Whistleblower
Application
The LES Whistlebloaer Portal is fully managed by Tempus Serva Aps.
The system supports the following roles and usecases
- Lawyer: Handles whistleblower cases
- Tenant user: Handles whistleblower cases
- Whistleblower: Anonoumous users that creates new cases
Whistleblower have the option to return to their case using a randomized code.
Hosting setup
The LES Whistleblower Portal is hosted by Amazon Webservices EC2 in the data center in Stockholm, which complies with the following standards PCI DSS 3.2 Level 1 Service Provider, FIPS 140-2, ISO 27001. The server is protected by 2 layers of firewalls and utilizes the following supported services:
- SSL certificates are automatically updated monthly from LetEncrypt
- UptimeRobot polls the server each minute checking
- Access to database
- Sufficient storage and RAM
- Database is dumped nightly
- Replicated to encrypted storage in EU
- Rentention daily 60 days, monthly 2 years
- Office365 SMTP service for sending emails
Technology Stack
The technological stack consists of:
- LES Whistleblower Portal
- TS No-code Platform
- Apache Tomcat
- MySQL
- Amazon Linux 2
Security setup
The following Security and Compliance features are active:
- Password policies
- Multifactor authentication (SMS)
- Storage encryption (AWS + LUKS)
- Transport encryption
- Activity and data logging
- Versioning
- GDPR deletion policies (60 days)
- Event and system logging
Note that request logging has been deliberately disabled, in order to secure anonomity of the users.
See Security Setup for additional information on security and compliance features available on TS No-code Platform.