Security

Keeping your data safe is our top priority at BoardClic and essential to our DNA. Security is a moving target and our protocols are enforced by a dedicated team and continuous product development.

Security & Privacy-First Mindset

Security and privacy are key areas for BoardClic at all times. BoardClic has an Information Security Policy, a Statement of Applicability and a Risk Assessment & Treatment plan in place. They are revisited on a regular basis.

BoardClic works with security and privacy from three perspectives:

  1. Technical – keeping the analytics platform safe from external attacks and data leaks
  2. Organisational – training employees to work in a secure and privacy preserving manner
  3. Environmental – having a secure office without unauthorised visitors

In addition the the above, BoardClic uses an external attack surface management solution on a weekly basis and so far no vulnerabilities have been found.

Two-Factor Authentication

We know that you’ve entrusted us with critical data and only authorised employees at BoardClic have access to the production infrastructure. All key information is protected by two-step authentication.

We adhere to GDPR and keep your data stored and protected in compliance with all applicable legislations. And yes, it’s all stored in Europe.

All data is anonymised and available only to users with documented access. Two-factor authentication is available to all users as an extra layer of protection and we highly recommend that you use it.

Our Approach

BoardClic has one approach to information security risk management for all information assets, which are the following:

  • Confidentiality: information is not made available or disclosed to unauthorised individuals, entities or processes
  • Integrity: safeguarding the accuracy and completeness of information assets
  • Availability: being accessible and usable upon demand by an authorised entity Risk

Assessment
BoardClic has a regular process for systematically assessing information security risks in accordance with BoardClic’s Risk Methodology.

Risk Treatment Plan
In addition the above BoardClic has a risk treatment plan in place that includes but is not limited to how the risks integrate into the wider information security management system (such as the Statement of Applicability) and how actions are taken, and evaluating the effectiveness of the actions taken on the way.

Technical Security Details

  • MFA can be enforced upon users on an organisational level to ensure secure access to the the platform. MFA is implemented by using a one time password that is generated and validated according to RFC 4226 and RFC 6238.
  • Server platforms are certified with ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate, Sarbanes-Oxley (SOX)
  • Production DB has encryption at rest with AES-256, block-level storage encryption.
  • BoardClic leverages industry-standard hashing algorithms (bcrypt) for passwords and other secrets to ensure secure handling.