From ab194ce8cf5c822fe102deb3eeedb5619fddb0ed Mon Sep 17 00:00:00 2001
From: Giovanni Pellerano <giovanni.pellerano@globaleaks.org>
Date: Thu, 24 Oct 2024 00:30:45 +0200
Subject: [PATCH] [doc] Add introduction and revise reference to adherence to
 laws and regulations

---
 documentation/gettingstarted/Features.rst     |  6 +++---
 documentation/gettingstarted/Introduction.rst | 10 ++++++++++
 documentation/gettingstarted/index.rst        |  1 +
 documentation/index.rst                       |  2 --
 publiccode.yml                                | 10 +++++-----
 5 files changed, 19 insertions(+), 10 deletions(-)
 create mode 100644 documentation/gettingstarted/Introduction.rst

diff --git a/documentation/gettingstarted/Features.rst b/documentation/gettingstarted/Features.rst
index 1643812add..4ac873dcf4 100644
--- a/documentation/gettingstarted/Features.rst
+++ b/documentation/gettingstarted/Features.rst
@@ -26,7 +26,7 @@ User features
 Legal features
 --------------
 
-- Designed in adherence to `ISO 37002:2021 <https://www.iso.org/standard/65035.html>`_ and `EU Directive 2019/1937 <https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32019L1937>`_ recommendations for whistleblowing compliance
+- Designed in adherence to `ISO 37002:2021 <https://www.iso.org/standard/65035.html>`_ and `Directive (EU) 2019/1937 <https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32019L1937>`_ recommendations for whistleblowing compliance
 - Supports bidirectional anonymous communication (comments/messages)
 - Customizable case management workflow (statuses/sub-statuses)
 - Conditional reporting workflow based on whistleblower identity
@@ -43,7 +43,7 @@ Legal features
 Security features
 -----------------
 
-- Designed in adherence to `ISO 27001:2022 <https://www.iso.org/standard/82875.html>`_, `CSA STAR <https://cloudsecurityalliance.org/star>`_, and `OWASP <https://owasp.org/>`_ recommendations for security compliance
+- Designed in adherence to `ISO 27001:2022 <https://www.iso.org/standard/82875.html>`_, `General Data Protection Regulation (EU) 2016/679 <https://eur-lex.europa.eu/eli/reg/2016/679/oj>`_, `CSA STAR <https://cloudsecurityalliance.org/star>`_, and `OWASP <https://owasp.org/>`_ recommendations for privacy and security compliance
 - Full data encryption for whistleblower reports and recipient communications
 - Supports digital anonymity through `Tor <https://www.torproject.org/>`_ integration
 - Built-in HTTPS support with `TLS 1.3 <https://tools.ietf.org/html/rfc8446>`_ standard and `SSLabs A+ <https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org>`_ rating
@@ -60,7 +60,7 @@ Security features
 Technical features
 ------------------
 
-- Designed in adherence to `Directive (EU) 2019/882 <https://eur-lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32019L0882>`_, `Directive (EU) 2016/2102 <https://eur-lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32016L2102>`_, `ETSI EN 301 549 <https://www.etsi.org/deliver/etsi_en/301500_301599/301549/03.02.01_60/en_301549v030201p.pdf>`_, `W3C WCAG 2.2 <https://www.w3.org/TR/WCAG22/>`_, and `WAI-ARIA 2.2 <https://www.w3.org/TR/wai-aria-1.2/>`_ recommendations for accessibility compliance
+- Designed in adherence to `ISO 27001:2022 <https://www.iso.org/standard/82875.html>`_, `Directive (EU) 2019/882 <https://eur-lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32019L0882>`_, `Directive (EU) 2016/2102 <https://eur-lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32016L2102>`_, `W3C WCAG 2.2 <https://www.w3.org/TR/WCAG22/>`_, and `WAI-ARIA 2.2 <https://www.w3.org/TR/wai-aria-1.2/>`_ recommendations for accessibility compliance
 - Multi-site support enabling the operation of multiple virtual sites on the same setup
 - Responsive user interfaces created with `Bootstrap <https://getbootstrap.com/>`_ CSS framework
 - Automated software quality measurement and continuous integration testing
diff --git a/documentation/gettingstarted/Introduction.rst b/documentation/gettingstarted/Introduction.rst
new file mode 100644
index 0000000000..323b59e0b6
--- /dev/null
+++ b/documentation/gettingstarted/Introduction.rst
@@ -0,0 +1,10 @@
+GlobaLeaks <https://www.globaleaks.org/>`_ is free, open-source whistleblowing software that enables anyone to easily set up and maintain a secure reporting platform.
+
+Designed with high security and usability in mind, the software adheres to:
+- `ISO 37002:2021 <https://www.iso.org/standard/65035.html>`_ and `EU Directive 2019/1937 <https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32019L1937>`_ recommendations for whistleblowing compliance
+- `ISO 27001:2022 <https://www.iso.org/standard/82875.html>`_, `General Data Protection Regulation (EU) 2016/679 <https://eur-lex.europa.eu/eli/reg/2016/679/oj>`_, `CSA STAR <https://cloudsecurityalliance.org/star>`_, and `OWASP <https://owasp.org/>`_ recommendations for privacy and security compliance
+- `ISO/IEC 40500:2012 <https://www.iso.org/standard/58625.html>`_, `Directive (EU) 2019/882 <https://eur-lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32019L0882>`_, `Directive (EU) 2016/2102 <https://eur-lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32016L2102>`_, `W3C WCAG 2.2 <https://www.w3.org/TR/WCAG22/>`_, and `WAI-ARIA 2.2 <https://www.w3.org/TR/wai-aria-1.2/>`_ for accessibility compliance
+
+As a `community-driven project <https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_, the software features `open documentation`<https://docs.globaleaks.org/>_, `public application security specifications <https://docs.globaleaks.org/en/main/security/index.html>`_, `public peer review <https://github.com/globaleaks/globaleaks-whistleblowing-software>`_, and a large set of `independent security audits <https://docs.globaleaks.org/en/main/security/PenetrationTests.html>`_.
+
+Since its creation in 2011, it has been widely adopted worldwide by more than 30,000 organizations working in the fields of anti-corruption activism, human rights violation reporting, investigative journalism, and corporate compliance.
diff --git a/documentation/gettingstarted/index.rst b/documentation/gettingstarted/index.rst
index a0885fe02b..28b357dec9 100644
--- a/documentation/gettingstarted/index.rst
+++ b/documentation/gettingstarted/index.rst
@@ -5,6 +5,7 @@ Getting started
     :name: gettingstarted
     :maxdepth: 4
 
+    Introduction.rst
     Glossary.rst
     Features.rst
     Requirements.rst
diff --git a/documentation/index.rst b/documentation/index.rst
index b740d6f355..17d6040da7 100644
--- a/documentation/index.rst
+++ b/documentation/index.rst
@@ -3,8 +3,6 @@ Documentation
 
 `GlobaLeaks <https://www.globaleaks.org/>`_ is free, open-source whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.
 
-Since its creation in 2011, the software has been widely adopted worldwide by more than 10000 organizations working in the fields of anti-corruption activism, human rights violations reporting, investigative journalism, and corporate compliance.
-
 .. note:: This documentation is thank to the support of our community. Join us and contribute with your additions and suggestion. In any of the page you find a link that enables you to provide suggestions and corrections. We remind you that in case of any software issue or bug you may always report on the `ticketing system <https://github.com/globaleaks/globaleaks-whistleblowing-software/issues>`_.
 
 .. toctree::
diff --git a/publiccode.yml b/publiccode.yml
index 3888c1ad9a..9450b229ff 100644
--- a/publiccode.yml
+++ b/publiccode.yml
@@ -190,7 +190,7 @@ description:
       - "Create and manage multiple whistleblowing site (e.g for subsidiaries or third party clients)"
       - "Advanced questionnaire builder"
       - "Whistleblowing system statistics"
-      - "Designed in adherence with ISO 37002:2021 and EU Directive 2019/1937 for security compliance"
+      - "Designed in adherence to ISO 37002:2021 and EU Directive 2019/1937 for whistleblowing compliance"
       - "Bidirectional anonymous communication (comments/messages)"
       - "Customizable case management workflow (statuses/sub-statuses)"
       - "Whistleblower identity conditional reporting workflow"
@@ -203,7 +203,7 @@ description:
       - "Audit log"
       - "Integratable with existing enterprise case management platform"
       - "Free Software OSI Approved AGPL 3.0 License"
-      - "Designed in adherence with the ISO 27001:2022, CSA Star and OWASP recommendations for security compliance"
+      - "Designed in adherence to ISO 27001:2022, General Data Protection Regulation (EU) 2016/679, CSA STAR and OWASP recommendations for privacy and security compliance"
       - "Full data encryption of data and metadata exchanged via the platform"
       - "Digital anonymity support with Tor integration"
       - "Built-in HTTPS support with TLS 1.3 standard (SSLabs A+ rating)"
@@ -218,7 +218,7 @@ description:
       - "Does not leave traces on browser cache"
       - "Multi-site support enabling to run multiple virtual site on the same setup"
       - "Responsive user interfaces built with Boostrap CSS framework"
-      - "Designed in adherence to Directive (EU) 2019/882, Directive (EU) 2016/2102, EN 301 549, W3C WCAG 2.2 and WAI-ARIA 2.2 standards and recommendations for accessibility compliance"
+      - "Designed in adherence to ISO/IEC 40500:2012, Directive (EU) 2019/882, Directive (EU) 2016/2102, W3C WCAG 2.2 and WAI-ARIA 2.2 standards and recommendations for accessibility compliance"
       - "Automated Software Quality Measurement and Continuous Integration Testing"
       - "Long-Term Support plan (LTS)"
       - "Built with lightweight framework technologies (Angular and Python Twisted)"
@@ -304,7 +304,7 @@ description:
       - "Audit log"
       - "Integrabile con la piattaforma esistente di gestione dei casi aziendali"
       - "Licenza AGPL 3.0 per software libero approvata OSI"
-      - "Progettato in aderenza con le raccomandazioni ISO 27001:2022, CSA Star e OWASP per security compliance"
+      - "Progettato in aderenza con ISO 27001:2022, Regolamento Generale sulla Protezione dei Dati (UE) 2016/679, CSA STAR e OWASP per privacy e security compliance"
       - "Crittografia completa dei dati e dei metadati scambiati sulla piattaforma"
       - "Supporto dell'anonimato digitale con integrazione Tor"
       - "Supporto HTTPS integrato con standard TLS 1.3 (classificazione SSLabs A +)"
@@ -319,7 +319,7 @@ description:
       - "Non lascia tracce nella cache del browser"
       - "Supporto multi-sito per eseguire più siti virtuali sulla stessa installazione"
       - "Interfacce utente responsive realizzate con il framework CSS Boostrap"
-      - "Progettato in conformità alla Direttiva (UE) 2019/882, Direttiva (UE) 2016/2102, EN 301 549, W3C WCAG 2.2 e alle raccomandazioni WAI-ARIA 2.2 per accessibility compliance"
+      - "Progettato in aderenza con ISO/IEC 40500:2012, Direttiva (UE) 2019/882, Direttiva (UE) 2016/2102, EN 301 549, W3C WCAG 2.2 e alle raccomandazioni WAI-ARIA 2.2 per accessibility compliance"
       - "Misurazione automatizzata della qualità del software e test di integrazione continua"
       - "Piano di supporto a lungo termine (LTS)"
       - "Costruito con tecnologie framework leggere (Angular e Python Twisted)"