Internal Information System (IIS)
What is the Internal Information System?
The Internal Information System (IIS) is the system implemented by the Biosistemak Institute to receive and manage information on possible irregularities, guaranteeing protection against reprisals for whistleblowers as long as the communication falls within the established legal framework.
The reference standard is the Whistleblowing Directive (European Directive 1937/2019) transposed into Spanish law by Law 2/2023 regulating the protection of persons who report regulatory infringements and the fight against corruption.
Through the internal channels provided, any person related to our organisation, whether an employee or a person acting in a professional capacity, may report possible criminal, administrative (serious or very serious) or European Union law infringements, with full guarantees of security and confidentiality and without suffering any reprisals for doing so, provided that they have acted in good faith.
The IIS is composed of the following elements:
How to report?
- Access to the platform
When accessing our internal channel platform, you will be taken to a homepage where you will be reminded of the general aspects of the channel and where you can read detailed information about our privacy policies for whistleblowers and affected persons.
2. Access to the form
From there, you will be able to access the form that will allow you to provide details of your information, either in written form, as a secure audio recording or even attaching additional documentation should you wish to do so. We apply technical measures to protect your identity, by removing metadata from files, distorting speech and always encrypting any exchange of information.
3. Make an appointment
On the form, you will have the option to make an appointment for a personal discussion or provide further information to the case manager. This appointment will be arranged within a maximum period of 7 days from your request through the private web monitoring area that will be explained below.
4. Communication
Verbal communications made shall, with the consent of the whistleblower, be documented by recording them in a secure, durable and accessible format or by a complete and accurate transcript of the communication. Without prejudice to his or her rights under data protection legislation, the whistleblower shall, whenever possible, be given the opportunity to verify, rectify and agree with the transcript of the conversation by signing it.
5. Password to access
Once you have completed the form, we will confirm the registration of your communication and you will be given a password to access the private monitoring area, where you may, should you wish, follow the progress of your case and communicate and exchange information and documentation with the manager, easily, securely and confidentially. It is essential to keep this password safe as, for confidentiality reasons, it cannot be recovered and in case of loss or forgetting it, you will have to send us the information again.
6. Additional information
While the case is being processed, you may be asked for additional information through this private monitoring area, so it is advisable to log in periodically to check its status. If you wish, when you are given passwords to access the private monitoring area, you will be offered the possibility of providing an e-mail address for the sole purpose of alerting you to the existence of new developments in your case.
7. Analyse the information
The case manager will analyse the information submitted to determine whether or not it is possible to process it and will send the whistleblower a notification as to whether or not his or her communication is admissible for processing.
8. Begin the investigation
If your communication is accepted for processing, the internal investigation will begin and you will be notified of the final decision within a maximum period of 3 months (which may be extended to 6 months in view of the complexity of the case).