ideally in summary form) within your whistleblowing [policies and procedures](/en-gb/products/navex-ethics-compliance/policytech-policy-procedure-management/.

Use the right tools to manage cases

It’s crucial that any reports made, whether through internal or external channels, are stored confidentially and securely. An incident management system allows you to store and update case details, and streamline the investigative procedure.

It’s common for smaller businesses to manage their reports using generic office software, such as an Excel spreadsheet. While this provides a low-cost solution to report logging, it presents a range of limitations and risks including:

• Poor security – Anyone with access to the file can view or amend its content
• Single user access – Only one individual at a time can work on the file
• Risk of data corruption – Data can be easily lost or corrupted
• No audit trail - It is impossible to tell who made changes to the file, and when
• Administrative burden – All reports must be manually input and formatted
• Limited reporting capability – Lack of automated reporting or trend analysis

Introducing a third-party incident management system to log and process your reports can help protect the integrity of the data, provide a full user audit trail and make reporting easier.

Implementing a Confidential Reporting System successfully

Overseeing the implementation of a Confidential Reporting System can be a difficult and uncertain experience – especially if it is something you’ve not been involved with before.

Here are some key focus areas that will help you implement your system effectively.

Engaging stakeholders

From the outset, you will benefit from identifying and engaging key stakeholders from across the business who will need to be involved with the implementation process. They are likely to be drawn from the following areas:

• Senior Management
• Human Resources
• Compliance
• Legal
• Marketing Communications
• Union / Works Council / Employee representative bodies

Together, you will need to agree what you want your hotline to achieve, and make sure everyone is clear around the requirements of BRC 8 1.1.6.

As a group, you will also uncover important information about the size and structure of the business, which will help you in the next stage.

Designing your programme

Clause 1.1.6 requires businesses to enable their employees to report concerns “relating to product safety, integrity, quality and legality.” In addition to this, there may be other issues you want to capture as part of your Speak Up programme.

Common workplace issues include HR-related issues, Unprofessional Behaviour, Bullying, Discrimination or Harassment.

With help from your stakeholder group, you should agree how your Confidential Reporting System will be positioned in the context of your organisation – and then document it.

Defining your intake strategy

Once you know what the objectives are for your Confidential Reporting System, it’s time to begin thinking about how you will enable people to raise their concerns.

A good starting point is to better understand the intended users of your service.

• What is their normal working environment?
• Where are they based and what languages do they speak?
• What is their most convenient means of communication?
• Are there any physical or cultural obstacles to speaking up?

Answering these points will equip you with the information you need to tackle the following questions:

• What reporting channels should you offer (eg. web, phone, etc)?
• Should your system be available out of hours, or account for different time zones?
• Do multiple language options need to be offered?
• Should it be administered internally, by an independent provider, or a combination of the two?

A successful reporting system will reflect the needs and preferences of users, and eliminate as many barriers to reporting as possible.

Still not sure where to start?

A confidential whistleblowing hotline can be operated and administered internally by your own team, or by an independent provider like NAVEX.

To talk to one of our experts, please request a demo »