We are asked about BoardOutlook’s security approach regularly. As a broad rule we don’t want to expose detailed information about our security program because we don’t want to provide intelligence to bad actors.
However, we understand that board data is highly sensitive and our customers need to know that we are employing a best practice security program to protect their information. To this end, we have outlined at a high level the measures we take to protect our customer’s data.
Data Center Security
- We leverage Microsoft Azure to provide infrastructure services to host our environment.
- By using Azure, BoardOutlook is able to take advantage of their sophisticated security environment, logging, identity and intrusion protection systems and focus on our software and your data.
- Azure has a robust DDOS team constantly monitoring their data centres.
- BoardOutlook utilises a developed crisis management plan and disaster recovery plan to ensure continuity in the event of a large scale disaster.
Application Level Security
- We offer customers two-factor authentication (2FA), password sophistication controls and access control restrictions to manage access to their account.
- BoardOutlook routinely scans its applications for vulnerabilities and security issues and we promptly remediate any issues we find.
- BoardOutlook encrypts with SSL, HTTPS, and TLS.
- BoardOutlook employs multiple layers of encryption and obfuscation, designed to protect client data and privacy under all circumstances.
- We use a third party to conduct internal and external penetration testing to validate our perimeter and internal defensive posture annually.