Security
Board Document Security
BoardCloud uses AES-256 bit security specification to encrypt all documents stored on our servers. This includes uploaded documents, documents originated on the platform as well as ancillary documents such as cover pages and packet divider pages.
Uploaded documents are encrypted as they are transferred after which the source documents are deleted. From then on, requests to open, view or edit any document are authenticated based on the Group and Role permissions of the requesting user, before being unencrypted for reading purposes.
Board Packet Security Options
All published packets and minutes are stored in encrypted form and can additionally have extra security added.
Some commonly used extra security options include:
- Prevent printing of the document
- Password protect the document
- Prevent editing
The image below shows the plethora of security options available for each published pack.
System Security
To begin with, the BoardCloud multi-tenant platform is built on the Microsoft Enterprise Framework. We make use of the latest built in security features to ensure that your private company documents can only be accessed by authorized individuals.
Group & Role Based Security
Board packs are published to specific committees and are only visible to individual committee members once they have successfully logged in.
Audit Logs
All activity related to access of the board portal and the information it holds and protects are logged. Audit records contain dates, times and user information as well as user actions. This information is available for forensic or routine audit purposes.
Sharing of Document Links
Documents stored in BoardCloud cannot be shared by simply emailing or messaging a link. When received by any of these means, clicking on a link, will initiate a challenge/response process that requires the user to authenticate before the link is opened.
Document links are 'hashed' to make them impossible to guess or hack.
Click the link below to see an example of a link, which was too long to fit on this page!
Here's an example link:
Changing any character in the link above, will invalidate it. Only authenticated users will be able to view it, provided they have the correct login and committee access roles.
IT Administrator Access
Often, secure document storage, does not go far enough. Sure, users and unauthorized actors are prevented from viewing documents stored on a server but system admins often can have clear access to documents and repositories. And often there is nothing to prevent a sysadmin from copying documents to a local drive, in a readable state.
With BoardCloud, this kind of transgression is not possible, since the documents are stored with encrypted names and content. This renders them useless to bad actors looking for sensitive company information.