The person responsible for Ledningssystemet.se is the person within the organization who is responsible for setting up users, controlling which users should have what access, linking the business instance to any partners and ensuring that integrations for authentication and user provisioning are set up and working.
System requirements when operating in-house
Ledningssystemet.se is designed to run on a simple and robust platform, regardless of whether Ledningssystemet Sverige AB is responsible for the operation via its operating supplier, the customer itself wants to be responsible for the operation in its server environment or with its IT partner or if the customer wishes to place the operation with a cloud service provider such as Microsoft Azure, Amazon Web Services or Google.
Technical requirements for server and dependencies
- Standard LAMP installation (Linux, Apache, MySQL/MariaDB, PHP; Ubuntu with the latest LTS version 24.04 provides a stable foundation for a number of years to come) and GIT.
- If Ubuntu is chosen as the operating system, it is recommended to install unattended-upgrades with nightly reboots, so in practice minimal maintenance is required while security upgrades are performed.
- The system manager or IT partner needs to configure HTTPS and arrange for certificates. Let’s Encrypt usually works well.
- PHP at least version 8.3, with the following extensions (standard extensions that are usually included):
- Ctype PHP Extension
- cURL PHP Extension
- DOM PHP Extension
- Fileinfo PHP Extension
- Filter PHP Extension
- Hash PHP Extension
- Mbstring PHP Extension
- OpenSSL PHP Extension
- PCRE PHP Extension
- PDO PHP Extension
- Session PHP Extension
- Tokenizer PHP Extension
- XML PHP Extension
- ZIP PHP Extension
- Mysql PHP Extension
- For MariaDB/MySQL we recommend using the latest version.
Integration with EntraID
If the customer wants to be able to use synchronization with Office365 (Entra ID) for Single Sign On (SSO) and any synchronization of users, we help to configure this through a meeting (takes about 30 minutes) together with the customer who administers Microsoft EntraID.
This is best done when the environment is already up and running.
If you need support with installation and setup
For the actual installation of the application, we are happy to help but then need to be able to access the server via SSH. Otherwise, we will send instructions for the installation to the customer who will set up the instance.
Information security
Below we list our answers to frequently asked questions about information security in relation to Ledningssystemet.se
Is Ledningssystemet Sverige AB certified against any standard?
No
Ledningssystemet Sverige AB has few employees. How do you view the key person dependency that arises?
That is correct. Therefore, we ensure that we do not tie up our customers to use the service through long binding periods, that it is easy to export all data, but also that we promise to make our product available as open and free source code the day we can no longer manage the service in an acceptable way. We have also chosen to build the software on a very standardized platform (Laravel) that is easy to further develop.
Can we have access to your information security policy?
Yes, our only policy is our Operational Policy and it is available on the management system.se
What information security goals do you have?
Our information security goals consist of striving for few bugs and errors discovered after the release of software and that the IT services we use within Ledningssystemet Sverige AB must be protected with multi-factor authentication.
How do you ensure that third-party software does not contain security flaws?
We manage our source code at Github and then use the Dependabot functionality. Furthermore, critical third-party libraries are automatically updated when we release a new version of the Management System (which we do often, sometimes every day).
How do you approach secure software development?
We do not apply any formalized framework for secure software development (e.g. Microsoft SDL or similar). We rely heavily on skills in development, but also build our architecture so that any vulnerabilities do not pose unnecessary risks. Software developers have training in secure software development.
Is it possible to enable multi-factor authentication in the software?
No. We recommend all our customers to integrate the software with their own identity manager (e.g. Microsoft Entra) and not to use password authentication.
How often do you back up our data?
In cases where we are responsible for the operation, we use the supplier Oderland. See details on backup in the Data Processing Agreement in the contract with us.
Is the data encrypted?
During transmission, data is encrypted between user and web server. Stored data is not encrypted (except for credentials). If you require encryption of stored data, we recommend that you set up your own operating environment.
We have higher security requirements than you currently offer in your operating environment. How do we handle that?
We only offer one level of operation at present, but the system is built to run in other environments. We have customers who use AWS, for example, or run the system in their own data centers. This is fine, as the system does not need to be accessed by any of our support systems or by us (unless a major problem arises, in which case we can help solve them).
Do you do any monitoring and data collection from the installations?
Yes, all installations normally communicate with our monitoring platform where we get information about errors occurring in the installations, if licenses are about to expire, if hard disk space is running out, login problems and similar operational information. We are happy to show you what we collect, and in addition, you can configure in the customer environment if and what is communicated to our monitoring platform. When you connect a customer installation with a partner installation, information is exchanged between the customer portal and the partner portal.
Does the system use any tracking cookies or similar?
No. The system uses a few, necessary, cookies that are used to keep track of the session and the status of table views (e.g. number of items per page) and the status of menus. The system does not contain any third-party cookies, nor does it send information to third parties about how the system is used. This is also the reason why no consent is obtained for the use of cookies.
How is it ensured that our data cannot be accessed by another customer?
Each customer has its own installation of the software and also its own database instance. We do this for several reasons: partly to reduce the consequences in case of a security problem, partly to enable a fully distributed platform where it does not matter where the instances are installed. When we provide operation through our provider Oderland, each customer has its own web hosting instance to minimize the risks of so-called “lateral-movement attacks”.
What level of availability (“SLA”) do you guarantee?
We do not guarantee any level of availability at all, but consider the system to be a non-critical system from an availability perspective. However, it is stipulated in the contract that you have the option to terminate the contract with us (which you have regardless) if the system is not available.
Does the system comply with the Accessibility Directive?
We strive to make the system accessible, and there is, for example, some support for screen readers. We do not currently fully comply with all the accessibility requirements of WCAG 2.2, but have assessed that the system is not of such a nature that it falls within the scope of the Directive (e.g. regarding contrasts).
Does the system contain functionality for the deletion of personal data?
No, as the system’s personal data management normally extends to the management of information relating to the system’s users, this is something that is maintained through normal system administration. The system is not designed to handle special categories of personal data. There is no automatic deletion, but it is possible to introduce it if desired.
Can Management System Sweden employees access our data?
If you are responsible for the operation of the system, employees of Ledningssystemet Sverige do not have access unless you configure this. If Ledningssystemet Sverige AB is responsible for the operation, employees have the technical ability to access the database because it is administered by the company.
What if we want to leave Ledningssystemet.se?
We do not like lock-in effects, but it should be easy to leave us if Ledningssystemet.se does not help the business or for other reasons is not appropriate. If you want to leave the Management System, some exports to Excel can be done directly from the user interface. All data (not encrypted passwords) can be retrieved via API. If you want your data in the form of an SQL export, please contact us and we will help with that (of course at no cost).
SBOM (Software Bill of Materials)
Below is a list of third-party dependencies, licenses for these and when the license was last checked. In some cases there is a link to the project.
The customer portal
| Dependency | License | Date checked | Comment |
|---|---|---|---|
| @babel/core | MIT License | 2025-02-01 | |
| @rollup/plugin-commonjs | MIT License | 2025-02-01 | |
| @rollup/plugin-json | MIT License | 2025-02-01 | |
| @rollup/plugin-node-resolve | MIT License | 2025-02-01 | |
| @rollup/plugin-replace | MIT License | 2025-02-01 | |
| @rollup/plugin-terser | MIT License | 2025-02-01 | |
| autoprefixer | MIT License | 2025-02-01 | |
| axios | MIT License | 2025-02-01 | |
| babel-loader | MIT License | 2025-02-01 | |
| babel-plugin-istanbul | BSD-3-Clause | 2025-02-01 | |
| bio-dts | Unlicensed Public project | 2025-02-01 | https://github.com/nikku/bio-dts |
| bpmn-font | OFL-1.1 License | 2025-02-01 | |
| bpmn-moddle | MIT License | 2025-02-01 | |
| camunda-bpmn-moddle | MIT License | 2025-02-01 | |
| chai | MIT License | 2025-02-01 | |
| chai-match | MIT License | 2025-02-01 | |
| chart.js | MIT License | 2025-02-13 | |
| concurrently | MIT License | 2025-02-01 | |
| cpy | MIT License | 2025-02-01 | |
| cross-env | MIT License | 2025-02-01 | Archived repository since 2021-01-06 |
| del | MIT License | 2025-02-01 | |
| del-cli | MIT License | 2025-02-01 | |
| diagram-js | MIT License | 2025-02-01 | |
| diagram-js-direct-editing | MIT License | 2025-02-01 | |
| dropzone | MIT License | 2025-02-01 | |
| eslint | MIT License | 2025-02-01 | |
| eslint-plugin-bpmn-io | MIT License | 2025-02-01 | |
| eslint-plugin-import | MIT License | 2025-02-01 | |
| execa | MIT License | 2025-02-01 | |
| fakerphp/faker | MIT License | 2025-02-01 | |
| file-drops | MIT License | 2025-02-01 | |
| guzzlehttp/guzzle | MIT License | 2025-02-01 | |
| ids | MIT License | 2025-02-01 | |
| inherits-browser | ISC License | 2025-02-01 | |
| jquery | MIT License | 2025-02-01 | |
| jquery-ui | MIT License | 2025-02-01 | |
| jquery-ui-sortable | MIT License | 2025-02-01 | |
| karma | MIT License | 2025-02-01 | |
| karma-chrome-launcher | MIT License | 2025-02-01 | |
| karma-coverage | MIT License | 2025-02-01 | |
| karma-debug-launcher | MIT License | 2025-02-01 | |
| karma-env-preprocessor | MIT License | 2025-02-01 | |
| karma-firefox-launcher | MIT License | 2025-02-01 | |
| karma-mocha | MIT License | 2025-02-01 | Archived repository since 2023-12-28 |
| karma-safari-launcher | MIT License | 2025-02-01 | |
| karma-sinon-chai | MIT License | 2025-02-01 | |
| karma-webpack | MIT License | 2025-02-01 | |
| laravel/framework | MIT License | 2025-02-01 | |
| laravel/pint | MIT License | 2025-02-01 | |
| laravel/sail | MIT License | 2025-02-01 | |
| laravel/sanctum | MIT License | 2025-02-01 | |
| laravel/tinker | MIT License | 2025-02-01 | |
| laravel-vite-plugin | MIT License | 2025-02-01 | |
| lodash | MIT License | 2025-02-01 | |
| min-dash | MIT License | 2025-02-01 | |
| min-dom | MIT License | 2025-02-01 | |
| mocha | MIT License | 2025-02-01 | |
| mocha-test-container-support | MIT License | 2025-02-01 | Archived repository since 2020-05-06 |
| mockery/mockery | BSD-3-Clause | 2025-02-01 | |
| npm-run-all | MIT License | 2025-02-01 | |
| nunomaduro/collision | MIT License | 2025-02-01 | |
| object-refs | MIT License | 2025-02-01 | |
| php | PHP License v3.01 | 2025-02-01 | |
| phpoffice/phpspreadsheet | MIT License | 2025-02-01 | |
| phpoffice/phpword | LGPL version 3 | 2025-02-01 | https://github.com/PHPOffice/PHPWord |
| phpunit/phpunit | BSD-3-Clause | 2025-02-01 | |
| postcss | MIT License | 2025-02-01 | |
| puppeteer | Apache-2.0 | 2025-02-01 | |
| remark-cli | MIT License | 2025-02-01 | |
| remark-preset-bpmn-io | MIT License | 2025-02-01 | |
| rollup | MIT License | 2025-02-01 | |
| rollup-plugin-license | MIT License | 2025-02-01 | |
| sass | MIT License | 2025-02-01 | |
| otherwise | BSD-3-Clause | 2025-02-01 | |
| sinon-chai | WTFPL and BSD 2-Clause | 2025-02-01 | |
| tiny-svg | MIT License | 2025-02-01 | |
| ts-expect | MIT License | 2025-02-01 | |
| typescript | Apache-2.0 | 2025-02-01 | |
| fast | MIT License | 2025-02-01 | |
| webpack | MIT License | 2025-02-01 |
Partner portals
| Dependency | License | Date checked | Comment |
|---|---|---|---|
| autoprefixer | MIT License | 2025-02-01 | |
| Axios | MIT License | 2025-02-01 | |
| chart.js | MIT License | 2025-02-13 | |
| concurrently | MIT License | 2025-02-01 | |
| fakerphp/faker | MIT License | 2025-02-01 | |
| guzzlehttp/guzzle | MIT License | 2025-02-01 | |
| jquery | MIT License | 2025-02-01 | |
| laravel/framework | MIT License | 2025-02-01 | |
| laravel/pint | MIT License | 2025-02-01 | |
| laravel/sail | MIT License | 2025-02-01 | |
| laravel/sanctum | MIT License | 2025-02-01 | |
| laravel/tinker | MIT License | 2025-02-01 | |
| laravel-vite-plugin | MIT License | 2025-02-01 | |
| lodash | MIT License | 2025-02-01 | |
| mockery/mockery | BSD-3-Clause | 2025-02-01 | |
| nunomaduro/collision | MIT License | 2025-02-01 | |
| php | PHP License v3.01 | 2025-02-01 | |
| phpoffice/phpspreadsheet | MIT License | 2025-02-01 | |
| phpoffice/phpword | LGPL version 3 | 2025-02-01 | https://github.com/PHPOffice/PHPWord |
| phpunit/phpunit | BSD-3-Clause | 2025-02-01 | |
| postcss | MIT License | 2025-02-01 | |
| sass | MIT License | 2025-02-01 | |
| fast | MIT License | 2025-02-01 |