top of page

Overview

Spotlight Investigations provides specialist Internal Investigations services aligned with ISO 37008, supporting organisations in managing allegations of misconduct, regulatory breaches, and complex corporate issues in a structured, lawful, and defensible manner.

This service should be read in conjunction with our Corporate & Workplace Investigations and Employee Vetting services, ensuring a comprehensive approach to internal investigations across all organisational levels.

In addition to operating to ISO 9001 and ISO 27001 standards, our ISO 37008-aligned service supports organisations in establishing and conducting investigations that are independent, consistent, and compliant with legal and regulatory requirements.

Data Protection.jpg
Bribery.jpg
Sustainability.jpg
Money Laundering.jpg

Scope of ISO 37008 Internal Investigations

Our ISO 37008 Internal Investigations services may include:

  • Independent investigation of alleged misconduct or wrongdoing

  • Investigations relating to GDPR and data protection breaches

  • Anti-Money Laundering (AML) and financial irregularity enquiries

  • Bribery, corruption, and regulatory compliance matters

  • Employment-related investigations and internal disputes

  • Supplier, third-party, and governance-related investigations

  • Support for ESG and Corporate Sustainability Reporting Directive (CSRD) obligations

 

We support both single-jurisdiction and multi-jurisdiction investigations, depending on the nature of the instruction.

ISO 37008 Framework & Principles

ISO 37008 provides a structured framework for conducting internal investigations. Our approach aligns with key principles, ensuring investigations are:

  • Independent

  • Confidential

  • Conducted by skilled professionals

  • Objective and impartial

  • Carried out in accordance with applicable laws

 

This framework supports organisations in maintaining consistency, transparency, and accountability across all stages of an investigation.

Professional & Organisational Value

ISO 37008-aligned investigations support organisations by:

  • Enhancing the quality and consistency of investigations

  • Supporting compliance with legal and regulatory requirements

  • Strengthening governance, transparency, and accountability

  • Reducing exposure to legal, regulatory, and reputational risk

  • Supporting effective responses to complex or high-risk issues

  • Reinforcing organisational integrity and stakeholder confidence

 

Structured investigations can improve both efficiency and defensibility, particularly in sensitive or complex matters.

Typical Instructions

  • Allegations of misconduct or regulatory breaches

  • GDPR/data protection incidents and investigations

  • AML, fraud, bribery, or corruption concerns

  • ESG and CSRD-related enquiries

  • Complex internal or cross-border investigations

  • High-risk matters requiring independent oversight

Leadership & Oversight

Spotlight Investigations’ Internal Investigations service is led by our In-House Solicitor, who serves as Head of Regulation & Compliance, Head of Serious Fraud Investigations, and Data Protection Officer.

This ensures that all investigations are conducted with appropriate consideration of legal, regulatory, and governance requirements.

Compliance, Licensing & Ethics

All investigations are conducted in accordance with:

  • ISO 37008 Internal Investigations principles

  • Irish law and applicable international legal frameworks

  • GDPR and Data Protection Act 2018

  • Private Security Authority (PSA) licensing requirements

 

Investigations are:

  • Lawful and proportionate

  • Independently conducted

  • Confidential and secure

  • Structured to withstand legal and regulatory scrutiny

 

A copy of our ISO 37008 Policy Manual is available to clients on request.

What is ISO 37008?

ISO 37008 is an international standard providing guidance on the conduct of internal investigations within organisations.

Do all organisations need ISO 37008?

While not mandatory, it provides a recognised framework for conducting structured and defensible investigations, regardless of organisation size.

How does this differ from workplace investigations?

ISO 37008 provides a broader governance framework covering all types of internal investigations, including regulatory, financial, and cross-border matters.

Can you conduct the entire investigation?

Yes. We can advise, support, or conduct investigations in full, depending on the instruction.

FAQs

bottom of page