University has opened a channel for breach reporting

From last September, it was possible to report breaches at the university by emailing vihje@ut.ee. Now, the internal reporting channel of the University of Tartu in FaceUp can be used to send breach reports confidentially and, if requested, anonymously. It is no longer possible to report by email. The university gives feedback to and communicates with the reporting person via the reporting channel.

In the autumn, the university started to look for a solution that would allow submitting breach reports securely and anonymously, if requested. After a thorough analysis and consideration by the Internal Audit Office, the university chose FaceUp for its internal reporting channel. FaceUp is a platform of the Czech company FaceUp Technology s.r.o., and it is used by many renowned companies worldwide.

“When searching for the solution, we also considered creating our own environment or using an existing freeware solution, but the decision was based primarily on the independence of the external partner and their experience in creating secure systems,” said Kairi Kork, Head of Internal Audit.

The internal reporting channel is intended for reporting situations that, for some reason, cannot be resolved in the traditional way within the team or unit or with the immediate supervisor. “It should be emphasised, however, that the university does not expect reports about people’s personal problems or misunderstandings arising from everyday relationships. The internal reporting channel is not intended for reporting study-related complaints or personal data breaches. What we consider a breach is a work-related act or omission that is clearly illegal or conflicts with the university’s procedures or good practices,” Kork explained.

In the interests of transparency, the university will give notice of receiving the breach report to individuals significantly affected by the report – particularly those implicated in the report – at the end of the proceedings at the latest. They will not be informed only in case of exceptional circumstances. The relevant decision and reasons are documented.

“We hope that the system will help protect the university’s values and principles and give our members the opportunity to find a way out of a seemingly hopeless situation,” Kairi Kork added.

The principles and procedures of the internal reporting channel are governed by the Internal Auditing Rules. Read further on how to use the reporting channel, what to consider when making a breach report and what happens after sending the report on the university’s website ut.ee/en/reporting-channel.

University staff or students who want to provide feedback on the internal reporting channel or suggest improvements are asked to contact the Head of Internal Audit Kairi Kork.