When organisations talk about protected disclosures, the focus often sits on policies, training sessions and high-level governance statements. All of these matter, but one of the most practical and revealing parts of the Ombudsman’s “Protected disclosures – internal policies and procedures – July 2022” guidance is the section outlining best practice PDA policy and procedures, detailed in Appendix 1.
This section acts as a reality check. It moves beyond theoretical obligations and forces organisations to consider how their processes would function in practice, across real people, real incidents and real organisational pressures.
What This Section Is Designed to Achieve
The best practice PDA policy and procedures guidance isn’t complicated, but it is thorough. It sets out the essential elements of an effective protected disclosure system and encourages organisations to evaluate themselves honestly. While most workplaces claim to support speaking up, this section exposes gaps that are easy to overlook. It prompts organisations to consider whether:
- Staff genuinely understand how to make a protected disclosure.
- People know what “serious wrongdoing” means in practical terms.
- Reporting channels are clear, accessible and suitable for different situations.
- Procedures are published, explained and regularly reinforced.
- Receivers understand their responsibilities and obligations.
- Confidentiality protections are both strong and realistic.
- There is a reliable process for acknowledging disclosures and updating the discloser.
- Investigations are consistent and properly documented.
- Policies and procedures are reviewed regularly to reflect organisational change.
These points go beyond compliance. They test whether the organisation has created a system that staff will actually trust and use.
Why This Guidance Matters
When organisations review their protected disclosure procedures without a structured benchmark, they often overestimate their readiness. The best practice PDA policy and procedures section brings discipline and clarity into the process.
It highlights weaknesses that often remain hidden until a disclosure occurs — by which point flaws become painfully obvious. These may include:
- Staff who have never been shown how or where to raise concerns.
- Managers acting as receivers without understanding their obligations.
- Policies that exist but are buried, outdated or poorly communicated.
- Cultural signals that unintentionally discourage reporting.
- Gaps in confidentiality that expose staff to risks.
- Poor documentation or inconsistent investigation outcomes.
This guidance provides a structured way to identify and resolve these weaknesses before they result in reputational or operational damage.
Turning the Guidance Into Action
Using the best practice policy and procedures section effectively requires more than reading it and moving on. Organisations should treat it as a diagnostic framework that informs improvement planning. The strongest approach includes:
1. A cross-functional review
Protected disclosures affect HR, legal, risk, ICT, people leaders and governance. Reviewing this section collaboratively provides a more complete picture of the organisation’s readiness.
2. Independent oversight
Internal teams may naturally overlook blind spots. Many organisations now ask external forensic-capable providers to independently assess their procedures against best practice.
3. Testing the process
After identifying gaps, run a simulated disclosure from start to finish. This quickly reveals unclear responsibilities, weak documentation and communication failures.
4. Reinforcing responsibilities for receivers
The guidance sets clear expectations for people receiving disclosures. These responsibilities need to be properly understood and reinforced, not assumed.
5. Regular review cycles
The guidance emphasises that protected disclosure procedures must be revisited regularly. As organisations grow or restructure, their processes need to evolve with them.
Why Independent Channels Strengthen Best Practice
While the best practice PDA policy and procedures section provides a strong framework, many organisations still face the challenge of staff trust. Even when internal procedures meet all expectations, employees may hesitate to raise concerns with someone inside the organisation.
Independent reporting channels provide an answer. They help organisations meet best practice standards by offering:
- A neutral reporting path without internal bias.
- Secure and confidential intake processes.
- Anonymity where appropriate.
- Proper evidence handling and forensic readiness.
- Clear workflows and audit trails that ensure consistency.
When paired with strong internal policies, independent channels significantly increase the likelihood that people will raise concerns early — which is the entire purpose of the Protected Disclosures Act.
Final Word
The best practice PDA policy and procedures, detailed in Appendix 1 of the Ombudsman’s “Protected disclosures – internal policies and procedures” guide, offer one of the most practical tools available for assessing whether an organisation’s protected disclosure system is truly effective.
Used properly — and supported with genuine cultural commitment and, where appropriate, independent reporting options — these procedures turn a policy document into a functioning, trusted system that protects people and reduces organisational risk.
Whistleblowers 