Security and Infrastructure

Reports and whistleblowers’ safety

Asymmetric cryptography on textual contents and attachments

Encryption does not require specific actions by the anti-corruption supervisor or by the whistleblower or any interventions by system administrators. The cryptographic system guarantees that messages and their attachments can only be read by the sender and recipient through the pairing of the public and private cryptographic key.

In addition, to protect the identity of the whistleblower and the content of the report:

  • Transmission of the digital fingerprint of the message (hash) to the whistleblower e-mail, ensuring the unchangeability of the reports.

  • Login with smart card.

  • Access regulated in accordance with the privacy policy (password complexity and change);
Security Legality Whistleblowing

Software safety and infrastructure

  • Delivered by DigitalPA dedicated Servers: Maximum data security and protection at the highest levels, guaranteed by the DigitalPA ISO 27001/2014 certification and by the certified server farm infrastructure ISO 27001/2014;

  • OWASP tested (Open Web Application Security Project) –  Testing on the system vulnerability and safety through “best practices”;

  • Integrated Firewall Hardware and Software: Each platform has an integrated firewall with very strict rules, which limit accesses and actions to the software. The firewalls integrate and enhance security;

  • IP blocking: Limited access to client’s IP addresses list. The platform can then be accessed from the internet or exclusively from the intranet;

  • SSL Certificate: Whistleblowing is only accessible through HTTPS (Secure Sockets Layers);

  • IP and SSL Certificate: dedicated for each customer;

  • User input validations: the platform is built with a user validation – based approach. Through extremely strict rules the user input is verified both at a client/server level;

  • SRF Prevention: all requests managed by the platform are protected by CSRF token;

  • Compliant with ISO 37301 and ISO 37001 standards dedicated to compliance and anti-corruption management systems.

infrastructure-security-whistleblowing-software

Whistleblowing Software is offered with no licensing fees.

Contact us for a overview of the security features and protocols applied to the system