In this page it is possible to access all the resources, technical documentation, training content on whistleblowing and a series of FAQs to support public and private organisations that joined the project. The support is aimed not only to make the use of the platform easier, but also to give help in the implementation of procedures and adequate policies to create an efficient whistleblowing system.
The service contract, the privacy and security documents and the project certifications are available here.
On this page, communication templates and other materials are available to disseminate the service.
LAW RESOURCES AND PUBLICATIONS
We have collected the main law references on whistleblowing and the best research and analyses on the topic.
Se adotto una piattaforma del progetto WhistleblowingIT il mio ente è adempiente rispetto agli obblighi in materia di whistleblowing previsti per il settore pubblico e per il settore privato, in particolare rispetto al decreto legislativo n. 24/2023?
Yes. All the solutions offered within the WhistleblowingIT project comply with current Italian legislation both in terms of technical requirements that the IT platform must comply with as well as in terms of the standard questionnaires proposed which have been specifically designed to comply with national and European regulatory provisions and in line with international best practices.
In caso di novità normative sono previsti aggiornamenti?
The WhistleblowingIT project is constantly updated with respect to the relevant legislation. The platform is regularly developed to respond not only to legislative requirements but also to user needs. Updates are released constantly for the benefit of everyone. The standard questionnaires proposed as part of this project (free version for public administrations, version for public owned companies and version for private organisations) are updated directly by the project team in case of new regulatory requirements, in compliance with the deadlines indicated by law. Changes to customised versions are agreed directly with the organisation to meet specific needs. Regulatory updates for all types of platforms are released at no additional cost, as an integral part of the service offered by the WhistleblowingIT project.
Posso pubblicare il link della piattaforma solo sulla intranet dell’ente/organizzazione?
No. Legislative decree 24/2023 provides that even subjects external to the organisation (workers or collaborators of supplier companies, external consultants, shareholders) and subjects who do not yet have or no longer have an active collaboration relationship can send a report. To allow this right to all subjects provided for by law, the link to the whistleblowing platform must be public and easily accessible on the organisation’s website, if it is equipped with one, as expressly provided for by law.
Per le segnalazioni orali previste dall’art. 4 del decreto legislativo 24/2023, il progetto WhistleblowingIT prevede una soluzione per gli enti/organizzazioni?
Oral reports are not available in the standard solutions offered by the WhistleblowingIT project. The opportunity of having an oral channel is offered only as part of the customised version, in case an organisation specifically requests this functionality. For all other versions we have chosen not to enable this function because we believe that the rationale of the law is to offer an alternative channel for oral reporting and not a different section of the same channel provided for written reporting, to meet the needs of accessibility of whistleblowers.
Qual è la documentazione necessaria da predisporre una volta attivata la piattaforma per essere in linea con la normativa?
Once the platform has been activated, to complete the regulatory requirements it is necessary to produce the following documentation:
- Appointment as external data processing officer available here to be signed and sent back to email@example.com;
- Whistleblowing policy in which available channels and law references are indicated (template available here);
- Data Protection Impact Assessment (DPIA) which can be drawn up more easily thanks to the supporting documentation produced as part of this project and available here.
The brief practical guide on data protection available at the following link explains privacy requirements.
adesione a whistleblowingpa
È possibile iniziare ad utilizzare la versione gratuita della piattaforma per Pubbliche Amministrazioni e poi decidere di passare alla versione personalizzata?
Yes. The free basic version is designed for all public administrations that need a secure and dedicated tool and that the law catches unprepared. It is designed to be a tool suitable for both small municipalities and more structured institutions. The customised version, which can be adopted at a later time, allows a further improvement of internal whistleblowing procedures, adapting the platform to the specific purposes of the administration.
I dati inseriti in fase di registrazione possono essere cambiati in un secondo momento?
Yes. The email associated with the platform can be changed directly by the organisation in its administration panel. Other registration data are only relevant for registration purposes and are not reported on the platform. During registration it is necessary to have access to the email indicated as the configuration procedure requires its verification and involves sending essential information to the address indicated.
L’ente pubblico deve sottoscrivere un contratto per attivare la piattaforma gratuita?
The institution accepts contractual terms of service when registering the platform. A copy of the same terms of service is also available on the technical documentation page of this website at the following link. The organisation is also required to return the signed appointment as external data processor available at the following link.
caratteristiche delle piattaforme
Attraverso le piattaforme offerte dal progetto è possibile effettuare una segnalazione in forma orale?
The GlobaLeaks software has developed a voice messaging functionality which, however, will not be integrated into the free and standard versions of the platform. It will be available, where requested, on customised platforms. We do not think that voice messaging systems constitute a good practice for whistleblowing, as they do not allow receiving a qualified report, with a path that guides the whistleblower to provide targeted information. It involves a significant burden for the recipient who must draft the oral file received, verbalise it and reach, if possible, the whistleblower to validate the report and therefore complete the process. We also believe that the oral channel should be “alternative” to the written one and should not be made available through the same tool. Our recommendation is that oral reporting should be guaranteed through a mediated channel, through a personal meeting or telephone contact at the request of the whistleblower.
Le piattaforme del progetto WhistleblowingIT effettuano la separazione tra segnalazione e identità del segnalante attraverso la funzionalità del cosiddetto custode?
No. The Italian National Anticorruption Authority Guidelines (adopted with Resolution no. 469 of 9 June 2021 and now replaced by the new legislation) had envisaged the role of the Custodian of the identity. This role was established thinking that hiding the identity of the whistleblower was useful for his/her protection; however, the organisations promoting this project believe that there is no real added value in having this role and that not only the protections for those who report could be weakened, but also that the responsibilities of the Anti-Corruption Manager would become less clear once another subject is introduced into the reporting process. The WhistleblowingIT project has therefore decided not to implement, in its free and standard versions, a separation between the report and the identity of the whistleblower through the role of the custodian.
WhistleblowingIT è un servizio qualificato ACN?
Yes. The digital whistleblowing service offered as part of this project has obtained a qualification from the National Cybersecurity Agency (ACN). See the certificate here.
Le piattaforme del progetto WhistleblowingIT prevedono l’invio automatico di un avviso di ricevimento della segnalazione entro 7 giorni dalla sua ricezione?
From a technical point of view, the platforms give the whistleblower an immediate confirmation of receipt of the report. However, we believe that the intention of the provision of art. 5.1 of Legislative Decree 24/2023 is to provide for a specific action by the receiving organisation to confirm the actual acceptance of the report. For this reason, we invite recipients to act in this direction.
Posso attivare il software di whistleblowing sui miei sistemi informativi interni anziché aderire a una delle soluzioni previste dal progetto WhistleblowingIT?
The GlobaLeaks whistleblowing software on which the solutions offered by the WhistleblowingIT project are based is open source and can therefore be freely downloaded from the website www.globaleaks.org, configurated and distributed under the AGPL 3.0 licence. It can be installed independently by an IT expert following the instructions on the website. There are no forms of lock-in or other restrictions sometimes applied in the commercial sector, so that it is possible to export and migrate the settings of the platform activated through this project to an installation of the software carried out independently on an organisation’s own information systems. The software used, and further developed in the future, in the WhistleblowingIT project is public, free and reusable by public institutions, private companies and associations to develop similar projects independently.
Come avviene il trattamento delle informazioni identificative del segnalante?
The WhistleblowingIT platforms provide both the possibility of anonymous reporting and declared reporting. The whistleblower has the possibility to choose whether to provide his/her identification data, such as name, last name and any alternative contact method to communications via the platform. If not provided, the whistleblower may at his/her choice decide to communicate the identity at a later stage. In every situation in which the whistleblower has entered this information into the system, the recipients have the opportunity to see if it is available and access it via the “Show” button within the report. This information on the identity of the whistleblower can in fact be accessed in a specific section separated from the content of the report. For security and audit reasons, the system records the date and user who requests the first access to the identity of the whistleblower.
Se ho bisogno di assistenza tecnica sulla piattaforma cosa devo fare?
It is possible to request technical support directly from the login page of your platform or within the user interface once accessed by clicking on the support icon available at the top right. The WhistleblowingIT team will provide you with information and resolve any issues promptly.
Cosa devo fare se ho dimenticato la password?
To be able to access your platform again if you lose your password, you can proceed in different ways, depending on the information known by the user:
- If you know the account recovery key and the email connected to the platform, you can reset the password independently through the login page at the specific link of your platform.
- If you know the email connected to the platform but not the account recovery key, a reset request must be sent by clicking on the “Forgot your password?” button in the login page and then on “Request support”, specifying that you wish to request a password reset to the email address connected to the platform.
- If you do not know either the recovery key or the email connected to the platform or it is necessary to replace it, a request must be sent via email to firstname.lastname@example.org, specifying also the email you intend to replace. In the cases of Public Administrations, the appointment of the new Anti-Corruption Manager must also be attached to the request.
Cos’è la chiave di recupero e dove la trovo?
The recovery key is a key that protects a copy of the platform’s encryption key. It is available within the platform in the Preferences section and is used, among other things, to reset the password independently and recover the account in the case the password is forgotten. We recommend that you access your recovery key and save it in a safe place after you log in to the platform for the first time.