Security
Infrastructure Security
BoardCloud is built on the Microsoft Enterprise Framework. It uses the latest baked in security features to ensure that your private company documents can only be accessed by authorised individuals.
Group & Role Based Security
Board packs are published to specific committees and are only visible to individual committee members once they have successfully logged in.
Audit Logs
All activity related to access of the board portal and the information it holds and protects are logged. Audit records contain dates, times and user information as well as user actions. This information is available for forensic or routine audit purposes.
Board Document Security
BoardCloud uses AES-256 bit security to encrypt all uploaded documents. Documents are encrypted as they are uploaded and from then on, requests to open, view or edit any document are authenticated based on the Group and Role permissions of the requesting user, before being unencrypted.
Individual Document Security Options
The image below shows the plethora of security options available for each published pack.
Some commonly used options include:
- Prevent printing of the document
- Password protect the document
- Prevent editing
Sharing of Document Links
Documents stored in BoardCloud cannot be shared by simply emailing or messaging a link. When received by any of these means, clicking on a link, will initiate a challenge/response process that requires the user to authenticate before the link is opened.
Document links are 'hashed' to make them impossible to guess or hack.
Click the link below to see an example of a link, which was too long to fit on this page!
Here's an example link:
Changing any character in the link above, will invalidate it. Only authenticated users will be able to view it, provided they have the correct login and committee access roles.
IT Administrator Access
Often, secure document storage, does not go far enough. Sure, users and unauthorized actors are prevented from viewing documents stored on a server but system admins often can have clear access to documents and repositories. And often there is nothing to prevent a sysadmin from copying documents to a local drive, in a readable state.
With BoardCloud, this kind of transgression is not possible, since the documents are stored with encrypted names and content. This renders them useless to bad actors looking for sensitive company information.