Aprio board portal security: an audit for IT

Despite the claims, not all board portal software offers the same data protection. When comparing SaaS board management systems, it’s worth evaluating data security very closely.

The pressure on IT teams to safeguard data has never been greater. Recent news headlines of data breaches at the Bank of Montreal and CIBC’s subsidiary Simplii Financial highlight the persistent challenges of cybersecurity. Exposed data ruins trust with customers and exposes companies to millions of dollars in losses and lawsuits.

Boards of directors have access to some of the most confidential material a company owns. Yet the security for board information often doesn’t receive the same scrutiny as other corporate systems. The same risk-averse, top-security, buttoned-up approach taken to implement an enterprise resource system should be applied to safeguarding board data.

To help IT teams compare and evaluate board portals, here’s an audit of Aprio board portal software security. We meet the highest security standards across the industry with comprehesive protection for storage, transit and access. But buyer beware: not all board meeting management systems conform to the same standards.

Aprio conforms to the industry’s highest security standards

Data hosting

• Tier 4 data centers
• Microsoft Azure servers
• Daily backups, redundancy, and disaster recovery capabilities
• 24-hour monitoring by security personnel
• Service Level Agreement (SLA) of 99.99% uptime

Data encryption

• RSA 4096-bit encryption
• AES 256-bit encryption in transit and at rest
• SHA-256 cryptographic hash functions to protect passwords

Security controls

• ISO 27001/27002 certification
• Compliance with AT 101 SOC 2 Type 2, SOC 3, GLBA, FERPA, HIPAA, FISMA, SSAE 16/ ISAE 3402
• Certifications under trusted Microsoft Azure cloud services
• GeoTrust certified
• Intrusion detection and Distributed Denial of Services (DDoS) protection

Access and permissions
Server security alone is not enough to safeguard data. Controls for how people access and use information will ensure that your data stays within safe virtual walls:

• Role-based access or granular access permission – restricts access to assigned privileges
• Pages not cached
• Device control – assign which devices can be used to access the portal
• Remote data wiping – immediately wipe data from a lost or stolen device
• Two-factor authentication
• Remote locking – lock out an account if a device is lost or stolen or director leaves
• Single sign-on – one user ID can grant access to all committees and organizations a director belongs to
• Usage reports – ability to monitor director activity
• Document Digital Rights Management (DRM) – control access to documents

These features help you regulate director actions – let them discuss, save notes and review information all within the portal, where your data stays secure.

Aprio considers how people naturally work in different board roles, at meetings and in-between, and uses the most robust technical methods to continuously protect the organization’s data.

To learn more about Aprio board technology, please get in touch.

Author: Federico de Giuli, VP Technology & CIO, and Aprio co-founder.