Company/Employee Expense Disclosure Portal (End to End Encryption)

Demo Site & YouTube Video List

• DEMO EMPLOYEE EXPENSE DISCLOSURE TEST SITE
• YOUTUBE VIDEO HOW TO LINK

Purpose

This portal is designed to provide a secure, transparent, and efficient system for employees to disclose expenses in alignment with corporate governance and regulatory standards. It ensures accountability, traceability, and proper documentation across all submissions.

The platform supports compliance with key regulations, including SOX, anti-bribery, anti-fraud, and anti-corruption requirements. It is applicable across multiple jurisdictions, including North America, the United Kingdom, the European Union, Singapore, and other international markets.

Built with simplicity and efficiency in mind, the system requires minimal infrastructure and resources to operate. Estimated operating costs are approximately $80 per month, primarily for web hosting. Compared to traditional enterprise solutions that can cost tens of thousands annually, this system provides a highly cost-effective alternative.

The architecture follows a zero-trust model and incorporates end-to-end encryption to ensure data security and integrity.

From a compliance perspective, the platform streamlines data management by supporting:

• Date security
• Review and inspection processes
• Investigation and enforcement workflows
• Easy AI scanning integration

Key features include:

• Comprehensive audit trails for system access
• Detailed security logging
• Encryption controls and oversight mechanisms
• Support for internal and external audits
• Convient the road, desktop or mobile submission
• Support for internal and external audits
• Built to exceed regulatory requirements

The system also complements existing financial tracking and accounting platforms, enhancing overall organizational visibility and control.

Overall, this solution enables a proactive approach to fraud detection and regulatory compliance, helping organizations identify risks early and maintain adherence to evolving standards.

Security (Designed to pass Auditing and Compliance regulations)

• End-to-End Encryption (E2EE)
• Multi-Factor Authentication (MFA)
• Password hashing (bcrypt via password_verify)
• Hard code logins (no db hijacks or insertions)
• Audit Logging
• Secure Data Storage Practices
• Multi-factor authentication (Microsoft or Google Authenticator)
• Session management
• Session fixation protection
• Session-based MFA state tracking
• CSRF protection
• POST request enforcement
• Login attempt limiting (max attempts)
• Account lockout mechanism (time-based)
• TOTP attempt limiting
• Failed, TOTP, Success, Pass Success login tracking
• IP address logging
• AES and RSA encryption
• Decryption exe file
• Decryption exe password lock
• Decryption file SHA 256 (Will only run on authorized pc)
• Decryption required private key to decrypt
• Custom rsa encryption utility
• Custom MFA key generator
• And more..

Disclaimer

This application, including all code and associated files, is the exclusive property of www.thugon.com and its developer. All rights reserved. This software is provided “as is” and “as available,” without any warranties or guarantees of any kind, express or implied. Use of this system is at the user’s own risk. By using this application, the user agrees to release the developer from any and all liability arising from its use. Limited modifications are permitted, provided proper credit is given to the original owner. Unlimited use of the system is allowed. However, this system may not be sold, marketed, transferred, or substantially modified without prior written consent from the developer. The developer reserves the right to update or modify this agreement and disclaimer at any time without prior notice. EXCEPTIONS AND CREDITS: www.thugon.com or the developer does not own the phpgansta Google authenticator library files. Credits to and Copyright (c) 2012, Michael Kliewe, used under his opensource.org license.