Send a report with the outmost confidentiality.

Reservation notes

Infrastructure and security

The management software of Whistleblowing, in line with the law, guarantees the highest levels of security both for the whistleblower and in relation to infrastructure.

Security of the whistleblower and of the reports

  • Asymmetric encryption on textual contents and attachments: the encryption does not require specific actions from the users. The cryptographic system ensures that both the messages and the attachments can only be read by the sender and by the recipient, through the combination of a "public and private cryptographic key".

  • Login with smart card.

  • Access regulated in accordance with the privacy legislation: the access to the reports is allowed only through the insertion of credentials (for registered users) or by entering the codes that are associated to the report (for unregistered users).

Application security

Separation of reporting the identity of the whistleblower: as provided in the ANAC Determination number 6 of April 28th, 2015, part III, Chapter 2. The secrecy of the identity of the whistleblower is guaranteed by the application, that separates the process of registration from the process of the insertion of a report, for a proper separation of data; in the report, in fact, the name of the whistleblower is not shown. The Supervisor has the possibility to activate the procedure through which the system connect the identity of the whistleblower to the report, when this is considered necessary and in cases provided by law; the Supervisor must insert a motivation for his request to reveal the identity of the whistleblower. This action is automatically notified to the whistleblower by the application and is registered in the system logs.

DigitalPA dedicated servers: maximum data protection and security levels, guaranteed both by DigitalPA and by the server farm infrastructure, both certified under ISO 27001/2014.

Integrated hardware and Software Firewalls: every platform has an integrated firewall with strict rules, which limit the accesses and the actions exclusively to the tasks that the user must perform with the software; the integration of the different firewalls enhances the security even further.

SSL certificate: the whistleblowing software is accessible exclusively via HTTPS access (Secure Sockets Layer).

Dedicated IP and SSL Certificate for each client.

User input validation: the platform is based on an approach of the validation of the input of the user. Through extremely rigid rules, the user is verified both at the client and at the server level.

CSRF Prevention: all requests managed by the platform are protected by CSRF token.