# Security Setup

The following security and compliance features are enabled and active:

- **Password policy** The enabled policy forces users to create passwords based on the following minimum criteria: Minimum 8 characters, Must contain uppercase and lowercase letters, Must contain numbers, Must contain special character(s).
- **Multi-factor authentication** Access to case management for attorney/lawyer at LES (ombudsman) and contact persons in the company, respectively, is protected with a username and password, followed by a randomized, session-specific OTP (One-Time-Password) sent to the users mobile phone as either a regular or Flash SMS, to verify the user’s identity.
- **Storage encryption (AWS + LUKS)** Storage is encrypted with LUKS (Linux Unified Key Setup – 256-bit AES disk encryption). Thus, persons with physical access to hardware cannot access stored data.
- **Encryption During Transmission** Communication is protected with SSL certificates and HTTPS (TLS). Numeric suites for HTTPS are continuously updated.
- **Activity and data logging** Activity and Data Logging is enabled. However, IP logging on server requests is deliberately disabled to ensure the anonymity of external users.
- Versioning
- **GDPR Deletion Policies** In accordance with applicable data protection rules, archived data is automatically anonymized after 60 days. In order to ensure an independent fourth party, a written agreement has been entered into that the sub-data processor may not give LES users access to the server and backend.
- **Event and system logging** Is enabled to automatically log unsuccessful login attempts, system events, user errors, etc.
- **Scrubbing of files** All files uploaded via the portal are cleaned of personally identifiable meta-data such as name, initials, geotags, etc. LES Whistleblower Portal supports all common file formats, including: MS O ce files, PDF, image formats like PNG, JPG, BMP etc., as well as media files MP3 and MP4.

  
See [Security setup](https://docs.tsnocode.com/books/security/chapter/security-setup) for additional information on security and compliance features available on TS No-code Platform.