Difference between revisions of "Whistleblower"

From TempusServa wiki
Jump to navigation Jump to search
old>Jno
old>Jno
Line 20: Line 20:
** Rentention daily 60 days, monthly 2 years
** Rentention daily 60 days, monthly 2 years
* Office365 SMTP service for sending emails
* Office365 SMTP service for sending emails
== Technology Stack ==
The technological stack consists of:
* LES Whistleblower Portal
* TS No-code Platform
* Apache Tomcat
* MySQL
* Amazon Linux 2


== Security setup ==
== Security setup ==

Revision as of 10:10, 16 September 2021

Application

The LES Whistlebloaer Portal is fully managed by Tempus Serva Aps.

The system supports the following roles and usecases

  • Lawyer: Handles whistleblower cases
  • Tenant user: Handles whistleblower cases
  • Whistleblower: Anonoumous users that creates new cases

Whistleblower have the option to return to their case using a randomized code.

Hosting setup

The LES Whistleblower Portal is hosted by Amazon Webservices EC2 in the data center in Stockholm, which complies with the following standards PCI DSS 3.2 Level 1 Service Provider, FIPS 140-2, ISO 27001. The server is protected by 2 layers of firewalls and utilizes the following supported services:

  • SSL certificates are automatically updated monthly from LetEncrypt
  • UptimeRobot polls the server each minute checking
    • Access to database
    • Sufficient storage and RAM
  • Database is dumped nightly
    • Replicated to encrypted storage in EU
    • Rentention daily 60 days, monthly 2 years
  • Office365 SMTP service for sending emails

Technology Stack

The technological stack consists of:

  • LES Whistleblower Portal
  • TS No-code Platform
  • Apache Tomcat
  • MySQL
  • Amazon Linux 2

Security setup

The following security and compliance features are active

  • Password policies
  • Multifactor authentication (SMS)
  • Storage encryption (AWS + LUKS)
  • Transport encryption
  • Activity and data logging
  • Versioning
  • GDPR deletion policies (60 days)
  • Event and system logging

Note that request logging has been deliberately disabled, in order to secure anonomity of the users.