Portfolio

Secure Incident Reporting & Whistleblowing Platform

A UK-based organization was operating informal, paper-based reporting channels that provided no anonymity, no consistency, and no regulatory compliance. Genuine concerns went unreported, incidents were handled inconsistently, and growing exposure under UK whistleblowing law, GDPR, and safeguarding obligations demanded urgent action.
We built a dual-environment Microsoft Power Pages whistleblowing platform, a public anonymous reporting channel requiring no login, and a secure internal case management portal with strict Dataverse RBAC for authorized investigators. Every incident follows a governed lifecycle with mandatory audit notes, role-restricted transitions, and immutable logs, compliant with the UK Whistleblowing Act, GDPR, and safeguarding standards by design.
Portal & UX
Power Pages (Anonymous Public + Authenticated Internal)
Data Platform
Dataverse (Secure Storage + Immutable Audit Logs)
Automation
Power Automate (Routing, Escalation, Notifications)
Compliance
UK GDPR · Whistleblowing Act · Safeguarding Standards

The Challenge

  • No anonymous reporting — phone & paper exposed identities, causing widespread underreporting.
  • No incident system — inconsistent handling, no tracking, no escalation, no accountability.
  • Non-compliant — UK Whistleblowing Act, GDPR & safeguarding obligations unmet.
  • No audit trail — nothing compliant for regulators or legal teams on demand.
  • Uncontrolled access — sensitive reports visible to unauthorized staff.
  • No public channel — org logins blocked external reporters entirely.
  • No routing — incidents only reached investigators if manually forwarded.

Our Solution

  • Anonymous Reporting — No Login Required : Submit via URL — no credentials needed. Anonymity enforced at architecture level.
  • Two-Layer RBAC Security : Web Roles at front end, Dataverse Security Roles at data level — no bypass at any layer.
  • Governed Incident Lifecycle : New → Open → Under Investigation → Closed — mandatory notes, role-restricted transitions.
  • Power Automate Routing & Escalation : Auto-routed by type and severity; escalation triggered if unactioned beyond set thresholds.
  • GDPR & Safeguarding Compliance : Data minimization, access logging, and retention built in — UK Whistleblowing Act aligned.
  • Secure Evidence & Investigation Notes : Timestamped, append-only, role-controlled — tamper-proof and permanently retained.

Business Impact

  • Genuine anonymity enforced by platform architecture — not just policy
  • Incidents reach the right investigator within minutes of submission
  • Immutable audit logs satisfy UK regulatory and legal scrutiny
  • GDPR, whistleblowing, and safeguarding compliance achieved by design
  • Uncontrolled internal access to sensitive reports fully eliminated
  • Leadership has real-time visibility into incident volumes and response times

Client Testimonial

The platform gave us a secure way to receive anonymous reports while maintaining strict access control internally. Automated workflows and audit-ready tracking significantly improved our response times and governance. – Head of Safeguarding & Compliance

Project Screenshots

Our Successfully Completed Projects

Here are our most successful projects completed by our dedicated offshore Indian programmers.

Load More

Transform Your Ideas into Reality

Your creativity inspires endless possibilities for what we can build together!
Talk to our experts
Artesian-white-logo
© 2025 artesian.io All rights reserved.

Artesian

Artesian is a strategic consultancy founded in 2012, combining creative design thinking with agile software development. We build impactful digital products and platforms for startups and enterprises worldwide, delivering award-winning solutions through a unified, expert approach.
Read More About Us

Quick Links

Contact Us

Our Services

Scroll to Top