Security Experts:

Connect with us

Hi, what are you looking for?



LockPath Enables Enterprises to Setup Their Own Whistleblower Portal

LockPath, a provider of governance, risk management and compliance (GRC) solutions, released a new cloud-based service that lets users securely and anonymously report incidents, complaints and violations.

LockPath, a provider of governance, risk management and compliance (GRC) solutions, released a new cloud-based service that lets users securely and anonymously report incidents, complaints and violations.

Dubbed Anonymous Incident Portal (AIP), the service lets users anonymously submit information to their company first before reporting it to others, such as the Security and Exchange Commission (SEC), allowing the company to manage incidents internally before they become public.

“This service comes at a time when whistleblowing is on the minds of many organizations,” said Chris Caldwell, CEO of LockPath. “Edward Snowden and Bradley Manning both brought light to the issue of whistleblowing this year, and the trend is not going away anytime soon. In fact, New York is currently considering a law to reward and protect whistleblowers.”

Many companies are required to submit incidents directly to the SEC, which is not only an inconvenience to employees, but can also deter personnel from reporting justifiable claims, Lockpath said. Often employees do not feel comfortable submitting an incident directly to the SEC for fear of repercussions to themselves and to their companies, and recent court rulings have raised questions about when protections for whistleblowers apply.

“AIP addresses this issue by letting employees and the public submit anonymous incident reports,” the company explained. “Using AIP, whistleblowers, or reporters, are directed to a secure web portal managed by LockPath where they can submit issues they are not comfortable reporting to the company directly. Users have the option to attach photos or documents supporting their observation, and the incident record does not include any personally-identifiable information. From the employer’s perspective, learning about and handling potential issues internally before they are exposed to the broader public is critical to maintaining its reputation.”

“Employees often struggle with deciding when to report an incident and when to remain quiet given potential repercussions like harrassment by the business, a career-limiting move, or termination,” added Caldwell. “AIP eliminates this fear by providing an anonymous and secure portal to express concerns, which can ulimately create an improved working environment for employees and ensure that a company’s reputation is in its own hands, rather than in the hands of someone else.”

In addition to releasing AIP, the Overland Park, Kansas-based company released Vendor Manager Hybrid, a new solution in Keylight 3.5, the latest version of the company’s flagship GRC product that allows third parties to submit audit-related questionnaires through a web-based portal, bypassing the assessing organization’s corporate network.

“From law firms to financial institutions to healthcare providers, organizations must regularly work with other vendors to complete due diligence in order to meet industry standards and regulations,” Caldwell added. “This new offering lets organizations keep control of their sensitive data within the enterprise, while maintaining effective interactions with outside entities.”

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.