Rexpondo is the new ticketing system adopted by AIFA, the Italian Medicines Agency.
We are pleased to welcome AIFA (Italian Medicines Agency) on board. Starting from October 1, 2024, Rexpondo has been integrated into the agency’s digital infrastructure, becoming the primary ticketing system for managing internal and external support requests. It ensures assistance and provides useful information for resolving any user-related issues (more details in this article).
For users already registered with AIFA’s Online Services, a helpdesk service will be available, allowing them to manage their tickets. Users will be able to submit new reports or review existing ones.
The new Rexpondo Customer Portal represents a significant step forward in handling support requests for professionals working with AIFA. It offers a more intuitive and accessible platform that is continuously updated.
E-time ISO 27001 certified.
The certifications acquired by E-time
We are proud to announce that E-time has achieved the UNI CEI EN ISO/IEC 27001:2024 certification. This international standard establishes the requirements for an Information Security Management System (ISMS), ensuring a structured approach to data protection.
Below is a list of all certifications E-time has obtained under ISO/IEC 27001:
- Cert. no. 84671 UNI CEI EN ISO/IEC 27001:2024 – Information security, cybersecurity, and privacy protection – Information security management systems – Requirements.
- Cert. no. 84673 ISO/IEC 27018:2019 – Information technology — Security techniques — Code of practice for the protection of personally identifiable information (PII) in public clouds acting as PII processors.
- Cert. no. 84674 ISO/IEC 27017:2015 – Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services.
E-time has always prioritized data security and, over the years, we have implemented internal procedures to protect it. By obtaining this certification, we have chosen to implement these processes in compliance with the standards set by ISO 27001, validated by an authorized third-party body.
What Changes After Obtaining Certification
Achieving this certification has several implications and entails specific operational responsibilities for the company, including:
- Risk identification and management: the organization must mitigate risks related to information security, preventing and monitoring them continuously.
- Implementation of an Information Security Management System: Introducing a set of procedures and controls to ensure the protection of confidentiality, integrity, and availability of information.
- Compliance with legal and regulatory requirements: Adhering to information security provisions and current regulations, primarily GDPR.
- Implementation of the PDCA (Plan-Do-Check-Act) cycle: ensuring continuous improvement of the ISMS, which involves periodic internal audits, management reviews, and updates to controls.
What This Means for Our Clients
Achieving certification guarantees the validity of ongoing processes for information security and data protection, reducing the likelihood of incidents related to data breaches or cyberattacks.
By reaching this milestone, E-time reinforces its tangible commitment to maintaining the highest standards of information security.
The certifications can be fully reviewed at this link.
Chatbot & AI: a new Partnership between E-Time and Botpress Is Born
We are pleased to announce the launch of a new strategic collaboration with Botpress one of the most advanced platforms for creating and managing chatbots on the market.
The partnership between E-Time and Botpress will lead to the integration of Botpress into our services (integration with Rexpondo is already available), allowing us to leverage the potential of artificial intelligence (AI) and natural language processing (NLP).
Botpress integrates AI into its chatbots through an advanced modular architecture that enables the use of NLP and machine learning to create smarter and more personalized interactions.
The partnership between E-Time and Botpress combines E-Time’s technological know-how with the capabilities of an innovative and constantly evolving platform.
This growth-oriented collaboration has the shared goal of providing companies with advanced tools to enhance user experience, automate customer service, and optimize internal processes.
Passkey is added to the MFA methods supported by Yookey
Passkey is the alternative to passwords and marks a definitive transition to a new chapter in cybersecurity, this time, Passwordless.
Despite authentication systems having relied on passwords until now, it has become clear over time that while they serve as a security key, they also represent the weak link in account security due to their susceptibility to Phishing attacks.
Passkey is a secure authentication method based on a recognition system (fingerprint, face, PIN, sequence), generated and stored locally on users’ devices.
During the registration process, two keys are created: a public key and a private key, which is encrypted and securely stored on the user’s device. Both keys are required for accessing the account. This mechanism is known as Asymmetric or Public Key Authentication.
Passkey adopts the WebAuthn Standard, or rather, adheres to and implements the technical specifications provided by FIDO2, which include WebAuthn and CTAP (Client to Authenticator Protocol).
WebAuthn Standard
WebAuthn or Web Authentication is the open standard (FIDO2 framework) established by the FIDO Alliance and the World Wide Web Consortium (W3C) with participation from Google, Mozilla, Microsoft, and other major players, upon which Passkey is based.
The WebAuthn API allows servers to register and authenticate users using public key cryptography instead of a password, ensuring that authentication works regardless of the device’s operating system, whether it be Android, iOS, Mac, or Windows.
In most cases, the WebAuthn client that implements the authentication API is a compatible browser (currently supported by all major browsers and Android and Apple devices).
Why is Passkey an effective measure against Phishing?
Passkey is effective against phishing attacks because the unique password is stored locally on the user’s device and is never transmitted over the network.
This means that even if a user is tricked into providing their passkey to a phishing site, cybercriminals will not be able to use it to access their accounts, as the passkey is not valid on other devices. This makes it much more difficult for hackers to compromise user access, thus protecting their personal and financial information.
Passkey and FIDO
The birth of Passkey is closely tied to FIDO (Fast Identity Online), an organization that promotes open standards for strong authentication. The FIDO Alliance comprises key players in the web industry such as Google, Microsoft, and Apple.
FIDO’s main objective is to enhance online security by using more advanced authentication methods, such as biometrics and asymmetric cryptography, aiming to reduce reliance on traditional (static) passwords, which are too vulnerable to theft regardless of their complexity.
The other MFA methods supported by Yookey | Keycloak SaaS
In addition to Passkey, the other MFA methods supported by our Yookey- Keycloak as A Service are:
- Sms and email
- Virtual Authenticator (Microsoft and Google authenticator)
- Physical tokens.
E-time with Rete Dafne against every form of violence
It’s time to reveal our second “Useful Gift” for Christmas 2023.
The events of the last months of 2023 have received significant media attention, bringing the issue of gender-based violence back into the spotlight, which remains a real scourge in Italy and beyond.
Therefore, we have chosen to make our small contribution to Rete Dafne, which daily provides support and assistance to victims of gender-based violence, and not only because the work of Rete Dafne concerns all victims of any type of crime.
For further information about the valuable work carried out by this association, we refer you to their website: retedafne.it
E-time is participating in the Plastic Pull project.
This Christmas, we have focused on two themes that are very important to us, and one of them is the Environment.
E-Time has contributed to collecting 37 kg of waste abandoned on beaches, in parks, and on streets, requalifying degraded ecosystems in Italy located in areas where local administrations do not intervene. All of this has been made possible thanks to the Plastic Pull project by Piantando.
The project
Plastic Pull is one of Piantando’s social and environmental impact projects, with the goal of recovering tons of scattered waste throughout Italy, leveraging its network of associations and initiatives.
After identifying the areas of degradation to intervene, Piantando coordinates the intervention with field contacts. Each collected bag is certified, including photographs, location and date of collection, weight, disposal method, and the operational team.
Who is Piantando
Piantando is a Benefit company that initiates social and environmental impact projects worldwide by collaborating with companies of all sectors and sizes. The central focus of Piantando’s work is transparency and sustainability, which characterize each project and ensure its proper development.
Below is the link where you can find more information about the project supported by E-time and our contribution: E-time X Plastic Pull
Keycloak: Identity and Access Management solution
Keycloak, an open source solution for IAM Management
Keycloak is an open source software platform for unified identity and access management. It enables companies and organizations to centrally and securely manage the authentication and authorization of their users.
Keycloak is designed to work with modern applications and services. It provides a variety of authentication mechanisms by supporting several protocols, including social login, OAuth 2.0, SAML, and OpenID Connect.
A modern interface and high level of scalability make it the ideal product for those who want to opt for a secure yet highly customizable solution. Now let’s look at its features in more detail.
Single Sign On (SSO) & Multi-Factor Authentication (MFA)
Keycloak supports Single Sign-On (SSO) allowing users to log in to multiple applications and services using a single set of credentials. This greatly simplifies the login process for users and results in increased security from reducing the number of passwords that must be remembered and managed.
The platform also supports multi-factor authentication (MFA) thus providing an additional layer of security by asking users to provide additional authentication information, (e.g. code sent to their phone) before accessing resources.
Function and installation
It functions as a central authentication server that delegates authentication to external sources and provides access tokens for requesting applications. Regarding the users, the platform provides a division into 3 macro categories that can be managed through a customizable admin dashboard:
- Users: those who can access resources.
- Roles: used to define the access levels of individual users.
- Groups: allow for quick management of the different roles present, creating aggregations between roles and users.
Keycloak supports multiple user stores including LDAP and Active Directory. In this way existing directories can be used for user authentication. Deployment can be on-premise, in the cloud or as a hybrid solution and it provides a flexible architecture with a high degree of scalability.
Features and Benefits
- Single Sign-On (SSO): allows users to access multiple applications and services using a single set of credentials.
- Identity brokering: identity validation using OpenID Connect or SAML 2.0 IdPs.
- Centralized management: customizable interface for managing users, roles and permissions.
- Multi-factor authentication: requires users to provide additional authentication information before accessing resources.
- Directory integration: Integration with LDAP and Active directory for authentication through existing directories.
- Scalability: Easily extendable according to different needs.
Keycloak: integrations
Keycloak has a number of APIs that allow the platform to be integrated with third-party services and systems thus making it an extremely versatile solution created to be integrated into the IT infrastructure of companies of any size.
Keycloak in SaaS
It is possible to have Keycloak as a SaaS solution, with a fully managed service.
Yookey is our product/service that allows you to take full advantage of Keycloak without worrying about the burden of installation and updates, and with the added benefit of a customizable Support.
Yookey ensures maximum security for access and authentication processes with Single Sign-On, and once integrated into your IT environment, no additional effort is required for software operation and maintenance.
For more information about Yookey, visit our dedicated website at this link: Yookey – Keycloak SaaS.