By Amanda Biggs Marketing Manager for Leading Boards
Over the past decade boardrooms around the world have been discussing and turning to digital solutions such as board portals as a way to more effectively manage and collaborate. The idea of a paperless boardroom came as a result of three main observations: reinforced regulation on transparency such as the Sarbanes Oxley Act in 2002 established after public corporate scandals; the advent of new technologies in many aspects of our daily lives; and complaints from directors of organisations across various sectors tired of bulky board packs specific to each board or committee meeting.
Organising a board meeting requires an efficient and rigorous process specified in the bylaws of the corporation such as how the notice of a meeting is given, what is the structure of the agenda or how to deliver and access supporting documentation. Corporate secretaries and corporate counsels often claimed that complying with such processes was complex, time-consuming and expensive. The first step towards the board portal as we know today was moving heavy paper-based board packs to a digital format. This led to the development of the electronic board book, relieving the secretary from quantities of paper packs to create and send as well as providing directors with online access to board meeting materials. With such a tool, the secretary had the ability to upload all documentation so directors could view the information on their computers without having to carry around large binders.
With technological progress, as well as more companies embracing digital changes in the way they do business, inside the boardroom new opportunities occurred and electronic board packs rapidly became obsolete. Indeed, with better technology and more options, came the development of board portals. It was no longer only a one-way access to board materials; these included the entire meeting process, as well as meeting archives, collaboration tools and new features such as taking digital notes on documents. With the board portal, board meetings were therefore compliant, more convenient and eco-friendly.
Directors on the go
More and more companies started to turn to these all-in-one solutions which removed excessive paperwork tasks for corporate secretaries, thus gaining time as well as cutting costs and allowing better meeting and document management. But one key aspect was missing: the lack of simplicity and practicality for directors on the go. olds. With such disruptive technology and new flexibility, leading board portal providers revised their solutions and released them on iPads with easy to use applications which included innovative features such as a search tool or personal handwritten notes and highlighting or underlining text on documents to enhance meeting preparation and allow directors to accomplish what they do best: govern.
Digital tablets drove reluctant boards to reconsider the possibilities of a board portal and the applications appealed to many directors who could see the advantages of an easy mobile tool to perform due diligence at all times. Indeed, whether at home, at the office or on the plane, all meeting materials could be available with a single click of a button regardless of internet connection. The board portal began to be seen as a “must-have” governance tool for more efficient meetings and a productive board management. The benefits of a board portal are many but when storing the information in such tool with the hosting managed by an external provider; questions are raised on the security of confidential data: where is it? Who can access it? Is it safe?
Securing your data
With cyber-attacks and data breaches in the news headlines, one of the main concerns of directors when selecting a board portal is undeniably SECURITY. With incidents exposing customer information, financial data or trade secrets leading to reputational damage and expensive lawsuits, when replacing paper with digital, apprehension arises on what happens to the data saved online. Many concerns also occur from the lack of information on how data is processed and stored within a board portal. The board of directors has the responsibility of ensuring a sustainable and successful corporate strategy while protecting the best interests of the company and its stakeholders; therefore the directors must address the risks associated with cyber-attacks. A proactive board sets the tone at the top and works with senior management to establish and promote throughout the company a corporate culture that includes data security and related risks. This begins by providing oversight on the risk management process, requesting regular updates as well as understanding the security risks surrounding board information and therefore securing its sensitive data.
“Directors must address the risks associated with cyber-attacks”
Assembled and delivered to directors in printed paper packs, board information is not secure. Besides the inconvenience of a heavy binder, when carrying board documents around there are risks of accidental disclosures; pages can drop out of the binder, get lost or forgotten in a public place. Therefore, with the threat of industrial espionage, strategic information could fall into the “wrong hands” and seriously harm the business. To remove such risks, some boards decide to use their personal email addresses to communicate and send board materials. This new method shows its limits at once as when using web-based public email services, the process is not secure, documents are not encrypted, such accounts can be hacked and sensitive data exposed, the same observation is true for cloud-based storage.
The key to strengthening board data security came with the improvement of board portals. A portal provides enhanced security measures to guarantee the confidentiality of streamlined processes and all the information stored or shared within the tool. The servers hosting the portal must have IT security certifications and accreditations such as ISO 27 001, an international standard that specifies the management system to ensure information security. Daily vulnerability and penetration tests must also be conducted to guarantee the security of the portal and all data is encrypted in the system to ensure its privacy.
To access the portal, a strong password is required per user and in some cases a two factor authentication can be enabled. After a successful authentication, the user will have access to content and features depending on the authorisation granted, for instance a director may only consult the agenda or take notes on documents whereas the corporate secretary can edit them. With one unique login, directors can access multiple boards through the same portal and all the data is available under all circumstances online/offline. By replacing the physical storage for paper documents by digital files online, this removes the risk of a natural disaster on the storage place as well as freeing up space.
For additional security, note that if the iPad of a director is lost or stolen, all stored and encrypted board documents are removed from the iPad after a set delay or they can be remotely deleted from the concerned device. In comparison with other board portal providers, Leading Boards takes security to a higher level and offers a distinct advantage in terms of confidentiality as all the data it hosts is not subject to the US Patriot Act, thus providing a permanent control on the access to the information which is restricted to authenticated users and protected from outside or State intrusions. To enjoy an easy meeting preparation, reading and note taking features as well as collaborative tools, selecting an external SaaS (software as a service) vendor will provide your board with the best technologies available, a highly secure data storage with servers in various countries and last but not least, directors and corporate secretaries will appreciate unlimited support and training throughout the transition to a digital board and during the daily use of the portal.
Amanda Biggs is a governance writer and marketing manager for Leading Boards, leading board portal provider chosen and approved by organizations worldwide such as public corporations, private companies, non-profits, universities, government agencies and many more.