Security Setup

The following security and compliance features are enabled and active:

Password policy The enabled policy forces users to create passwords based on the following minimum criteria: Minimum 8 characters, Must contain uppercase and lowercase letters, Must contain numbers, Must contain special character(s).
Multi-factor authentication Access to case management for attorney/lawyer at LES (ombudsman) and contact persons in the company, respectively, is protected with a username and password, followed by a randomized, session-specific OTP (One-Time-Password) sent to the users mobile phone as either a regular or Flash SMS, to verify the user’s identity.
Storage encryption (AWS + LUKS) Storage is encrypted with LUKS (Linux Unified Key Setup – 256-bit AES disk encryption). Thus, persons with physical access to hardware cannot access stored data.
Encryption During Transmission Communication is protected with SSL certificates and HTTPS (TLS). Numeric suites for HTTPS are continuously updated.
Activity and data logging Activity and Data Logging is enabled. However, IP logging on server requests is deliberately disabled to ensure the anonymity of external users.
Versioning
GDPR Deletion Policies In accordance with applicable data protection rules, archived data is automatically anonymized after 60 days. In order to ensure an independent fourth party, a written agreement has been entered into that the sub-data processor may not give LES users access to the server and backend.
Event and system logging Is enabled to automatically log unsuccessful login attempts, system events, user errors, etc.
Scrubbing of files All files uploaded via the portal are cleaned of personally identifiable meta-data such as name, initials, geotags, etc. LES Whistleblower Portal supports all common file formats, including: MS O ce files, PDF, image formats like PNG, JPG, BMP etc., as well as media files MP3 and MP4.

~~See~~ See Security setup for additional information on security and compliance features available on TS No-code Platform.