Core 4.0

C-RM 1-2: Policy Addressing Reporting of Violations

Submited by: Tom Goddard

The Basics

This standard requires your organization’s compliance policies to:

  • Protect individuals reporting violations of ethical, regulatory, or legal requirements;
  • Address the consequences of failing to report violations; and
  • Protect the confidentiality of anyone reporting violations.

Management Tips

It will be important that your entire staff know about the mechanisms described in this standard. Be sure to include it in your compliance training.

Accreditation Tips

Desktop Review

The same set of P&Ps and/or program description you use for C-RM 1-1 should work here. Just make sure those policies have solid whistleblower protections and mechanisms to require reporting of violations.
Validation Review
This standard will be covered in the interviews of compliance-relevant management (including but not necessarily limited to the Compliance Officer), as well as interviews with staff throughout the company.