GlobaLeaks

Features

• PNRR
• PNRR/Beneficiari/Altri enti
• PNRR/Beneficiari/ASL
• PNRR/Beneficiari/Comuni
PNRR/Beneficiari/Istituti di ricerca e AFAM
PNRR/Beneficiari/PA Centrali
PNRR/Beneficiari/Province
PNRR/Beneficiari/Scuole
PNRR/Beneficiari/Università
PNRR/Misura/1.1
PNRR/Misura/1.4.1
PNRR/Misura/1.6
Multi-user system with customizable user roles (whistleblower, recipient, administrator)
Entirely manageable from a web administration interface
Support for more than 70 languages with Right-to-Left (RTL)
Receive reports from whistleblower through structured multi-step questionnaire
Let whistleblowers decide if and when to confidentially declare their identity
Exchange multimedia files with whistleblower
Secure management of files' access and visualization
Chat with whistleblower to discuss the report
Unique 16-digit receipt for the whistleblower to log back in anonymously
Simple recipient interface for receiving and analyzing reports
Support for the categorization of the reports with labels
Support for the user search of reports
Support for assigning and creating case management statuses
Customizable look and feel (logo, colour, styles, font, text)
Define multiple reporting channels/contexts (e.g. per-topic, per-department)
Create and manage multiple whistleblowing site (e.g for subsidiaries or third party clients)
Advanced questionnaire builder
Whistleblowing system statistics
Designed in adherence to ISO 37002:2021, EU Directive 2019/1937 standards and recommendations for whistleblowing compliance
Bidirectional anonymous communication (comments/messages)
Customizable case management workflow (statuses/sub-statuses)
Whistleblower identity conditional reporting workflow
Manage conflict of interest in the reporting workflow
Custodian functionality to authorize access to whistleblower identity
GDPR privacy by design and by default
GDPR configurable data retention policies
GDPR compliant subscriber module for new users of SaaS services
No logs of IP addresses
Audit log
Integratable with existing enterprise case management platform
Free Software OSI Approved AGPL 3.0 License
Designed in adherence to ISO 27001:2022, General Data Protection Regulation (EU) 2016/679, CSA STAR, OWASP standards and recommendations for privacy and security compliance
Full data encryption of data and metadata exchanged via the platform
Digital anonymity support with Tor integration
Built-in HTTPS support with TLS 1.3 standard (SSLabs A+ rating)
Automatic free digital certificate enrollment (Let’s Encrypt)
Multiple penetration tests with full public reports
Two-Factor authentication (2FA) support compliant to standard TOTP RFC 6238
Integrated network sandboxing with iptables
Integrated application sandboxing with AppArmor
Complete protection against automated submissions (spam prevention)
Subject to continuous peer-review and periodic security audits
PGP support for encrypted email notifications and encrypted file downloads
Does not leave traces on browser cache
Multi-site support enabling to run multiple virtual site on the same setup
Responsive user interfaces built with Boostrap CSS framework
Designed in adherence to ISO/IEC 40500:2012, Directive (EU) 2019/882, Directive (EU) 2016/2102, W3C WCAG 2.2 WAI-ARIA 2.2 standards and recommendations for accessibility compliance
Automated Software Quality Measurement and Continuous Integration Testing
Long-Term Support plan (LTS)
Built with lightweight framework technologies (Angular and Python Twisted)
Integrated SQLite database
Automatic setup of Tor Onion Services Version 3
Support for self-service signup for whistleblowing SaaS service setup
Support for Linux operating system (Debian/Ubuntu)
Deb Packaging with repository for update/upgrades
Full self-contained application
Easy integration of the platform with existing websites and intranets
REST API
IPv6 Ready