Skip to main content
Whistleblower Protection

Case management system

A case management system is software used by an internal or external reporting channel to receive reports confidentially, process them in a structured way, respond within statutory deadlines and document each case in an audit-proof manner.

A case management system is the technical backbone of a reporting channel under the German Whistleblower Protection Act (HinSchG). It brings the entire lifecycle of a report together in one place: from intake via the reporting channel, the assignment of a case code, the plausibility and substance review, through to initiating follow-up measures and closing the procedure. Unlike handling reports by plain e-mail, a case management system ensures that every processing step is logged in a traceable way and that only authorised case handlers can access the file.

Its core purpose is compliance with the statutory deadlines and duties: the system supports acknowledging receipt within seven days and providing feedback to the reporting person about planned and completed follow-up measures within three months. At the same time it technically safeguards the confidentiality requirement and the protection of identity, for example through access restrictions, encryption and the ability to submit anonymous reports as well as a pseudonymous mailbox for secure two-way communication with anonymous whistleblowers.

A case management system also fulfils the documentation obligation under Section 11 HinSchG: all reports must be documented permanently in a manner consistent with the confidentiality requirement and deleted three years after the procedure has been concluded. Features such as task management, deadline monitoring, role-based permissions, reporting and audit trails turn the system into both an evidence tool vis-a-vis supervisory authorities and a control basis for an effective, legally compliant reporting channel.

Legal Basis

Sections 10, 11, 13, 17 HinSchG; Art. 9 EU Whistleblower Directive (EU) 2019/1937

Practical Example

At a mid-sized company with 320 employees, an anonymous report of possible bribery in procurement arrives through the web-based reporting portal. The case management system automatically assigns a case code, sends the acknowledgement of receipt within seconds and starts both the seven-day and the three-month clocks. The designated officer of the internal reporting channel reviews the matter in the system, sends a follow-up question to the whistleblower via the anonymous mailbox, documents the internal investigation seamlessly and closes the case with a documented response on the follow-up measures taken, without ever revealing the whistleblower's identity.

FAQ

The HinSchG does not prescribe any specific software, but it does require confidentiality, adherence to deadlines and permanent documentation of all reports. A case management system is the most practical way to fulfil these duties in a demonstrable and legally sound manner. Manual handling by e-mail can hardly meet the requirements confidentially and in an audit-proof way.
It must monitor the acknowledgement of receipt within seven days of a report arriving and the feedback to the reporting person within three months. A good system automatically reminds handlers of these deadlines and logs that they were met. This helps avoid a breach of Section 17 HinSchG.
Under Section 11 HinSchG, the documentation of a report must be deleted three years after the procedure has been concluded. Longer retention is only permitted where this is necessary and proportionate. The case management system should manage these retention and deletion periods automatically.

How preeco supports you

Learn how our software supports you with this topic.

Learn more

Related Terms

Internal Reporting Channel Case handling Documentation obligation Whistleblower System / Reporting Channel Anonymous Reporting
Back to Glossary