Security and Infrastructure
Reports and whistleblowers’ safety
In addition, to protect the identity of the whistleblower and the content of the report:
Transmission of the digital fingerprint of the message (hash) to the whistleblower e-mail, ensuring the unchangeability of the reports.
Login with smart card.
- Access regulated in accordance with the privacy policy (password complexity and change);
Software safety and infrastructure
Delivered by DigitalPA dedicated Servers: Maximum data security and protection at the highest levels, guaranteed by the DigitalPA ISO 27001/2014 certification and by the certified server farm infrastructure ISO 27001/2014;
OWASP tested (Open Web Application Security Project) – Testing on the system vulnerability and safety through “best practices”;
- Integrated Firewall Hardware and Software: Each platform has an integrated firewall with very strict rules, which limit accesses and actions to the software. The firewalls integrate and enhance security;
IP blocking: Limited access to client’s IP addresses list. The platform can then be accessed from the internet or exclusively from the intranet;
SSL Certificate: Whistleblowing is only accessible through HTTPS (Secure Sockets Layers);
IP and SSL Certificate: dedicated for each customer;
User input validations: the platform is built with a user validation – based approach. Through extremely strict rules the user input is verified both at a client/server level;
SRF Prevention: all requests managed by the platform are protected by CSRF token;
Compliant with ISO 37301 and ISO 37001 standards dedicated to compliance and anti-corruption management systems.
