Management regulations for whistleblowing reports

1. INTRODUCTION

The Whistleblowing institute consists of the possibility given to employees, as well as other parties involved, to report potential crimes and irregular conduct committed against the organization, hereinafter the "Company".

The purpose of this Regulation is to regulate the procedure for managing reports of offenses and to make known the methods with which the body, hereinafter the "Company", guarantees the protection of the whistleblower, so-called. whistleblower, provided for by current legislation on the matter.

The society CARTELLI SEGNALATORI CF: 07803080154 is a company that operates in a context open to competition, in the sector [SETTORE].

The Company has appointed a Corruption Prevention and Transparency Manager (the "R.P.C.T.") (e.g. whose name and references are published on the Company's institutional website).

Pursuant to Legislative Decree 8 June 2001, n. 231, and subsequent amendments, (“Discipline of the administrative liability of legal persons, companies and associations even without legal personality, pursuant to article 11 of law no. 300 of 29 September 2000”) (the “Legislative Decree 231/2001”) and further regulations on the matter, the Company has adopted both a Code of Ethics and Conduct and subsequent updates (the “Code of Ethics”) and an Organisation, Management and Control Model and subsequent updates (the “M.O.G.”) and has appointed a collegial Supervisory Body (the “O.D.V.”) for the exercise of the functions referred to in Legislative Decree 231/2001.

2. WHAT YOU CAN REPORT

Legislative Decree no. 24/2023 establishes that information on violations, including well-founded suspicions, of national and European Union regulations which harm the public interest or the integrity of the public administration or the private entity committed within the organizational scope of the entity with which the reporting party has legal relationships and of which he has become aware.

By way of example, the following may be the subject of the report:

1. Violations of national law;

2. Administrative, accounting, civil or criminal offenses;

3. Significant illicit conduct pursuant to Legislative Decree 8 June 2001, n. 231;

4. Breaches of EU law;

5. Acts or omissions that harm the financial interests of the European Union;

6. Acts or omissions concerning the internal market, which compromise the free movement of goods, people, services and capital.

Furthermore, all those elements that concern conduct aimed at concealing the violations themselves can be the subject of the report.

All information that appears clearly unfounded, in the public domain or acquired through "rumor" is excluded from the objective scope.

3. WHO CAN REPORT

The provisions of Legislative Decree 24/2023 apply to reporting persons who report, report to the judicial or accounting authority or publicly disclose violations of which they become aware within their work context.

In particular, the subjects who can report are: (the list must respect the subjects operating within the company)

1. Employed workers, including Workers whose employment relationship is governed by Legislative Decree no. 81/2015 o Workers who carry out occasional services;

2. Self-employed;

3. Self-employed workers who carry out their work for private sector entities;

4. Holders of a collaboration relationship;

5. Holders of a collaboration relationship referred to in art. 2 of Legislative Decree no. 81/2015. These are collaborations organized by the client which take the form of exclusively personal and continuous work, the methods of execution of which are organized by the client;

6. Freelance professionals and consultants who work for private sector entities;

7. Volunteers and interns, paid and unpaid;

8. Shareholders, natural persons, when present;

9. Persons with administrative, management, control, supervisory or representative functions.

The protections also apply if the report comes from:

• by those who do not have a legal relationship it has not yet begun;

• by the Candidates if the information on the violations was acquired during the selection process or in other pre-contractual phases;

• by those who are in the probationary period;

• following the dissolution of the legal relationship if the information on the violations was acquired during therelationship itself.

Pursuant to art. 3, paragraph 5, of Legislative Decree 24/2023, protection is recognized not only to the Reporter, but also to all those subjects who, however, could be the recipients of retaliation by virtue of the role assumed within the reporting process.

In particular, the protection measures referred to in Decree no. 24/2023 apply:

1. Facilitators;

2. People from the same working context with a family relationship up to the fourth degree and a stable emotional bond;

3. Work colleagues with a usual and current relationship in the same working context;

4. Entities owned by the person reporting or for which the person reporting works or that operate in the same work context.

4. REPORTS

4.1 REPORTING METHODS AND CHANNELS

As required by the decree, the reporting methods are as follows:

1. Internal channel: pursuant to art. 4 paragraph 2 of the Decree, the internal reporting channel can be managed both by a person or an office within the entity and by an external party. In both cases, the person who will manage the reports will be autonomous and adequately trained.

2. ANAC external channel: the Reporter can make an external report, using the external channel activated for this purpose at the A.N.A.C. pursuant to art. 7 of Legislative Decree 24/2023 and the A.N.A.C. Guidelines. 2023, where, at the time of its presentation, one of the following conditions provided for by the art. 6 of Legislative Decree 24/2023: has already made an internal report and it has not been followed up; fears that the report may lead to the risk of retaliation or that it may not be followed up effectively; believes that the violation may constitute an imminent or obvious danger to the public interest.

3. Public disclosure: the whistleblower may resort to public disclosure through the press or media, social media when: he has already made a report internally and/or to ANAC without receiving a response; fears that the report may lead to the risk of retaliation or that it may not be effectively followed up due to the specific circumstances of the specific case; believes that the violation may constitute an imminent or obvious danger to the public interest.

4. Report: the decree ultimately also recognizes the right of the whistleblower to report illegal conduct that can be considered as a crime directly to the competent authorities.

Reports can be made in written form, using IT methods using the appropriate platform, or in oral form.

Internal reports in oral form can be made through telephone lines or voice messaging systems or, at the request of the reporting person, through a direct meeting set within a reasonable time.

4.2 REPORT CONTENT

It is necessary for the report to be as detailed as possible in order to allow the competent parties to clarify the facts.

Furthermore, it is necessary that the report clearly contains:

• the personal details or other elements that allow the identification of the person to whom the reported facts can be attributed;

• the circumstances of time and place in which the reported event occurred;

• the description of the fact;

• attach documents that can provide elements of substantiation of the facts being reported;

• the indication of potential witnesses.

If the report is not adequately detailed, whoever manages the reports will be able to ask for additional elements from the reporter via the platform or even in person, if the reporter has requested a personal meeting.

Reports from which it is not possible to deduce the identity of the reporter are considered anonymous. Anonymous reports, where detailed, are equated with ordinary reports and treated sequentially in accordance with the provisions of this Regulation.

4.3 REPORTING PROCEDURE: THE WhistleBlowing IusPrivacy PLATFORM

The Company has established its own internal channel through the use of the IusPrivacy WhistleBlowing platform accessible from the website [WEBSITE URL], hereinafter "Reporting Platform", in which, in the specific section, the instructions for formulating and consulting reports are published .

5. PROTECTION OF THE REPORTER

The whistleblowing regulation provides for a body of measures aimed at protecting the whistleblower.

In detail, the aforementioned measures constitute:

• The protection of confidentiality aimed at the reporter, the facilitator, the person involved and the people mentioned in the report;

• Protection from possible retaliation adopted by the entity due to the reporting, public disclosure or complaint made and the conditions for its application;

• The limitations of liability with respect to the disclosure and dissemination of certain categories of information which operate under certain conditions.

5.1 Confidentiality

The identity of the reporting person and any other information from which one can, directly or indirectly, infer that identity cannot be and will not be revealed without the express consent of the reporting person to persons other than those competent to receive or follow up on the information. reports.

How the whistleblower's confidentiality is guaranteed:

• in the context of criminal proceedings, the identity of the whistleblower is covered by secrecy in the ways and within the limits established by Article 329 of the Code of Criminal Procedure;

• In the proceedings before the Court of Auditors, the identity of the reporting person cannot be revealed until the preliminary investigation phase is closed;

• as part of the disciplinary proceedings, the identity of the reporting person cannot be revealed. If the dispute is based, in whole or in part, on the report and knowledge of the identity of the reporting person is indispensable for the defense of the accused, the report will be used for the purposes of disciplinary proceedings only in the presence of the express consent of the reporting person to the revelation of one's identity.

In order to protect the identity of the reporter, the Company adopts strict security measures described in the specific section of the Reporting Platform.

The confidentiality of all those involved in the report is also guaranteed.

Confidentiality is guaranteed both in the case of internal and external reports, made orally through telephone lines or, alternatively, voice messaging systems or, at the request of the reporting person, through a direct meeting with the person handling the report.

The confidentiality of the whistleblower is protected even when the report reaches personnel other than those authorized and competent to manage the reports, to whom, in any case, they must be sent without delay.

The Decree provides only 2 hypotheses in which it is possible to reveal the identity of the reporter. In these cases, not only the express consent of the same is necessary but also a written communication of the reasons for such disclosure.

The two hypotheses:

1. in disciplinary proceedings where the disclosure of the identity of the whistleblower is essential for the defense of the person against whom the disciplinary charge is contested;

2. in proceedings initiated following internal or external reports where such disclosure is also indispensable for the purposes of the defense of the person involved.

5.2 PROTECTION OF ANONYMITY

To protect the whistleblower, the measure of anonymity is also envisaged, i.e. the identity of the whistleblower cannot be revealed without his express consent.

All those who receive or are involved in the management of reports are required to protect the confidentiality of this information.

5.3 PROTECTION FROM RETALIATION

The Decree provides, to protect the whistleblower, the prohibition of retaliation which is defined as "any behaviour, act or omission, even if only attempted or threatened, carried out as a result of the report, the complaint to the judicial authority or the public disclosure and which causes or may cause, directly or indirectly, unfair damage to the reporting person or to the person who filed the complaint" (Legislative Decree 24/2023, art. 2, paragraph 1, letter m).

The xxx company, in compliance with the regulatory provisions, will be an active part in preventing the manifestation of retaliatory measures such as by way of example and not exhaustively:

a) dismissal, suspension or equivalent measures;

b) demotion in rank or failure to promote;

c) change of functions, change of place of work, reduction of salary, modification of working hours;

d) suspension of training or any restriction of access to it;

e) notes of demerit or negative references;

f) adoption of disciplinary measures or other sanctions, including pecuniary ones;

g) coercion, intimidation, harassment or ostracism;

h) discrimination or otherwise unfavorable treatment;

i) failure to convert a fixed-term employment contract into a permanent employment contract, where the worker had a legitimate expectation of such conversion;

j) failure to renew or early termination of a fixed-term employment contract;

k) damage, including to the person's reputation, in particular on social media, or economic or financial prejudice, including loss of economic opportunities and loss of income;

l) insertion in improper listings on the basis of a formal or informal sectoral or industry agreement, which may result in the person being unable to find employment in the sector or industry in the future;

m) early termination or cancellation of the contract for the supply of goods or services;

n) cancellation of a license or permit;

o) request to undergo psychiatric or medical tests.

5.4. LIMITATION OF LIABILITY FOR REPORTERS

The art. 20 of the Decree regulates the extent of limitations of liability.

This measure operates only in cases where two conditions occur simultaneously:

1. The first requires that at the time of disclosure or disclosure there are reasonable grounds to believe that the information is necessary to discover the violation. The reporter, therefore, must believe that that information is indispensable to bring the violation to light;

2. The second condition, however, requires that the report, public disclosure or complaint has been carried out in compliance with the conditions set out in Legislative Decree no. 24/2023 to benefit from protection from retaliation.

Both conditions, as previously mentioned, must exist to exclude liability.

If satisfied, individuals who report, report or make a public disclosure do not incur any type of civil, criminal, administrative or disciplinary liability.

5.5 CONDITIONS FOR THE APPLICATION OF PROTECTIONS

The envisaged measures apply to whistleblowers when the following conditions are met:

• reporters must reasonably believe that the information on the reported violations is truthful (not suppositions, rumors or news in the public domain);

• the good faith of the reporter is protected even in the event of inaccurate reporting due to genuine errors (lack of knowledge of the legal rules);

• the reporting party must clearly indicate in the subject of the report that it is a whistleblowing report; there must be a close connection or consequentiality between the report and the unfavorable act directly or indirectly suffered by the reporter, to constitute retaliation;

• the report must be made in accordance with the provisions of Chapter II of the Legislative Decree. 24 of 2023 and described in the previous points 4.1, 4.2, 4.3.

6. PLATFORM OPERATION MANUAL

The instructions for formulating a report as well as how to consult them are reported in the specific section published on the web platform.

Privacy Policy for the Whistleblowing reporting system

With this document ("Information") the Data Controller, as defined below, wishes to inform you about the purposes and methods of processing of your personal data and the rights recognized to you by Regulation (EU) 2016/679 relating to the protection of natural persons, with regard to the processing of personal data as well as their free movement ("GDPR"). This Information may be integrated by the Data Controller if any additional services requested by you involve further processing.

1. DATA CONTROLLER

CARTELLI SEGNALATORI CF: 07803080154, via volta 1 Cusago 20047 (Milano), tel: 0290399017, email: alessandrabagnoli@cartelli.it

2. DATA PROTECTION OFFICER/DPO

Email: [RECAPITO DPO]

3. TYPES OF DATA PROCESSED

The processing activities carried out are aimed at acquiring the following personal data:

• Common data: personal data.

• Judicial data: data relating to crime reports and criminal convictions.

• Special data: if provided by the reporting party relating to health conditions, sexual orientation, trade union membership, religious beliefs, etc.
  
  

4. CATEGORIES OF INTERESTED PARTIES

The processing activities carried out are aimed at the following categories of interested parties: reporting person, reported persons, facilitators, subjects involved in the report.

5. PURPOSE OF THE PROCESSING AND CONDITION WHICH MAKES THE PROCESSING LAWFUL

to. Whistleblowing reporting system

Whistleblowing is an act through which an individual (reporter), often an employee of an organisation, reports or reports confidential information or illicit or incorrect behavior within the organization itself, or to a competent external authority, in order to make known the alleged illicit conduct of which he became aware due to his employment relationship with the Data Controller and committed by the subjects who in various capacities interact with the same reporting party, in order to carry out the necessary verification activities of the information covered by the report report.

Your personal data will be processed for the following purposes:

Purpose of the processing: i) for the fulfillment of obligations envisaged: by national and European laws and by provisions of supervisory and control bodies or by other authorities legitimized to do so, Legislative Decree no. 231/2001, regulation of the administrative liability of legal persons, companies and associations even without legal personality, Legislative Decree. 10 March 2023, n. 24 in implementation of Directive (EU) 2019/1937; ii) to allow whistleblowing reports, verify the validity, relevance and relevance of the facts and circumstances reported in order to adopt, where necessary, any consequent measure, including disciplinary, that is deemed necessary or appropriate pursuant to the law.

Condition of Lawfulness of Processing: Legal Obligation - Art. 6, c.1, let. c. GDPR, Legitimate Interest - Art. 6, c.1, let. f. GDPR.

Nature of the provision: for the reporting party, the provision of the elements of the report is mandatory, even in anonymous form; failure to provide it does not allow the formulation of the report. In addition to the information provided by the reporter, the personal data of the reported subjects could be involved in the reporting process.

Personal data retention period: your data Internal and external reports and the related documentation are kept for the time necessary to process the report and in any case no later than 5 years from the date of communication of the final outcome of the reporting procedure, in compliance of the confidentiality obligations referred to in European and national legislation on the protection of personal data.

b. Defense in court and out of court, including in employment relationships.

Your personal data may be processed to ascertain, exercise or defend the rights of the Data Controller in judicial and extrajudicial proceedings, including in employment relationships.

Condition of Lawfulness of Processing: Legitimate Interest - Art. 6, c.1, let. f. GDPR

Purpose of the processing: i) Exercise of defense of the Data Controller in judicial and extrajudicial matters, also in employment relationships; ii) Processing of particular data, including that of employees, to assert or defend a right, including that of a third party, in judicial proceedings, as well as in administrative proceedings or in arbitration and conciliation procedures, in the cases provided for by the laws, by the regulations of the the European Union, by regulations or collective agreements.

Nature of the provision: The use of personal data is strictly necessary for any defense in court and out of court.

Personal data retention period: Personal data will be used for a period of time not exceeding those required by law and in any case until the deadlines for appeals are exhausted and no later than the conclusion of the judgement.

Processing methods: The processing is carried out mainly with IT and paper tools.

c. IT systems management

Personal data is used, for the legitimate interest of the Data Controller and the Interested Parties, to manage the security of technological infrastructures (IT).

Purpose of processing: Management of IT systems, including infrastructure management, business continuity and IT security.

Nature of the provision: Mandatory - Opposition to the processing may make it impossible for the Data Controller to provide the desired service.

Personal data retention period: your personal information is retained for the entire period of time necessary for the provision of services as well as for guaranteeing the exercise or defense of rights.

Processing methods: The processing is carried out using IT tools.

Condition of Lawfulness of Processing: Legitimate Interest - Art. 6, c.1, let. f. GDPR

6. DATA TRANSFER OUTSIDE THE EU

Personal data is processed exclusively within the European Union

7. RECIPIENTS OF THE TREATMENT

Data Controller: Hosting Service Providers, ICT system maintenance services.

Person Designated for Processing (Internal): RPCT, report managers.

Independent Data Controller: ANAC, Judicial Authority.

8. RIGHTS OF THE INTERESTED PARTY - COMPLAINT TO THE SUPERVISORY AUTHORITY

In relation to the processing described in this Information, as an interested party you may, under the conditions established by the GDPR, exercise the rights established by articles 15 to 22 of the GDPR and, in particular, the following rights:

• right of access – article 15 GDPR: right to obtain confirmation as to whether or not personal data concerning you is being processed and, in this case, obtain access to your personal data;

• right of rectification – article 16 GDPR: right to obtain, without unjustified delay, the rectification of inaccurate personal data concerning you and/or the integration of incomplete personal data;

• right to cancellation (right to be forgotten) – article 17 GDPR: right to obtain, without unjustified delay, the deletion of personal data concerning you. The right to erasure does not apply to the extent that processing is necessary for the fulfillment of a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise or defense of a right. in court;

• right to limit processing – article 18 GDPR: right to obtain the limitation of processing, when: a) the interested party contests the accuracy of the personal data; b) the processing is unlawful and the interested party opposes the deletion of the personal data and instead requests that their use be limited; c) the personal data are necessary for the interested party to ascertain, exercise or defend a right in court; d) the interested party has opposed the processing pending verification regarding the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party;

• right to data portability – article 20 GDPR: right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning you provided to the Data Controller and the right to transmit them to another data controller without impediments, if the processing is based on consent and is carried out by automated means. Furthermore, the right to have your personal data transmitted directly from this owner to another owner if this is technically feasible;

• right of opposition – article 21 GDPR: right to object, at any time, to the processing of personal data concerning you based on the condition of legitimacy of legitimate interest, including profiling, unless there are legitimate reasons for the Data Controller to continue processing which prevail over the interests , on the rights and freedoms of the interested party or for the assessment, exercise or defense of a right in court;

• right not to be subjected to automated decision-making – Article 22 GDPR: the interested party has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or which similarly significantly affects him or her, unless this is necessary for the conclusion or execution of a contract or you have given your consent. In any case, an automated decision-making process cannot concern your personal data and you will be able to obtain human intervention from the data controller at any time, express your opinion and contest the decision.

The interested party may also lodge a complaint with the Guarantor Authority for the protection of personal data:http://www.garanteprivacy.it as well as revoke the consent given on any occasion and with the same ease with which it was provided without prejudice to the lawfulness of the processing based on the consent given before the revocation.

The above rights may be exercised against the Owner by contacting the references indicated above.

The exercise of your rights as an interested party is free pursuant to Article 12 GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Owner may charge a reasonable fee, in light of the administrative costs incurred to manage your request, or deny satisfaction of your request.

Finally, we inform you that the Data Controller may request further information necessary to confirm the identity of the interested party.

Version 1.0 dated 07-11-2023

Safety measures of the Whistleblowing report system

1. DEFINITIONS

In order to better understand the security measures, some definitions are described below:

• “Firewall”: A firewall is a network security component that serves as a barrier between an internal or private network and an external or public network. It examines incoming and outgoing network traffic and decides whether to allow or block certain communications based on a set of predefined rules. Firewall rules specify which data packets are allowed or rejected based on criteria such as IP addresses, ports, protocols, and more; in this evaluation the version and name of the firewall used are omitted in order to avoid the dissemination of potentially valuable information to third parties;

• Web Application Firewall (“WAF”): A Web Application Firewall is a device or software application that sits between a web application and incoming network traffic. Its main task is to detect, filter and block specific cyber threats targeting web applications, such as SQL injection attacks, cross-site scripting (XSS), cross-site request forgery (CSRF) and others; in this evaluation the version and name of the WAF used are omitted in order to avoid the dissemination of potentially valuable information to third parties;

• Encryption Key: To use the AES algorithm, you must specify an encryption key. This key is a secret string that is used to encrypt and decrypt data. It is important to protect this key with extreme care as unauthorized access to it could compromise the security of your data.

2. MEASURES TO ENSURE THE CONFIDENTIALITY OF INFORMATION

• SPECIFIC ACCESS ROLES: access to the Software is reserved exclusively for authorized personnel (in charge of and responsible for processing) in possession of specific and individual access credentials also through specific designation as required by current legislation on privacy;

• SYSTEM ADMINISTRATOR ACCESS: only always via a protected connection using the SSH protocol from expressly authorized IPs;

• FIREWALL: Presence of a Firewall that filters network traffic, including input, output and forward rules;

• WAF for protecting against Web Application Vulnerabilities: The WAF detects and protects against common web application vulnerabilities, such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF) and many other web attacks;

• WAF for blocking Malicious Requests, including IP Reputation analysis: The WAF automatically detects and blocks malicious or suspicious HTTP requests before they reach the web application. This includes protection against malicious bots, vulnerability scanners, and brute force attacks;

• WAF for traffic control: the WAF analyzes incoming and outgoing HTTP traffic to identify suspicious activities or anomalous behavior. This allows you to identify and mitigate threats in real time;

• WAF for DDoS detection WAF also includes distributed denial of service (DDoS) protection that can help mitigate DDoS attacks against your web server;

• CONTINUOUS LOG ANALYSIS in order to detect any SQL Injection or XSS attacks;

• Software development according to best practices, also through the use of PreparedStatement in Java, in order to prevent potential SQL and/or XSS Injection attacks;

• Access permitted to the RSIS after double authentication with temporary code (OTP);

• Encryption of the information of the Reports, recorded in the database, using the AES Encryption algorithm and specific encryption key;

• Encryption of the backup of the Reports: the backup files are generated from records whose data have been populated in encrypted form; consequently the backup of reports contains records in encrypted form.

• NAVIGATION LOG:

1. recording of the operation logs of the personnel responsible for managing the Reporting System;

2. recording of navigation logs exclusively for the purpose of intercepting cyber attacks and immediately removing the registration of a Report;

• “Encryption Key", created with the SHA2 algorithm

1. it is made up of a fixed part located in a protected section of the web server and a "dynamic" part calculated exclusively at the time the report is inserted;

2.  it is consequently distinct for each Report;

3. it is not available to anyone, it is neither available to the Data Controller and/or nor available to suppliers and/or authorized parties;

4. it is created automatically when the Report is entered or consulted by the RSIS;

5. It is possible to reconstruct the Encryption Key at the express request of the Data Controller, always in compliance with current regulations;

6. Encryption of data in transit from the Platform Server to the customer using the SSL/TLS protocol which prevents unauthorized third parties from intercepting and reading the content of communications. SSL/TLS uses advanced encryption algorithms such as RSA, DHE (Diffie-Hellman Ephemeral), and ECC (Elliptic Curve Cryptography) to protect data.

3. MEASURES TO ENSURE THE AVAILABILITY AND INTEGRITY OF DATA

• Distributed database, aligned in real time on clusters with master node located on two different data centers: ServerPlan and Replica on Aruba;

• Backup CDP, carried out via the software "R1Soft CDP", performs an incremental backup of the entire machine disk and placed on machines other than the production one;

• Backup FTP, both the application and the database, transferred to a machine other than the production one.

4. SUPPLIERS (DATA PROCESSING RESPONSIBLE) TECHNOLOGICAL INFRASTRUCTURES

The suppliers have been designated as Data Processors pursuant to Art. 28 of EU Regulation 679/2016.

4. TECHNOLOGICAL INFRASTRUCTURE

SOFTWARE - The WhistleBlowing IusPrivacy Platform is a technology entirely developed and owned by WRP srl. The WhistleBlowing Platform does not derive from open source applications, and was created in JAVA language, allocated on Container Tomcat servlet. Personal data and information are recorded within MySql databases.

Java is designed with a focus on security. The JVM imposes strict restrictions on memory and database access and offers security mechanisms such as exception handling, which help prevent many types of errors and common vulnerabilities. Tomcat is a Java EE web server that supports servlets and JSP (JavaServer Pages). These components offer great flexibility in managing the server-side logic of web applications.

HARDWARE  - The application is hosted on cloud servers from the ServerPlan provider with Unix/Linux OS. It is the solution that allows you to quickly obtain high-performance hosting with scalable resources. The Cloud Server is a machine that, through the virtualization process, manages to share its resources in terms of RAM, space and processor with other machines.

The cloud server adopts NVMe SSD enterprise disks which guarantee the best performance for the application. The Cloud Server solution is allocated on a redundant cloud infrastructure with migration to another node if necessary and without any interruption to the service.

INFRASTRUCTURE - The Platform is located on ServerPlan's Data Center in Italy: the infrastructure is created with enterprise-level products and certified technology. ServerPlan and Aruba adopt the best solutions available on the market to always guarantee the highest performance in terms of speed, stability and security.

Serverplan guarantees 99.95% uptime for the connectivity of all systems and ensures that all routing devices are accessible. Some events that are not guaranteed by the SLA may occur, such as, for example, scheduled network maintenance. In this case the user will receive a notification via e-mail indicating the date set for the intervention.

In order to offer high standards of security and service availability, the WhistleBlowing Platform is entirely replicated on a server, different from that of Serverplan, of the supplier Aruba S.p.A.

Check the report you have in Precandaza inserted by means of the credentials following

Insert a new report