whistleblower-protection-policy
Drafts a U.S. whistleblower-protection policy for corporate and nonprofit organizations. Triggers when the user needs a whistleblower policy, retaliation-prohibition clause, hotline-reporting framework, compliance-ethics policy, or governance document addressing SOX, Dodd-Frank, OSHA, or state whistleblower statutes.
Best use case
whistleblower-protection-policy is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Drafts a U.S. whistleblower-protection policy for corporate and nonprofit organizations. Triggers when the user needs a whistleblower policy, retaliation-prohibition clause, hotline-reporting framework, compliance-ethics policy, or governance document addressing SOX, Dodd-Frank, OSHA, or state whistleblower statutes.
Teams using whistleblower-protection-policy should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/whistleblower-protection-policy/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How whistleblower-protection-policy Compares
| Feature / Agent | whistleblower-protection-policy | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Drafts a U.S. whistleblower-protection policy for corporate and nonprofit organizations. Triggers when the user needs a whistleblower policy, retaliation-prohibition clause, hotline-reporting framework, compliance-ethics policy, or governance document addressing SOX, Dodd-Frank, OSHA, or state whistleblower statutes.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Whistleblower Protection Policy Produces a board-adoptable whistleblower policy with fill-in placeholders and U.S. compliance guardrails for public, private, and nonprofit entities. ## Quick Start Gather before drafting: 1. **Org profile** — legal name, entity type (public/private/nonprofit), governing state, reporting contacts. 2. **Statute applicability** — SOX, Dodd-Frank, OSHA, False Claims Act, state statutes. 3. **Governance stack** — existing code of conduct, handbook, grievance/investigation policies. 4. **Administration model** — who receives reports, investigates, and oversees outcomes. 5. **Channel preferences** — email, portal, hotline, written/verbal; tone and length targets. 6. **Adoption mechanics** — signatory roles, effective-date process, review cadence. If any input is missing, emit a short clarifying checklist before drafting. ## Policy Sections (fixed order) | # | Section | Required Content | |---|---------|-----------------| | 0 | Title block & version | Org name, version, effective date, scope entities | | 1 | Introduction & commitment | Scope statement, non-retaliation promise, protected intent | | 2 | Covered concerns | Serious-misconduct taxonomy, explicit non-coverage examples | | 3 | Reporting procedures | Normal path, override path, anonymous option, channel placeholders | | 4 | Investigation & resolution | Triage, assignment, timeline expectations, reporter updates | | 5 | Anti-retaliation | Strict prohibition, protected-conduct examples, sanctions | | 6 | Confidentiality & limits | Need-to-know bounds, legal exceptions, expectation management | | 7 | Good-faith reporting | Reasonable-belief standard (no certainty burden), bad-faith consequences | | 8 | Administration & governance | Board/committee roles, secure records, training, periodic review | | 9 | External legal rights | Supplement-not-replace, no internal-prerequisite condition | | 10 | Adoption & effective date | Board resolution, signature block, supersession language | ## Required Placeholders Use exactly these tokens: - `[Organization Name]`, `[State of Formation]`, `[Board Chair]`, `[Executive Director/CEO]` - `[Primary Contact]`, `[Alternative Contact]`, `[Hotline URL/Number]` - `[Adoption Date]`, `[Effective Date]`, `[Review Cycle]` ## Citation Discipline - Reference statutes only when clearly supported by entity type and jurisdiction. - Tag uncertain scope with `[VERIFY]` and request jurisdictional confirmation. - Always verify: SOX §806 applicability, Dodd-Frank retaliation channels, OSHA/state overlap. ## Output Format - Numbered sections with clear headings. - Prose-first; bullets only where needed (max 5 per section). - End each section with implementation-ready fill-ins, not drafting notes. - Close with signature block for Board Chair and CEO/Executive Director. ## Pitfalls & Checks - **Never** state that internal reporting is a legal prerequisite for external agency filing. - Branch public-company vs. nonprofit/private language where statute relevance differs. - Distinguish anti-frivolous-reporting language from negligent or honest mistakes. - Protect good-faith reporters regardless of substantiation outcome. - Set explicit confidentiality limits: need-to-know, lawful disclosure, legal process, audit/defense. - Require annual or semiannual review, training completion, and board reporting metrics. - End with disclaimer: "This policy is internal guidance and does not replace legal counsel for specific rights."
Related Skills
whistleblower-policy
Drafts board-adoptable whistleblower protection policies for public companies and non-profits. Covers SOX, Dodd-Frank, and state statute compliance, reporting channels, investigation procedures, anti-retaliation, and governance oversight. Use when drafting whistleblower policies, ethics reporting procedures, or compliance programs.
unclaimed-property-policy
Drafts an enterprise Escheatment and Unclaimed Property Policy covering property identification, dormancy matrices, due diligence notices, NAUPA-format reporting, remittance, recordkeeping, and audit preparedness across all US state jurisdictions. Use when establishing or updating an unclaimed property compliance framework, preparing for state audits, or evaluating voluntary disclosure programs.
related-party-transaction-policy
Drafts a board-adoptable Related Party Transaction Policy for U.S. corporations governing identification, Audit Committee review, approval, and disclosure of related party transactions. Enforces SEC Item 404(a)/Regulation S-K compliance and stock exchange listing standards. Use when creating or updating RPT policies for public or private companies, or when drafting corporate governance documents addressing conflicts of interest.
reg-bi-policy
Drafts board-ready Suitability and Best Interest policies for broker-dealers under FINRA Rule 2111 and SEC Regulation Best Interest (Reg BI). Covers the four Reg BI component obligations, suitability framework, Form CRS integration, supervision, and recordkeeping. Use when drafting Reg BI compliance policies, suitability procedures, or best interest obligation frameworks for financial services firms.
promo-materials-review-policy
Drafts an internal Promotional Materials Review Policy for life sciences and pharmaceutical companies under FDA oversight. Covers promotional review committee structure, fair balance requirements, substantiation standards, off-label prohibitions, recordkeeping, training, and auditing. Use when creating FDA promotional compliance governance frameworks, pharma advertising policies, or promotional review committee charters.
policy-summary
Summarizes policy documents, regulations, and legislative materials into structured briefings with compliance insights. Triggers when the user needs a policy summary, regulatory overview, legislative breakdown, or compliance briefing from uploaded policy materials.
policy-manual
Generates structured policy manual summaries that distill complex legal policies and compliance guidelines into employee-facing reference documents organized by functional area. Use when creating compliance manuals, employee policy guides, regulatory summaries, onboarding compliance materials, or organizational procedure handbooks.
policy-brief
Generates structured public policy briefs analyzing legislation across economic, social, legal, and implementation dimensions. Use when drafting legislative impact analyses, policy summaries, regulatory briefs, or government affairs memoranda for lawmakers, lobbyists, or civic organizations.
insurance-policy-summary
Produces structured, citation-backed summaries of U.S. insurance policies, endorsements, claims files, and coverage correspondence for coverage analysis and insurance litigation. Use when summarizing policies, declarations, claims files, reservation-of-rights letters, denial letters, or coverage disputes.
insider-trading-policy
Drafts a U.S. financial-services insider trading policy covering MNPI definitions, preclearance, blackout windows, 10b5-1 plan governance, restricted/watch lists, reporting, and enforcement. Use when creating or updating insider trading policies for broker-dealers, investment advisers, or investment companies. Triggers: insider trading policy, 10b5-1 plan, preclearance, restricted list, blackout period, Reg FD, MNPI.
information-security-policy
Drafts a board-approvable Information Security Policy covering data classification, access controls, encryption, incident response, breach notification, and enforcement. Tailored by industry and regulatory environment (HIPAA, GDPR, CCPA, GLBA, FERPA, PCI DSS). Use when drafting or overhauling an organization's foundational information security governance framework or cybersecurity policy.
incident-to-billing-policy
Drafts Medicare incident-to billing compliance policies for healthcare practices. Covers eligibility criteria, direct supervision, documentation standards, audit programs, and FCA risk mitigation under 42 CFR 410.26, Medicare Benefit Policy Manual Ch. 15 §60.1, and 42 U.S.C. §1395x(s)(2)(A). Use when creating or updating incident-to policies, responding to OIG scrutiny, or establishing NPP billing compliance programs.