Internal Information System (IIS)

What is the Internal Information System?

This is the system in place to receive and manage possible cases of irregular and unwanted behaviour in our organisation

How to report?

We have a secure web platform where you can report your information easily and confidentially and also, if you wish, have access to a private area for monitoring the case reported and to communicate with the case manager.

Do you wish to report any irregularities?

You can visit the information channel where you can safely report your case.

What is the Internal Information System?

The Internal Information System (IIS) is the system implemented by the Biosistemak Institute to receive and manage information on possible irregularities, guaranteeing protection against reprisals for whistleblowers as long as the communication falls within the established legal framework.

The reference standard is the Whistleblowing Directive (European Directive 1937/2019) transposed into Spanish law by Law 2/2023 regulating the protection of persons who report regulatory infringements and the fight against corruption.

Through the internal channels provided, any person related to our organisation, whether an employee or a person acting in a professional capacity, may report possible criminal, administrative (serious or very serious) or European Union law infringements, with full guarantees of security and confidentiality and without suffering any reprisals for doing so, provided that they have acted in good faith.

The IIS is composed of the following elements:
  • Policy or fundamental principles of the Internal Information System
  • Specific and independent System Manager, legally appointed by the General Meeting, which has appointed a natural person in charge of receiving and processing the information.
  • Internal channels for receiving communications, designed and enabled to comply with legal security and confidentiality requirements.
  • A mandatory communications management procedure that guarantees the requirements of protection, confidentiality, objectivity and efficiency in the process of receiving, processing and resolving the communications received.
  • An IT platform that allows both the reporting of cases and the internal management of the processing. This is done securely and with access to the data restricted exclusively to those persons legally authorised to do access it, with a private web area for the two-way monitoring and exchange of information and documentation of the case with the whistleblower.

How to report?

  1. Access to the platform

When accessing our internal channel platform, you will be taken to a homepage where you will be reminded of the general aspects of the channel and where you can read detailed information about our privacy policies for whistleblowers and affected persons.

2. Access to the form

From there, you will be able to access the form that will allow you to provide details of your information, either in written form, as a secure audio recording or even attaching additional documentation should you wish to do so. We apply technical measures to protect your identity, by removing metadata from files, distorting speech and always encrypting any exchange of information.

3. Make an appointment

On the form, you will have the option to make an appointment for a personal discussion or provide further information to the case manager. This appointment will be arranged within a maximum period of 7 days from your request through the private web monitoring area that will be explained below.

4. Communication

Verbal communications made shall, with the consent of the whistleblower, be documented by recording them in a secure, durable and accessible format or by a complete and accurate transcript of the communication. Without prejudice to his or her rights under data protection legislation, the whistleblower shall, whenever possible, be given the opportunity to verify, rectify and agree with the transcript of the conversation by signing it.

5. Password to access

Once you have completed the form, we will confirm the registration of your communication and you will be given a password to access the private monitoring area, where you may, should you wish, follow the progress of your case and communicate and exchange information and documentation with the manager, easily, securely and confidentially. It is essential to keep this password safe as, for confidentiality reasons, it cannot be recovered and in case of loss or forgetting it, you will have to send us the information again.

6. Additional information

While the case is being processed, you may be asked for additional information through this private monitoring area, so it is advisable to log in periodically to check its status. If you wish, when you are given passwords to access the private monitoring area, you will be offered the possibility of providing an e-mail address for the sole purpose of alerting you to the existence of new developments in your case.

7. Analyse the information

The case manager will analyse the information submitted to determine whether or not it is possible to process it and will send the whistleblower a notification as to whether or not his or her communication is admissible for processing.

8. Begin the investigation

If your communication is accepted for processing, the internal investigation will begin and you will be notified of the final decision within a maximum period of 3 months (which may be extended to 6 months in view of the complexity of the case).

External channel of the Independent Authority for Whistleblower Protection:

Although the preferred channel for reporting possible breaches is the internal channel, if the irregularity you wish to report falls within the scope of article 2 of Law 2/2023, i.e. it concerns possible criminal, serious or very serious administrative or EU law infringements, you can report it through the external channel of the competent Independent Whistleblower Protection Authority either directly or after having reported it through our internal channel.