SSL Security Certification
All our servers and sites use SSL Security Certificates with static seal, verifiable by users immediately through the symbol of a padlock and allowing them to confirm the correct identity of the websites.
Thanks to encryption, confidential information is made unreadable by hackers, eliminating the risks of fraud, phishing and theft of confidential information.
All our services are based on IT and technology platforms that host all business applications in testing, pre-production and production environments.
Our adopted infrastructure offers user services reduced latency and guaranteed hardware availability, to ensure a stable service over time.
Integrity of personal data
To ensure data availability, in the event of hardware malfunctions, backup copies are provided for the most critical servers at a minimum daily frequency. This data is saved on systems installed in a dedicated backup site. We keep a backup copy of the databases for the necessary time specified in the data retention policy and then they are automatically deleted.
These backups are checked periodically, are organized in such a way as to guarantee the separation of data for each customer and are securely encrypted, to ensure maximum data confidentiality.
The infrastructure is designed to be resilient to DDoS (Distributed Denial of Service) attacks through DDoS mitigation systems capable of automatically detecting and filtering excess traffic by inserting scalability to manage unexpected traffic volumes using appropriate load balancers.
Data loss prevention (DLP)
We believe that data loss prevention features are critical as they prevent sensitive information from being shared without authorization. The data of an organization are essential for its success, they must be immediately available to allow the processing of decisions, but at the same time they must be protected to prevent them from being shared with recipients who are not authorized to access them.
For this reason we have implemented a series of organizational and technical measures that allow us to guarantee our customers not only the prevention of unauthorized access, but also adequate security - in relation to the classification of the data processed - for all authorized access.
We cyclically perform vulnerability tests on all infrastructure systems and clients connected to it. We regularly perform security penetration tests, using different vendors.
The tests include high-level server penetration tests, in-depth tests for vulnerabilities within the application and social engineering exercises.
We employ advanced systems for scanning for viruses in e-mail (both inbound and outbound), for spoofing (use of counterfeit senders) and we have a clear anti-spam policy. Anti-phishing analysis tools and advanced protection from advanced threats such as spear phishing. Identification and blocking of malicious files in our internal network thanks to the use of antivirus and proxy systems.
We regularly and automatically check that all our servers are up to date and have the latest security patches installed.
We have a rigorous incident management process for security events that may affect the confidentiality, integrity or availability of systems or datai.
If an incident occurs, the security team records and prioritizes based on severity. Events that directly impact customers have the highest priority.
Tracking and disposal of hardware
The control starts with the acquisition, follows the installation, up to the disposal and eventual destruction. For the disposal of hardware we rely on highly qualified and experienced suppliers who guarantee the destruction of the disk and the elimination of the data in the face of a document of destruction.