Cybersecurity and board portal protection: an audit for IT

Despite the claims, not all board portal software offers the same data protection. When comparing board management systems, it’s worth evaluating data security very closely.

The pressure on IT teams to safeguard data has never been greater. Recent news headlines of data breaches highlight the persistent challenges of cybersecurity. Exposed data ruins trust with customers and exposes companies to millions of dollars in losses and lawsuits.

Boards of directors have access to some of the most confidential and sensitive data a company owns. Yet the security for board materials often doesn’t receive the same scrutiny as other corporate systems. The same risk-averse, top-security, buttoned-up approach taken to implement an enterprise resource system should be applied to safeguarding board data.

To help IT teams compare and evaluate secure board portals, here’s an audit of Aprio’s board management software security. We meet the highest security standards across the industry with comprehensive protection for storage, transit and access. But buyer beware: not all ‘secure board portals’ conform to the same standards and types of data security.

Aprio’s secure board portal software conforms to the industry’s highest cybersecurity standards

Data hosting

• Tier 4 data centers
• Microsoft Azure servers
• Daily backups, redundancy, and disaster recovery capabilities
• 24-hour monitoring by security personnel
• Service Level Agreement (SLA) of 99.99% uptime

Data encryption

• RSA 4096-bit encryption
• AES 256-bit encryption in transit and at rest
• SHA-256 cryptographic hash functions to protect passwords

Security controls

• ISO 27001/27002 certification
• Compliance with AT 101 SOC 2 Type 2, SOC 3, GLBA, FERPA, HIPAA, FISMA, SSAE 16/ ISAE 3402
• Certifications under trusted Microsoft Azure cloud services
• GeoTrust certified
• Intrusion detection and Distributed Denial of Services (DDoS) protection

Access and permissions

Server security alone is not enough to safeguard data. Access controls for accessing data and information will ensure that your board documents stay within safe virtual walls and protects your information security:

• Role-based access or granular access permission – restricts access to assigned privileges
• Pages not cached
• Device control – assign which devices can be used to access the portal
• Remote data wiping – immediately wipe data from a lost or stolen device
• Two-factor authentication
• Remote locking – lock out an account if a device is lost or stolen or director leaves
• Single sign-on – one user ID can grant access to all committees and organizations a director belongs to
• Usage reports – ability to monitor director activity
• Document Digital Rights Management (DRM) – control access to documents

These features help you regulate director actions – let them discuss, save notes and review information all within the portal, where your data stays secure.

When building secure software, Aprio considers how people naturally work in different board roles, at meetings and in-between, and uses the most robust technical methods to continuously protect the organization’s data.

To learn more about Aprio board technology, talk to our sales team. Get in touch.