- Encryption: All three portals use AES 256-bit encryption for stored data, with RSA 4096-bit encryption or TLS for data in transit.
- Access Control: Role-based permissions ensure users only access relevant documents.
- Authentication: Multi-factor authentication is available in Convene and Ideals Board.
- Additional Features: Convene offers remote data wiping and idle wiping. OnBoard provides disaster recovery and audit trails. Ideals Board focuses on compliance with ISO 27001, GDPR, and HIPAA.
Quick Comparison
| Feature | Ideals Board (A) | OnBoard (B) | Convene (C) |
|---|---|---|---|
| Encryption | AES 256-bit, RSA 4096-bit | AES 256-bit, RSA 4096-bit | AES 256-bit |
| Access Control | Role-based | Granular permissions | Role-based |
| Authentication | Multi-factor | Not specified | Multi-factor (OTP, etc.) |
| Remote Wiping | No | Yes | Yes |
| Compliance | ISO 27001, GDPR, HIPAA | Not specified | ISO 27001, HIPAA |
| Audit Trail | Yes | Yes | Yes |
Key Takeaway
Choose a platform based on your organization’s security and compliance needs. For strict compliance, Ideals Board and Convene stand out. OnBoard excels in additional features like disaster recovery and monitoring tools.
Enterprise-level cyber security for board portal software
1. Board Portal A
Board Portal A, also known as Ideals Board, prioritizes document security with advanced protective measures.
It employs 256-bit AES encryption for stored data and RSA 4096-bit encryption for data in transit, offering a strong dual-layer defense against breaches.
Role-based access controls ensure board members only access documents tied to their roles, limiting unnecessary exposure.
Additionally, multi-factor authentication adds another layer of security. Every login requires a verification code sent via text, making it harder for stolen credentials to be misused.
This portal also meets strict compliance standards, adhering to ISO 27001, GDPR, and HIPAA. Its security framework undergoes regular audits and updates to stay current.
2. Board Portal B
OnBoard uses Microsoft Azure to safeguard board documents with RSA 4096-bit encryption during transmission and AES-256 encryption while stored. This ensures high-level protection for sensitive data at all times.
"The strongest standard in the board portal industry – our data centers utilize industry leading RSA 4096 bit encryption for data in transit between a user's device and at rest." – OnBoard
OnBoard's access controls allow for granular permissions, letting administrators fine-tune who can view, edit, or share specific documents. This ensures board members only access materials relevant to their roles.
Key security features include:
- Remote wiping: Administrators can erase sensitive data from lost or stolen devices.
- Idle wiping: Automatically clears cached data after periods of inactivity.
- Disaster recovery: Active geo-replication on Microsoft Azure ensures data protection in case of emergencies.
In addition to these measures, OnBoard offers detailed monitoring tools. This is especially critical given that 56% of board members use personal email for board communications.
OnBoard also maintains an audit trail that logs document access and changes. This feature supports accountability and ensures compliance with security protocols, making it particularly useful for organizations with stringent document governance requirements.
sbb-itb-d1a6c90
3. Board Portal C
Convene, built on AWS infrastructure, uses AES 256-bit encryption to safeguard board documents and communications, ensuring a high level of data protection.
The platform's role-based access control system allows for tailored permissions. For example, finance teams can access budget and sales reports, while marketing teams are restricted from viewing them. This level of control is vital, especially considering that human error is responsible for 95% of data breaches. To further enhance security, Convene includes multi-factor authentication.
Multi-factor authentication options on Convene include face recognition, SMS verification codes, and time-based one-time passwords generated through Google or Microsoft Authenticator. Additionally, the platform tracks user activity through detailed audit trails, logging document uploads, downloads, and interactions.
Convene complies with ISO 27001 and HIPAA standards. Its AWS cloud-based infrastructure not only protects data but also ensures uptime and reliability - important factors given that 40% of companies reported cyber-attacks with losses exceeding $1 million in the last year.
Feature Comparison Table
Here's a breakdown of the core security features offered by three popular board portals:
| Security Feature | BoardPaq (Board Portal A) | Nasdaq Directors Desk (Board Portal B) | Convene (Board Portal C) |
|---|---|---|---|
| Encryption Standard | AES 256-bit encryption | TLS encryption for data in transit | AES 256-bit encryption |
| Authentication Methods | Not available | Not available | Multi-factor (OTP, device registration, TOTP) |
| Remote Data Wipe | Not available | Not available | Remote data wipe |
BoardPaq uses AES 256-bit encryption to secure its data. Nasdaq Directors Desk focuses on protecting data in transit with TLS encryption. Convene goes further by offering AES 256-bit encryption, multi-factor authentication (including OTP, device registration, and TOTP), and remote data wipe functionality.
Interestingly, surveys indicate that access controls are considered 100% essential for managing board documents effectively.
Recommendations
When selecting a secure board document platform, it's essential to focus on your organization's specific security and compliance needs.
For organizations handling highly sensitive data, Dossiere stands out with its military-grade encryption, frequent code audits, and support for secret-level documents.
Large enterprises requiring strong compliance measures might consider Diligent Boards. Trusted by 700,000 directors, it offers advanced security features like 256-bit AES-GCM encryption, 256-bit SSL/TLS 1.2, and governance aligned with the NIST Cybersecurity Framework. It also holds ISO/IEC 27001 certification.
"We had to communicate highly sensitive government directives to the board prior to [their] becoming public knowledge, and collaborating via Diligent was reassuring. We didn't have sensitive data moving around our email network, and this meant we kept valuable patient data and system information secure and confidential."
– Dauniika Puklowski, Director, Board Administration Services Ltd, New Zealand
For strict compliance, prioritize platforms that support OAuth 2.0 or mTLS. Additionally, using intelligent adaptive multi-factor authentication (MFA) ensures a balance between security and user accessibility.
Key Evaluation Criteria
- Authentication: Ensure support for multiple methods and token revocation.
- Encryption: Look for platforms offering at least AES 256-bit encryption.
- Compliance: Verify alignment with industry standards.
- Security Audits: Choose platforms that undergo regular security assessments.
These criteria align with the security features outlined earlier. For a quick recap, refer to the feature comparison table.
Lastly, directories like BizBot can help organizations compare board management solutions, making it easier to find an option that meets security needs while staying within budget.
