In the domain of data security and systems redundancy features, tNotice (service of inPoste.it) meets the regulatory requirements laid down by the Digital Administration Code referred to in Legislative Decree n. 235/2010, and by the DigitPA regulations (formerly AGID) implementing Legislative Decree n. 177/2009.
The Ministry for Economic Development – Department of Communications, vested with inspection powers, establishes the application of the general rules laid down by article 15 of the Italian Constitution, of the best practices of the sector and incorporates by reference the provisions of law relating to the processing of personal data.
Article 15 of the Italian Constitution
The freedom and secrecy of correspondence and of every other form of communication is inviolable.
Restriction thereto may be imposed only by warrant which gives the reasons issued by a judicial authority with the guarantees established by law.
Redundancy is a key feature of the computing center, given the typical continuous operation 24 hours a day, seven days a week. On an international scale we have decided to follow the standards set by the US body TIA (Telecommunication Industry Association), which has defined four levels of redundancy, named TIER I, II, III and IV according to the redundancy of equipment and of the power supply line.
At all events, redundancy has to be guaranteed also with regards to information systems and air-conditioning. In particular, for the application of tNotice data and processes are made in high-reliability redundancy on a national Data Center classified as TIER III plus with armed security and technical operating supervision 24 hours a day.
The HW systems used by tNotice ensure the TIER III standard:
- 2 independent power lines supplied by two different substations.
- Redundant components on a power line.
- Generator set redundancy n+1.
- UPS redundancy n+1.
- Fire protection systems.
- Surveillance 24/7/365
- Servers, local network devices and appliances owned by the company are placed in a dedicated rack
- Closure and security: dual-sided safety key with a three-digit combination
- Power Supply: Dual redundant
- Supply Voltage: 2 x 220V
- Supply Current: 2 x 16A
- Access to the data centre via badge with unique access code 365/7/24 and consent to access upon prior
- Visual identification and proof of identity and provided that the name corresponds with the name on the list of authorized persons.
- Optic Fiber Connection 10Mbit/s Upload and Download
- Basic alert service for monitoring the IP reachability and for proactive intervention in the event any
- difficulties with the network arise, without intervention on the equipment that remain accessible
- exclusively by the authorized personnel as listed by InPoste.it S.r.l.
- Dedicated VRRP Firewalls
- Local Internet Registry accredited by the RIPE-NCC
- Autonomous System AS12637
- Two places of business: in Lazio and in Lombardy connected by a fiber ring backbone
- IP Resources from:
- AS3549 – Global Crossing 1 Gbps
- AS3257 – Tinet International, 2 x 2 Gbps
- AS174 – Cogent Communications, 1 Gbps
- NAP Namex – Rome, 2 x 1 Gbps
- NAP Mix – Milan, 3 x 1 Gbps
- NAP AmsIX – Amsterdam, 1 Gbps
- NAP Minap – Milan, 100 Mbps
- Automatic routing controls on their peers through the BGP-4 protocol. The network is designed so as to have not only top performances but also the maximum possible reliability counting on fully redundant lines and also on redundant carriers.
SSL protection between Client and Server:
- forcing safe security SSL protocol for users not directly accessing via https://app.tnotice.com
- Certificate issued by GeoTrust Global Certification Authority
- Signature algorithm with SHA-1 with 256 bytes RSA encryption
Systems and safety procedures
Access to the premises is governed by the security procedures as established by the DPS pursuant to Legislative Decree n. 196/2003, summarized separately. The premises where the equipment is kept have the following facilities:
- Electronic surveillance against intrusion, fire and critical environmental anomalies reported by radio and on-site intervention by authorized private police forces.
- Redundant system for climate control in the computer rooms with local and remote alarms (remote alarms to the surveillance institute) in the event critical values are reached.
- Redundant power supply system on double busway pursuant to EIE-EC standards for each row of cabinets with safety strain relief and fire prevention plugs and sockets.
- Security system of power supply through L.626 certified ground system and electrical isolation of the sources.
- Gas fire-fighting system with sensors placed on the ceiling and on the floor that detect the saturation of the environment (dedicated cylinders for each room, separate and redundant system).
- Static switching system for the busway source for each cabinet functional to the equipment not fitted with redundant power supplies.
- Static conditioning of power supply by means of uninterruptible online static power supplies 2 x 100 KVA with PLL reference frequency set for data centres in Lazio and 2 x 200 KVA with PLL reference frequency set for data centres in Lombardy.
- Diesel generator set with high autonomy and a capacity of 200KVA, automatic launch and automatic cycles of bi-weekly diagnostics (Deutz – General Electric).
- Security seals on front and rear doors for access to the Servers with unique identification.
- Strictly limited authorized personnel included in the list of authorized persons after prior annual check of the anti-mafia requirements and pending charges.
- Safety Manager for tNotice with a NATO-EU classification level.
Surveillance of the premises is ensured 365/7/24, be it by means of its own personnel, of authorized external personnel or of remote data monitoring systems. All access to data centre areas is subject to auditing.
Access to the premises
A continuous Service is available 365/7/24 for access control concerning authorized personnel.
Conditioning of premises
The air conditioning system ensures air filtration, indoor ventilation, cooling and heating using fresh outside air (free cooling) where available, thus maintaining the correct temperature and adequate air circulation. The air conditioning system is redundant. In the event of power failure the system is designed to guarantee free-cooling.