How you investigate matters as much as what you find. ISO 37008 makes it stand up.

Building an ISO 37008 investigations capability starts with understanding how allegations currently reach the organisation and how they are handled. The initial focus is on the investigation lifecycle – planning, conducting and reporting – and on the principles that underpin it: impartiality, fairness, confidentiality and protection of those involved.

This review often reveals investigations handled inconsistently, evidence gathered without proper safeguards, unclear roles and decision-making and findings that are difficult to defend.

ISO 37008 provides a structured framework to bring these elements together: a proportionate and impartial process, competent investigators, sound evidence management, protection of those involved and clear documentation and reporting of findings.

Organisations adopt ISO 37008 for clear reasons: handling allegations consistently, treating people fairly, producing defensible findings and supporting enforcement, disciplinary or regulatory action when needed.

The duration depends on organisational size, the volume and complexity of cases and the maturity of existing practice. The benefits extend beyond the assessment itself – more consistent investigations, fairer outcomes and stronger, more defensible findings.

A sound investigations process requires more than written procedures – it requires competent investigators who can plan, gather evidence, interview fairly and report objectively. Personnel across compliance, HR, legal, internal audit and investigations need practical skills to run investigations impartially, manage evidence and protect those involved. Generic training rarely builds these capabilities.

Speeki delivers focused ISO 37008 training programmes designed to build real competence in conducting internal investigations. Each stage of the process is examined through real-world scenarios, sector-specific examples and practical exercises.

Participants gain hands-on experience in:

• planning a proportionate and impartial investigation
• gathering, preserving and managing evidence
• conducting fair and effective interviews
• protecting those involved, including whistleblowers
• maintaining confidentiality and data protection
• documenting and reporting findings objectively

Extended programmes include modules on complex and cross-border cases, the interface with whistleblowing and report writing that withstands scrutiny.

This training equips your people to conduct investigations independently and consistently – reducing long-term reliance on external consultants. Training is delivered on-site or remotely and tailored to your sector and risk profile.

ISO 37008 is built around proportionality, impartiality and fairness – the principles that determine whether an investigation is sound and its findings defensible. The depth and resourcing of each investigation should reflect the seriousness and complexity of the allegation, while every investigation upholds the same core principles.

A minor policy breach and a serious fraud allegation demand very different investigative effort – a brief enquiry versus a complex, multi-party investigation – yet both must be planned, evidenced and reported with the same fairness and rigour.

Running an investigation well requires systematic attention to:

• the seriousness, complexity and sensitivity of the allegation
• the impartiality and competence of those assigned
• the integrity and preservation of evidence
• the rights and protection of everyone involved

Serious or complex cases demand careful planning, skilled investigators, rigorous evidence management and oversight. Lower-level matters require proportionate handling that still upholds fairness and confidentiality.

These principles must flow through the whole process: planning should match the allegation, evidence should be handled defensibly and reporting should be objective and supported. Regular review of investigation practice keeps capability consistent as cases, risks and expectations change.

Demonstrating a sound investigations capability depends less on the number of cases than on thorough preparation that resolves weaknesses in process before independent assessment.

Organisations often rely on ad-hoc practice only to encounter avoidable issues: inconsistent processes, evidence gathered without proper safeguards, interviews that compromise fairness, weak protection of those involved and reports that cannot withstand challenge.

Speeki’s pre-assessment services are designed to eliminate these risks before independent assessment. Our gap analysis evaluates your investigation practice against the recommendations of ISO 37008, identifying inconsistent process, weak evidence handling, fairness risks and gaps that would undermine defensibility.

We then conduct a full mock assessment that mirrors the formal process – reviewing anonymised or appropriately protected case files, examining how evidence and interviews are handled and testing reporting practice exactly as assessors will do. This exposes not only documentation gaps but practical weaknesses: compromised evidence, unfair process and findings that are not properly supported.

Clear, actionable remediation guidance enables focused improvement before formal assessment. Clients using Speeki’s pre-assessment support typically demonstrate sound capability while building stronger investigation practice that continues to deliver value afterward.

The final weeks before an ISO 37008 assessment require disciplined organisation of evidence – while protecting the confidentiality of live and past cases. Documentation should be ready for assessor access in an appropriately protected form – the investigations policy and procedures, case planning templates, evidence management protocols, interview practice, protection measures, confidentiality controls, training records and sample reports.

A clear reference matrix linking each element of ISO 37008 to supporting procedures and evidence helps assessors navigate the capability efficiently while respecting case confidentiality.

Assessment interviews should be planned with participants selected on their real responsibilities – typically an investigations or compliance lead, HR and legal staff, trained investigators and senior management providing oversight.

All participants should understand what assessors will examine. Expect detailed questions on how investigations are planned, how evidence is preserved, how interviews are conducted fairly, how those involved are protected and how findings are reported. Assessors value transparency and respond poorly to processes applied inconsistently. Acknowledging gaps and explaining corrective actions is more effective than overstating maturity.

Assessment effort increases with organisational size, case volume and the complexity of the matters typically investigated.

ISO 37008 assessment follows a structured process of planning, review and evaluation. The assessor first agrees the scope, then reviews the investigations policy, procedures and sample case records for alignment with the standard before evaluating how investigations are conducted in practice – while respecting case confidentiality.

An initial review identifies gaps in process, evidence handling or fairness that must be addressed before the assessor can complete the evaluation. Organisations then resolve these findings and confirm that supporting procedures are in place.

The evaluation phase examines the capability in detail – interviewing those who conduct investigations, reviewing appropriately protected case files and confirming that investigations are impartial, fair and defensible and that those involved are protected.

Following the evaluation, the assessor issues a statement on the capability’s alignment with ISO 37008. Organisations typically repeat assessment periodically to maintain credibility. Overall timelines depend on organisational size, case complexity and the maturity of existing practice.

To preserve assessment integrity, implementation support and independent assessment must remain separate. Speeki supports your investigations capability through expert training and technology enablement, strengthening capability without compromising assessor independence.

Speeki delivers focused ISO 37008 training programmes that build the skills needed to interpret the standard and conduct sound investigations – developing competence across compliance, HR, legal and investigations so organisations can run investigations internally without long-term consultant dependency.

Beyond training, organisations need systems that make investigations consistent, secure and auditable at scale. The Speeki Engage® platform provides case management designed around the ISO 37008 lifecycle. The platform:

• structures investigation planning and case management
• manages evidence with secure, controlled access
• tracks tasks, interviews and timelines
• protects confidentiality and the rights of those involved
• maintains complete, tamper-evident audit trails
• documents competence and training
• supports objective, well-structured reporting of findings

Controlled access and audit trails reduce the risk of compromised evidence, inconsistent process or breaches of confidentiality that undermine findings. Together, training that builds internal capability and technology that enables secure case management provide a strong foundation for ISO 37008 and defensible investigations.

ISO 37008 assessment uses structured methodologies, which makes pricing comparable across providers. The main cost drivers are daily assessor rates – which vary by provider, expertise and region – combined with the total effort required, shaped by organisational size and case complexity.

Assessment effort is influenced by employee numbers, the number and location of sites, the volume of cases and the complexity of the matters typically investigated. A small organisation with few cases requires less effort; a large multinational handling complex cross-border investigations requires more.

Beyond assessment fees, organisations should budget for related investments such as:

• ISO 37008 training for investigators and case handlers
• secure case-management and evidence technology where current arrangements are weak
• the Speeki Engage® platform when replacing manual or ad-hoc case handling

Ongoing costs include periodic reassessment to maintain credibility. Many organisations find that consistent, defensible investigations reduce legal exposure and disputed outcomes in ways that far outweigh the investment. Requesting detailed quotations early allows accurate effort estimation and realistic budgeting.