Difference between revisions of "Whistleblower"
Jump to navigation
Jump to search
old>Jno |
old>Jno |
||
Line 20: | Line 20: | ||
** Rentention daily 60 days, monthly 2 years | ** Rentention daily 60 days, monthly 2 years | ||
* Office365 SMTP service for sending emails | * Office365 SMTP service for sending emails | ||
== Technology Stack == | |||
The technological stack consists of: | |||
* LES Whistleblower Portal | |||
* TS No-code Platform | |||
* Apache Tomcat | |||
* MySQL | |||
* Amazon Linux 2 | |||
== Security setup == | == Security setup == |
Revision as of 10:10, 16 September 2021
Application
The LES Whistlebloaer Portal is fully managed by Tempus Serva Aps.
The system supports the following roles and usecases
- Lawyer: Handles whistleblower cases
- Tenant user: Handles whistleblower cases
- Whistleblower: Anonoumous users that creates new cases
Whistleblower have the option to return to their case using a randomized code.
Hosting setup
The LES Whistleblower Portal is hosted by Amazon Webservices EC2 in the data center in Stockholm, which complies with the following standards PCI DSS 3.2 Level 1 Service Provider, FIPS 140-2, ISO 27001. The server is protected by 2 layers of firewalls and utilizes the following supported services:
- SSL certificates are automatically updated monthly from LetEncrypt
- UptimeRobot polls the server each minute checking
- Access to database
- Sufficient storage and RAM
- Database is dumped nightly
- Replicated to encrypted storage in EU
- Rentention daily 60 days, monthly 2 years
- Office365 SMTP service for sending emails
Technology Stack
The technological stack consists of:
- LES Whistleblower Portal
- TS No-code Platform
- Apache Tomcat
- MySQL
- Amazon Linux 2
Security setup
The following security and compliance features are active
- Password policies
- Multifactor authentication (SMS)
- Storage encryption (AWS + LUKS)
- Transport encryption
- Activity and data logging
- Versioning
- GDPR deletion policies (60 days)
- Event and system logging
Note that request logging has been deliberately disabled, in order to secure anonomity of the users.