Difference between revisions of "Whistleblower"
Jump to navigation
Jump to search
old>Jno |
|||
Line 30: | Line 30: | ||
* Activity and data logging | * Activity and data logging | ||
* Versioning | * Versioning | ||
* GDPR deletion policies ( | * GDPR deletion policies (60 days) | ||
* Event and system logging | * Event and system logging | ||
Note that request logging | Note that request logging has been deliberately disabled, in order to secure anonomity of the users. |
Revision as of 09:43, 16 September 2021
Application
The Whistleblower system is fully managed by Tempus Serva Aps.
The system supports the following roles and usecases
- Lawyer: Handles whistleblower cases
- Tenant user: Handles whistleblower cases
- Whistleblower: Anonoumous users that creates new cases
Whistleblower have the option to return to their case using a randomized code.
Hosting setup
The hosting is located at Amazon Webservices Stockholm data center.
The server utilizes the following supported services
- SSL certificates are automatically updated monthly from LetEncrypt
- UptimeRobot polls the server each minute checking
- Access to database
- Sufficient storage and RAM
- Database is dumped nightly
- Replicated to encrypted storage in EU
- Rentention daily 60 days, monthly 2 years
- Office365 SMTP service for sending emails
Security setup
The following security and compliance features are active
- Password policies
- Multifactor authentication (SMS)
- Storage encryption (AWS + LUKS)
- Transport encryption
- Activity and data logging
- Versioning
- GDPR deletion policies (60 days)
- Event and system logging
Note that request logging has been deliberately disabled, in order to secure anonomity of the users.