LockPath Enables Enterprises to Setup Their Own Whistleblower Portal

LockPath, a provider of governance, risk management and compliance (GRC) solutions, released a new cloud-based service that lets users securely and anonymously report incidents, complaints and violations.

Dubbed Anonymous Incident Portal (AIP), the service lets users anonymously submit information to their company first before reporting it to others, such as the Security and Exchange Commission (SEC), allowing the company to manage incidents internally before they become public.

“This service comes at a time when whistleblowing is on the minds of many organizations,” said Chris Caldwell, CEO of LockPath. “Edward Snowden and Bradley Manning both brought light to the issue of whistleblowing this year, and the trend is not going away anytime soon. In fact, New York is currently considering a law to reward and protect whistleblowers.”

Many companies are required to submit incidents directly to the SEC, which is not only an inconvenience to employees, but can also deter personnel from reporting justifiable claims, Lockpath said. Often employees do not feel comfortable submitting an incident directly to the SEC for fear of repercussions to themselves and to their companies, and recent court rulings have raised questions about when protections for whistleblowers apply.

“AIP addresses this issue by letting employees and the public submit anonymous incident reports,” the company explained. “Using AIP, whistleblowers, or reporters, are directed to a secure web portal managed by LockPath where they can submit issues they are not comfortable reporting to the company directly. Users have the option to attach photos or documents supporting their observation, and the incident record does not include any personally-identifiable information. From the employer’s perspective, learning about and handling potential issues internally before they are exposed to the broader public is critical to maintaining its reputation.”

“Employees often struggle with deciding when to report an incident and when to remain quiet given potential repercussions like harrassment by the business, a career-limiting move, or termination,” added Caldwell. “AIP eliminates this fear by providing an anonymous and secure portal to express concerns, which can ulimately create an improved working environment for employees and ensure that a company’s reputation is in its own hands, rather than in the hands of someone else.”

In addition to releasing AIP, the Overland Park, Kansas-based company released Vendor Manager Hybrid, a new solution in Keylight 3.5, the latest version of the company’s flagship GRC product that allows third parties to submit audit-related questionnaires through a web-based portal, bypassing the assessing organization’s corporate network.

“From law firms to financial institutions to healthcare providers, organizations must regularly work with other vendors to complete due diligence in order to meet industry standards and regulations,” Caldwell added. “This new offering lets organizations keep control of their sensitive data within the enterprise, while maintaining effective interactions with outside entities.”