Send a report with the outmost confidentiality.
Learn more
Useful Links
What to report

Confidentiality and security notes

Further information - Notes on confidentiality

The report can be accessed exclusively by you and the Anti-Corruption Ethics Committee. This platform allows you to submit a report in a secure and confidential manner.

Anonymous reports, i.e., those made without identification of the whistleblower, may also be taken into account, provided that they are adequately substantiated and made in extensive detail, i.e., when they are able to bring to light facts and situations relating them to specific contexts.

Confidential Report: a confidential report is one in which the reporter is identifiable. Confidential reports require the user to first register; once the account has been created, the user can submit the report. It is possible to submit a confidential report even without creating an account, by filling in the report form from the “Report without registration” section (if present) and indicating your personal data at the end of the form. The data of the reporter are separated from the report, so the confidential report is sent to the members of the Anti-Corruption Ethics Committee in an anonymous manner. Only members of the Anti-Corruption Ethics Committee are able to associate the report with the data of the whistleblower and thus view their identity.

Anonymous Reporting: anonymous reports do not allow the report to be associated with the name of the reporter, as the name of the reporter does not exist. In this case, the reporter is not obliged to register with the system and can submit the report as a non-registered user in the “Report without registration” section, if present.

This platform guarantees information security and confidentiality: all the content you enter, including your identity, is encrypted and can only be read by you and the recipient(s) of the reports (Anti-Corruption Ethics Committee).

Once the report has been submitted, you can follow its progress and continue to communicate with the Anti-Corruption Ethics Committee through the message area associated with the report. Again, in this case, all information is encrypted and protected by the platform. If you have provided an email address (or if you have registered), you will be notified by email when a message is sent to you. In any case, we recommend that you periodically access your report to check for any requests for clarification from the Anti-Corruption Ethics Committee. For the sake of confidentiality, we advise you not to use a corporate email address.

If you have indicated your name, or if you submit the report as a registered user, your identity also remains hidden from the Anti-Corruption Ethics Committee, which will however be able to view it if it deems it necessary. In this case you will be informed by a notice within the report. For increased confidentiality, we suggest:

• not including any personal data that may be traced to your identity in the description of the reported incident.

• not using a corporate email address for registration or to receive notifications from the system.

• not sending a report from your workstation.

Infrastructure and security

Whistleblowing management software, in line with regulatory requirements, guarantees high levels of security both for the whistleblower and in terms of infrastructure.

Security of the whistleblower and reports

  • Asymmetric encryption on text content and attached files: encryption does not require specific actions by users. The cryptographic system ensures that messages and their attachments can only be read by the sender and recipient through the matching of the “public and private cryptographic key”.
  • Possibility of access via smart card.
  • Privacy-regulated access: access to reports is only allowed with credentials (for registered users) or by entering the codes associated with the report (for non-registered users).

Application security

Separation of the report from the identity of the reporter: as provided for in ANAC Determination no. 6 of 28 April 2015, Part III, ch. 2. The confidentiality of the reporter is further guaranteed by the application, which provides for a clear separation of the registration process from the reporting process, for a proper separation of data; the name of the reporter is not indicated in the report sent. This is without prejudice to the possibility for the person in charge to activate the procedure by which the system associates the identity of the reporter with the report, providing reasons for the request, when deemed necessary and in the cases provided for by regulations. This action is automatically notified to the reporter and recorded in the system.

DigitalPA dedicated servers: maximum data protection and security levels, guaranteed by both DigitalPA ISO 27001/2014 certification and the ISO 27001/2014-certified server farm infrastructure.

Integrated hardware and software firewall: each platform has an integrated firewall with strict rules, limiting access and actions to software-only tasks; firewalls integrate and further enhance security.

SSL certificate: the whistleblowing software is only accessible via HTTPS (Secure Sockets Layer) access.

Dedicated IP and SSL certificate for each client.

User input validation: the platform is based on a user input validation approach. The user is verified at both client and server level with extremely strict rules.

CSRF prevention: all requests handled by the platform are protected by CSRF tokens.

 

Information
Whistleblowing Policy Privacy Policy Cookie Policy Faq
S.A.C.B.O. S.p.A.
Via Orio al Serio 49/51, 24050 Grassobbio(BG)
V.A.T. 00237090162 - Phone n. +39 035/326.314 – 035/326.366
BGY International Services Srl
Via Orio al Serio 49/51, 24050 Grassobbio(BG)
V.A.T. 04158360166 - Phone n. +39 035/326.314 – 035/326.366
Segnalazioni Illeciti Whistleblowing
Powered by DigitalPAAll rights reserved © 2024