Diligent Boardbooks is used by more security conscious companies in the world than any other board portal. Many represent those industries with the highest security thresholds such as financial services, defense and healthcare.
Data Hosting – Performance and Redundancy
Customers’ Diligent Boardbooks® data is housed in a world-class hosting infrastructure. Data hosting facilities are operated to Tier 3 equivalent or higher standards. Redundant online hosting facilities enable:
- Local redundancy of systems, storage and network
- Backed up to a secondary, geographically diverse disaster recovery environment
- Real-time 24/7 data monitoring with a secondary site on hand in the event of a disaster
- Daily data backups and intraday “deltas” are saved locally and to the secondary data center, to prevent data loss in the event of a disaster
Data Hosting – Physical Security
Diligent owns and operates its own equipment. Data stored by customers in the Diligent Boardbooks solution is not hosted by any third-party cloud providers. Instead, it is stored on Diligent’s own secure servers protected by strong physical security. Facilities include:
- Onsite guards, visitor sign-in and two-factor physical access
- Multiple internal and external perimeters including segregated storage
- CCTV monitoring (cameras)
- Environmental controls including multiple power feeds and generator backup
Data is encrypted at rest, in transit and on the users’ devices.
- At-rest encryption of AES 256-bit on servers and AES 256-bit on client devices (iPad or PC application)
- In-transit encryption at a minimum of 128-bit SSL/TLS with two-way validation of server communications
Encryption key handling and storage is provided with strong key management using Hardware Security Modules.
- Each customer has a unique set of keys protecting their data
- Keys are encrypted and protected by a separately managed Hardware Security Module (HSM). This hardened, tamper prevention hardware operates at the FIPS 140 Level 3 defined by the US National Institute of Standards and Technology (NIST) and Canadian Communications Security Establishment (CCSE).
Diligent has established a high standard of information security controls, both internally and through independent external validation. Regular and ongoing reviews are conducted:
- SSAE 16/ ISAE 3402 (SOC 1 Type 2) service organization annual audit of controls
- ISO 27001 Certification obtained in February 2014
- Third-party vulnerability scanning and penetration testing
- Diligent employee training in data security requirements
Diligent has also taken a number of steps to guard its clients’ data privacy:
- TRUSTe EU Safe Harbor Framework and Trusted Cloud certifications for privacy processes
- European Union and Swiss Safe Harbor Framework compliant
With Diligent Boardbooks, clients are provided with a highly adaptable security model where they control logical access to their data. Clients can set their security options based on:
- The nature of their business and need for open data vs. greater security and control
- Their changing business needs or threat landscape as it evolves over time
- Encryption is integrated throughout the product, i.e., down to the page level, instead of at the document or even file level
- The same level of security, combined with the convenience of the same user experience and interface, is found in the app both offline and online
The engine underlying the solution is proprietary software owned and developed exclusively by Diligent, giving us more control over the security of our product. Building on this foundation, we use world-class third-party elements for specific functionality, platforms and devices.