Securing your data is as important to us as it is to you
We work with some of the world’s largest technological and financial institutions, who carry out regular, independent testing on the security of our service.
We protect the disclosures we receive with AES256 encryption.
Our systems and controls ensure that only authorised recipients can access the confidential whistleblowing reports we have taken on our clients’ behalf.
Once an authorised recipient has received a report from us, its details are erased from our systems.
Our operational headquarters are located within a solely occupied building, giving us complete control over physical security.
External security is assured via a three-stage entrance system, and our security procedures adhere to ISO 27001:2013 standard.
Our team of experienced hotline operators work within a secure area that cannot be accessed by unauthorised personnel.
Protecting the whistleblower
Maintaining the confidentiality preferences of a reporter (where regional law allows) is a key element of our service.
Alongside our other security controls, those seeking to raise their concerns are issued with a unique password which allows them to update or seek feedback on their report without revealing their identity.
Our service is 100% auditable and we are compliant with all relevant data protection laws (including GDPR) to which we are subject.
We can also work with you to handle reports in a manner that is consistent with your own data privacy controls.
“The reports we receive from Expolink contain the depth and detail we need to conduct fast, confidential and effective investigations.”
Head of Compliance Monitoring, Dixons Carphone plc