Whistleblower

Application

The LES Whistlebloaer Portal is fully managed by Tempus Serva Aps.

The system supports the following roles and usecases

• Lawyer: Handles whistleblower cases
• Tenant user: Handles whistleblower cases
• Whistleblower: Anonoumous users that creates new cases

Whistleblower have the option to return to their case using a randomized code.

Hosting setup

The LES Whistleblower Portal is hosted by Amazon Webservices EC2 in the data center in Stockholm, which complies with the following standards PCI DSS 3.2 Level 1 Service Provider, FIPS 140-2, ISO 27001. The server is protected by 2 layers of firewalls and utilizes the following supported services:

• SSL certificates are automatically updated monthly from LetEncrypt
• UptimeRobot polls the server each minute checking
  • Access to database
  • Sufficient storage and RAM
• Database is dumped nightly
  • Replicated to encrypted storage in EU
  • Rentention daily 60 days, monthly 2 years
• Office365 SMTP service for sending emails

Technology Stack

The technological stack consists of:

• LES Whistleblower Portal
• TS No-code Platform
• Apache Tomcat
• MySQL
• Amazon Linux 2

Security setup

The following security and compliance features are active

• Password policies
• Multifactor authentication (SMS)
• Storage encryption (AWS + LUKS)
• Transport encryption
• Activity and data logging
• Versioning
• GDPR deletion policies (60 days)
• Event and system logging

Note that request logging has been deliberately disabled, in order to secure anonomity of the users.