Information sheet EthicPoint service

Ethicpoint is an independent whistleblowing service, inspired by international advisory models EthicPoint – EthicLine – IntegrityLine.

Designed according to international practice ISO 37002 and in compliance with national regulations¹, the Service is ISO 9001 certified and supported by specific software (auditing & compliance) for the management of whistleblowings and related activities. The Service provides multiple scalable and integrated possibilities, supported by specifically trained staff:

1. E-mail on our domain (@ethicpoint.eu)
2. Toll-free number
3. Physical mail (PO BOX)
4. Dedicated page (landing page)
5. Generic page (home page)

How it works

The whistleblowing is handled by qualified internal Audit People staff, so that it can be customised and carried out according to the whistleblower’s indications. In addition, specific actions can be defined with the client company (e.g. the preparation of procedures concerning recipients and levels of confidentiality, support in the management of whistleblowings up to legal advice). The decisive aspect is that “we use qualified consultants”.

Security aspects

Organisational

Audit People adopts a Data Security and Privacy Manual, in compliance with ISO 27001 and European Regulation 679/2016 (GDPR).

Technical

The site is located at a dedicated hosting space, acquired from the qualified and certified Italian provider Register, part of the Dada group. The hosting system is an appliance on Linux servers, with systems dedicated to publishing websites on the WordPress platform and certified according to information security standards (ISO 27001).

Register makes a daily backup of the entire web space, including databases, according to the settings, maintaining them for one month. Audit People performs additional backups according to its own internal procedure.

Data of users using the report form are stored in a database permanently. Deletion must be done manually or as agreed with the client and according to internal policy.

No IP addresses of site users are recorded in the forms used to collect whistleblowings.

The site provides access with personal and encrypted user and password according to internal procedures (see above). There is a protection system by means of a firewall and an antivirus scanner on the site.

There is a blocking system for spam and bots (akismet). There are only technical cookies, as described in the information notice on the site.

Contact person for information: IT/27001 Manager of Audit People.

1 For Italy: Law 190/2012, Legislative Decree 231/2001, ANAC Guidelines, Law 69/2015, Law 116/2009 – Ratification of the Merida Convention, Legislative Decree 33/2013, Legislative Decree 39/2013, Presidential Decree 62/2013, Law 110/2012 – Ratification and Execution of the Criminal Law Convention on Corruption (1999), Law 112/2012 – Ratification and Execution of the Civil Law Convention on Corruption (1999), Law 179/2017 (law on “whistleblowing”), Decree no. 24 of 10 March 2023 (transposing European Directive 2019/1937).

 

Update 10.03.2023