Ask the Expert June 2013
Q: We currently prepare paper board packs and want to keep control of sensitive board information in-house. If we switched to a board portal how could we control who sees what?
A: A good board portal supplier takes strong measures to ensure that sensitive data is managed and stored securely. The range of threats to confidential online communication is broad, and a board portal must protect data against all of them. To address these threats, a security-conscious portal is protected by full strength encryption, multi-factor authentication, and is hosted in a highly secure site.
Our viewpoint is that a board portal supplier must maintain a strong perimeter defence using multiple layers of security and constant monitoring. Considerable resources should be allocated to continuously improving security with the latest technologies.
A good board portal supplier will encrypt all data using strong ciphers, both during network transport and while residing on computing platforms. In addition, it should ensure that each customer’s content is segregated into an individual repository and encrypted with a unique key. Only authorised users can access protected data – barring even the supplier’s system administrators.
A big part of board communication is about who sees what and when they see it. Our view is that a board portal should have the functionality to allow administrators to target content to one set of users while simultaneously restricting access to another set. Since you are currently using a paper process, you have the ability to distribute different materials based on the particular board member. This process works despite the fact that it may be slow and inefficient. Customers need the assurance that they will not lose this control when implementing a board portal solution.
Our solution to this challenge is a ‘permissions’ system that gives administrators the ability to restrict access to certain security- sensitive areas and documents. Every folder and file has its own permissions for greater control over content. Permissions include the ability to view, print, edit, or own the document. Role-based security allows the administrator to grant document access including print and save options by committee, group or individual.
In addition to content segregation, a good board portal must have a system to ensure that all content, including directors’ notes, remains under the central control of the administrator. Essentially it must allow administrators to perform the same practice of collecting board books and shredding their contents after the meeting.
Erin Ruck, BoardVantage firstname.lastname@example.org tel. +852 2293 2698 www.boardvantage.com