The security of the ELIGO platform

Logical and technological processes in ELIGO's electronic and online voting system.

Certifications

ISO Certification Logo

Quality of service

Software development, analysis and IT consulting. Provision of software customization services

ISO Certification Logo

Quality of information management

ISO 27001 certification attests to the robustness of the system with regard to information security
CISPE Certification Logo

Ethicality about data management

We use data responsibly, consciously and ethically
ISO Certification Logo

Quality of cloud solution

Cloud Provider Level Certification

Splitting voting vote

During electronic and online voting operations, vote and voter information are immediately split and saved in two separate areas. Any logical, physical or temporal correlation is permanently lost upon confirmation of voting in the digital ballot box. In fact, ELIGO digitally reproduces the act of inserting a paper ballot inside a ballot box making any correlation between the vote cast and the voter unreconstructible, with the advantage that ballots cannot be marked in any way by the voter, effectively eliminating void ballots. This process ensures the same characteristics of paper voting with the benefits of digital.

Encryption at every level

Cryptography, a technique that is applied to communications and data to maintain their secrecy and integrity, is a key piece of cybersecurity. All communication to the system is via https cryptographic protocol and 256-bit encryption. At the infrastructure level, ELIGO is protected by dual state-of-the-art logical and physical firewalls. For the database, on the other hand, Transparent Data Encryption (TDE) and optionally a dual-key encryption service on the digital urn is implemented. This ensures the unalterability of the votes cast before the start of polling operations. In addition, the ELIGO system undergoes periodic Vulnerability Assessment and Penetration Testing by qualified market players.

Technology Partners

logoMS pagina sicurezza
logoACN p Sicurezza e1692868079533
logoCISCO pagina sicurezza

Security and control

Every activity on the system is properly tracked with special log tables, which can be provided to the customer as an additional assurance. In addition, thanks to a special monitoring interface, the proper progress of election activities can be checked in real time. A copy of the software source code can be requested for possible verification and forensic dump techniques. The source code of the system and the proper functioning of ELIGO are continuously audited by third-party entities. Finally, ELIGO ballots are digitally signed and contain time stamp evidence to ensure the genuineness of election results.

Cloud providers and data management

ELIGO è un servizio SaaS certificato e qualificato da AGID. Per maggiori informazioni sulla Privacy puoi contattare il Responsabile del Trattamento dei Dati Personali all’indirizzo dpo@eligovote.com oppure puoi visionare la nostra scheda cliccando qui. Anche il nostro provider cloud è presente su marketplace AGID e disponibile per Pubbliche Amministrazioni e/o operatori che forniscono risorse sicure alla PA per l’erogazione dei propri servizi. Il Cloud Service Provider qualificato, in configurazione Private Cloud,  è conforme alle certificazioni ISO/IEC27001 e ISO9001 e compliance con il regolamento EU 2016/679 (GDPR).

Our cloud provider is physically located in Italy and allows the creation of Virtual Data Centers containing virtual servers, firewalls and networks, with the possibility of expansion or reduction depending on the different needs of the customer. In this way, resources are not predefined but adapted to guarantee maximum stability. The service is designed to offer maximum performance: network entirely at 10 Gbit/sec, servers with very high frequency and latest generation processors.