Security and Infrastructure

Reports and whistleblowers’ safety

In addition, to protect the identity of the whistleblower and the content of the report:

  • Transmission of the digital fingerprint of the message (hash) to the whistleblower e-mail, ensuring the unchangeability of the reports.

  • Login with smart card.

  • Access regulated in accordance with the privacy policy (password complexity and change);
Security Legality Whistleblowing

Software safety and infrastructure

  • Delivered by DigitalPA dedicated Servers: Maximum data security and protection at the highest levels, guaranteed by the DigitalPA ISO 27001/2014 certification and by the certified server farm infrastructure ISO 27001/2014;

  • OWASP tested (Open Web Application Security Project) –  Testing on the system vulnerability and safety through “best practices”;

  • Integrated Firewall Hardware and Software: Each platform has an integrated firewall with very strict rules, which limit accesses and actions to the software. The firewalls integrate and enhance security;
  • IP blocking: Limited access to client’s IP addresses list. The platform can then be accessed from the internet or exclusively from the intranet;

  • SSL Certificate: Whistleblowing is only accessible through HTTPS (Secure Sockets Layers);

  • IP and SSL Certificate: dedicated for each customer;

  • User input validations: the platform is built with a user validation – based approach. Through extremely strict rules the user input is verified both at a client/server level;

  • SRF Prevention: all requests managed by the platform are protected by CSRF token;

  • Compliant with ISO 37301 and ISO 37001 standards dedicated to compliance and anti-corruption management systems.

infrastructure-security-whistleblowing-software

Whistleblowing Software is offered with no licensing fees.

Contact us for a overview of the security features and protocols applied to the system