Board portal data security checklist for IT | Aprio
board portal security checklist for IT
December 8, 2020
Ian Warner

Board portal security checklist for IT

Cybersecurity and risk are among the top concerns of boards. Boards of directors have access to some of the most confidential material a company owns.  As the pandemic presses on, the pressure on IT teams to safeguard data even as executive teams work remotely has never been greater. Many boards are seeking ways of information sharing and collaboration that reduce risk of rising cyber attacks

The best means of protection is to be practical, proactive, and selective in choosing your board portal software. When it comes to protecting your organization’s information, vetting technology partners to ensure they meet the highest security standards is imperative – from data storage to transit and access.

To help IT teams compare and evaluate board portals, we’ve provided a step-by-step checklist on the key areas of board portal security. 

Board portal data security checklist

Step 1: Review data hosting and Service Level Agreement (SLAs).

Secure board portals use dedicated, secure cloud servers so they are not prone to hardware issues. Vendors should be managing the data security and encryption of their software and systems exclusively, and not sharing with other tenants. 

Review the Service Level Agreement (SLA) uptime guarantees, how often servers are monitored by security personnel, and disaster recovery capabilities. 

Step 2: Check data encryption for both in transit and at rest.   

There are two central types of encryption: how data is stored when no one is accessing it (at-rest encryption), and how data is encrypted when it’s sent from the server to a device (in-transit encryption). Choose a board portal with RSA 4096-bit encryption for data in transit and AES 256-bit encryption for data at rest.

Step 3: Align with data storage with your data governance policy.   

Typically, organizations seek to store their data within their country, such as Canada or the United States. Secure board portal software solutions allow you to choose where to store your data so they align with your data governance policy. Beware of vendors who do not provide a choice in where your data is located and who only meet the legal jurisdiction of where they select your data to be stored.

Step 4: Meets the highest security certifications for the industry.  

Board portal software should be subject to rigorous third-party testing to ensure it meets the various agreements and compliance certifications, including ISO 27001. If your organization is highly regulated such as healthcare or a federal agency, you’ll also need to ensure the board portal is compliant to relevant industry standards, such as HIPPA or FISMA. 

Check that the board portal technology meets the following certifications:

  • ISO 27001/27002 certification
  • AT 101 SOC 2 Type 2, SOC 3, GLBA, FERPA, HIPAA, FISMA, and SSAE 16/ ISAE 3402
  • Certifications under trusted Microsoft Azure cloud services
  • GeoTrust certification
  • Intrusion detection and Distributed Denial of Services (DDoS) protection.

Step 5: Ability to control user access.   

Server security alone is not enough to safeguard data. Your board portal technology needs to control how people access and use information to ensure that your data stays within the virtual board portal environment. 

Features to help control user access should include:

  • Role-based and granular access permission capabilities including document level security 
  • Immediate erasing of data from a lost or stolen device
  • Assign which devices can be used to access the portal
  • Ability to lock out users from their account
  • Two-factor authentication and single sign-on capabilities
  • Automatic time-out after period of inactivity 

board portal security checklist for IT

Step 6: Encourages robust passwords.   

One of the first ways to protect sensitive board material from a user perspective is to ensure the use of robust passwords. Your board portal software should encourage use of strong passwords with features such as:

  • Specified password structure and length
  • Forces users to change password regularly
  • Lockout after multiple failed attempts
  • Passwords transmitted in encrypted format

Step 7: Strong security track record.  

Board portals with high security standards have no prior data breaches as well as comprehensive communication protocols in place to deal with one in the event that it should occur.  As part of your board portal evaluation, ask your vendors if they’ve had any data breaches and how they would deal with potential problems if they arose.

Data security is fundamental to our business.

Aprio protects board members from cybersecurity risk as they work, balancing convenient, mobile access to board meeting materials with the most robust technical methods to continuously protect your organization’s data. 

We adhere to the industry’s highest level of security protection and provide layers of advanced security features. Choose to store and protect your data on any of our secure Canadian, US or international servers – which each adhere to independent, third-party requirements for security certifications. Arm your team with the power to control user access, guarantee compliance and remotely wipe lost or stolen devices. 

Ready to see how Aprio protects your organization’s data while providing convenient access to board materials? Book a demo today

Ready to learn more about how to make board meetings more efficient? Book an Aprio demo

Curious? Find out more.

Book your demo

Suite 1090, 1090 West Georgia Street
Vancouver BC Canada V6E 3V7

Suite 450, 1733 H Street
Blaine Washington USA 98230

Board Portal Software
Why Aprio Industries About News Get Demo
Resources Careers Support Contact