Board Intelligence

The Board Intelligence Platform

The Board Intelligence Platform is a digital board information tool. It allows for the efficient and secure creation and publishing board and committee packs. It also provides an iOS and Windows 10 Apps, providing readers with instant, secure access to their library of board papers.

Features

  • ISO 27001 accredited security for your most confidential information
  • Three click process to compile and publish board papers quickly
  • Automatic page numbering, agenda creation, links and navigation tools
  • Smart annotation features, allowing you to draw, type and highlight
  • Real time control over document access and proliferation
  • A searchable library of all of your past packs
  • An intuitive interface, the closest experience to paper
  • A dedicated service team available for you 24/7/365
  • Secure in-App note sharing

Benefits

  • Increase security, control, auditability and be GDPR Compliant
  • Save hours, by building and distributing board packs within minutes
  • Remove the headache of late papers with simple, instant republishing
  • Access packs anytime, anywhere, online or offline
  • Enjoy the convenience of all board papers in one place
  • Easily search for related materials from other meetings or packs
  • Easily manage non-executives outside your organisation's network
  • Remove confusion with easy version control

Pricing

£250 to £1000 per instance per month

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

1 7 1 2 0 8 7 7 0 9 1 4 1 4 3

Contact

Board Intelligence

Lawrence Evans

02071928200

lawrence.evans@boardintelligence.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Where a planned outage is required, we will notify users two weeks in advance of any outage event. Planned outages are very rare and at a maximum will not exceed 5 hours per 28 day period
System requirements
  • Web: Any device/laptop etc, running a modern Web Browser
  • Mobile Apps: iOS 8 or later and Windows 10
  • Works with Chrome, Firefox, Safari, Opera, Edge and IE (11+)
  • No on site server installation or desktop installations required
  • Processor, memory and storage requirements are negligible
  • No other 3rd party software dependencies

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We a provide 24/7 concierge standard support service and aim to respond immediately to phone calls and within 30 minutes to emails.

On the rare occasions where we are unable to resolve a support request immediately, we will prioritise the support requests according to the following criteria:

1. Critical: Service down or users unable to use the system.
2. Serious: Service operational but with degraded functionality.
3. Inconvenient: Performance issue mildly affecting some but not all users. Routine technical issue.
4. Cosmetic: Information request or change request.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Our web chat is designed to be simple and clear and can be screen read by assistive technologies.
Web chat accessibility testing A number of our clients use assistive technologies and support our beta testing group. Their feedback helps us continuously improve the accessibility of our product.
Onsite support Onsite support
Support levels All clients receive our best, concierge standard, dedicated 24/7 support: (a) Our 24 hour support team act as a first port of call for any support needs, responding to and resolving most issues at the first point of contact. This includes access to technical staff. (b) You will also have a dedicated account manager who will work with you to ensure that the service is set up in the best way for you and that you get the most out of everything we do. We will include regular reviews of usage, support and service levels and feature requests. (c) You also have an escalation pathway direct to our senior management team.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We include everything you need to get up and running including full set-up and support.

SET UP

1. Technical set up: We create your unique portal instance and run our full suite of quality and security tests.
2. Account set up: We create your initial set-up for boards, committees and user accounts, ready for you to use right away.
3. Data migration: If required, we migrate a Client's existing data onto the portal.

TRAINING

1. We always offer unlimited training and support to help maximise uptake.
2. Administrator training: We spend 60 – 90 minutes training users and pack publishers onsite or remote depending on location and preference.
3. Reader inductions: We offer full one on one inductions, web or group inductions for your directors.
4. Full documentation is provided.

ONGOING USE & SUPPORT
1. First meeting: We are happy to attend the first board meeting in which the application is used to ensure everything goes smoothly.
2. Regular reviews: We offer regular reviews of service levels and feature improvements.
3. Ongoing support: We provide a full 24/7/365 support service.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Users are able to download and print/save data from the application at the end of the contract. This can be done by individuals or programatically via our API for the entire organisation. All data is in standard format in which it was uploaded and also in the aggregated pdfs. Users have the ability to export their files as a pdf with the annotations included if allowed.
End-of-contract process All data is securely returned to the client in standard formats, and we use rigorous data eradication techniques to ensure that all client data is securely erased from our systems. This is included in the contract price. Our offboarding process takes 30 days to allow users to extract their data in good time before access is removed and the data is permanently deleted.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • IOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile Apps (also available on any Windows 10 desktop) are designed for directors, trustees, governors and execs to use to securely receive, read, annotate and search their board materials. They include secure offline storage for board packs, device enrolment to allow log in only from approved devices and remote wipe functionality, as well as secure syncing of annotations across devices.

Desktop access is via a browser, which allows access to download board packs (if enabled allowed by your policies).
Service interface Yes
Description of service interface The service interface is accessed via a secure browser and allows managers to create and distribute board packs, to manage users and their access rights and to access the audit trail.
Accessibility standards None or don’t know
Description of accessibility Almost all our content is text content. Non-text content is limited to buttons and icons which all have a text name describing their functionality.

The service does not include audio or video content or captions.

We do not use colour as the only means of determining status.
Accessibility testing None at this stage, W3 accessibility is on our road-map for our platform.
API Yes
What users can and can't do using the API Clients can create, read, update and destroy the following records via our API (note, technical knowledge of RESTful JSON APIs required):
- Users, including account details and access rights
- Boards and committees
- Board packs and agendas
Clients can also access and read the audit trail.
API documentation Yes
API documentation formats
  • PDF
  • Other
API sandbox or test environment No
Customisation available Yes
Description of customisation Limited customisation of the service is possible. This includes:
- Board pack branding and covers
- Security configurations (IP constraints, password complexity, MDM, 2FA etc.)
Customisations are carried out by our team at the request of your senior point of contact or delegated individuals on behalf of your senior point of contact.

Scaling

Scaling
Independence of resources Each client has its own dedicated slice of virtual infrastructure, provisioned with all the resources needed for the service. These resources, once provisioned are not shared with other clients and so are unaffected by heavy use from other clients.

Analytics

Analytics
Service usage metrics Yes
Metrics types Full audit trail of activity in CSV format from which clients can see who did what and when. All actions are categorised and time stamped so can be reported on and analysed in a variety ways. Including:
- Logins
- Pack edits and publishes
- Downloads
- Access rights changes
- Annotations
A system screen in the administrator environment is available to review the above information at any time.

We also summarise the key usage stats for our quarterly client review meetings.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach This can be done:
- Manually by downloading the required data through our user interface
- Programatically, using our API
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • The original format in which they uploaded the data
Data import formats
  • CSV
  • Other
Other data import formats
  • Microsoft Office formats: Word, PowerPoint Excel
  • PDF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Uptime guarantee: 99.9%
Restoration target in event of disaster recovery incident: 4 hours
Target state in event of disaster recovery incident: Less than 30 minutes of data loss.
Approach to resilience We operate over multiple data centres. Our set-up is live-live-live and is set up so that that failure of a data centre or piece(s) of hardware in a data centre do not affect the ability of our service to operate.

More details available on request.
Outage reporting Email alerts and proactive communication from our support team and your account manager.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Access is strictly controlled. Our support staff have access only to basic user information and troubleshooting tools with no access to higher level functions or underlying client data. Such access is restricted to only senior members of our management team, whose usage of such interfaces is governed by our strict policies and is logged in a separate system to which the users have no access and therefore cannot edit.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Certification Europe (UKAS Accredited)
ISO/IEC 27001 accreditation date August 2015 with 6 monthly surveillance audits ever since
What the ISO/IEC 27001 doesn’t cover N/A Our ISO certification covers our entire business and service with no exclusion in the Statement of Applicability.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We recognise that our secure software service forms just one part of our business and that it is essential our entire organisation maintains the same high standard of Information Security best practice and awareness. We maintain a dedicated Information Security function and a comprehensive set of policies, guidelines and training for all staff. All are updated regularly and embedded company wide and all are covered by our ISO27001 certification.

A full list of the relevant areas covered by our policies is below. More details are available upon request.
• Information Governance & Security Policy Overview
• Information Security Incident Management
• Risk Management
• Access Control & Account Management
• Business Continuity & Crisis & Disaster Recovery
• Data Protection
• Information Classification & Handling
• Software & Development Lifecycle
• Internal Audit and Review
• Viruses & Malware
• Internet & Email Acceptable Use
• Mobile Computing & Teleworking
• Physical Security
• Removable Media
• Whistleblowing

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All service changes are tracked, either through code control for software and infrastructure changes (GIT) or through management processes for service and support changes.

All proposed changes are subject to risk assessment before work begins, those deemed to affect or potentially affect information security are escalated to our Information Security Committee and, if needed, put to an internal working group or external experts for review of the plan and potential impact.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We subscribe to relevant industry feeds for zero day vulnerabilities and patches for all technologies in our stack.

We prioritise the assessment and application of these patches to ensure we stay up to date. Our infrastructure also allows us to hot swap clients to newly patched systems with zero downtime.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We have a number of monitoring systems that provide automated alerts if a potential vulnerability or compromise is detected. This includes firewalls, malware scanners and intrusion detection systems. If an alert is triggered the support team respond right away to investigate. If an alert is confirmed as a compromise we quarantine the affected systems pending investigation, form a working team to prioritise our containment and resolutions actions and immediately notify any affected clients.
Incident management type Supplier-defined controls
Incident management approach Our incident management response is governed by our ISO 27001 incident management policy which defines how we respond to common events, depending on severity. Our support team also has a range of operating procedures to govern response to support issues.

We track all support issues and incidents. Any incident that affects security is tracked in more detail in our incident tracker and receives a full follow-up retrospective from our information security committee to ensure it is properly closed and lessons learnt.

We provide incident reports to clients via their preferred channel. Established at set-up. Normally by email.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £250 to £1000 per instance per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Users have access to the full application service for a limited period of time (usually 30 days) to assess the merits.

Service documents

Return to top ↑