Security Dashboard

A security dashboard is foundational to operating a multi-tenant platform handling sensitive personal data for vulnerable populations, including encrypted assignments and health-adjacent contact records. Without centralized visibility, administrators have no way to detect account takeovers, credential stuffing, or unauthorized cross-organization access in time to act. For Meander's customer organizations — disability and health NGOs — a visible security posture also builds trust with their boards, members, and Bufdir auditors, directly supporting sales and retention. Operationally, proactive threat detection reduces incident response costs and minimizes regulatory exposure under GDPR and Norwegian sector-specific data regulations.

The dashboard is a Next.js server-rendered page in the admin portal, pulling aggregated security metrics via REST API endpoints backed by PostgreSQL queries over the audit_logs and sessions tables. Key metrics include failed login counts (windowed), concurrent session counts per user, and flagged events by severity. The security monitoring service runs server-side aggregation queries on a scheduled basis and caches results to avoid heavy real-time DB load. Charts use a lightweight client-side library (e.g., Recharts). Role access is restricted to Org Admin (own org data) and Global Admin (cross-org, anonymized). Real-time alerting can be added in v1.1 via server-sent events or polling.