Diligent Boardbooks Ltd

Diligent Board Portal: Governance Cloud

The Diligent Board portal is a secure solution that allows, leadership teams and administrative staff to simplify how board packs are managed. Our board meeting management software enables leaders to govern at the highest level with offline access with added modules, minutes, messenger and evaluations supporting the digital board pack.

Features

  • Cross-platform availability: iOS, Android & Windows
  • Online & offline accessibility across all platforms
  • Unlimited Storage across Current Books, Archived Books & Resource Center
  • Voting & Resolutions – Create and embed your own signatures
  • Unlimited training, onsite and offsite with dedicated account manager
  • Automatic agenda builder linked to board papers
  • Supporting modules for Minutes taking, secure Messenger & Evaluations
  • Full search functionality across all documents stored in Diligent
  • ISO 27001 accredited, 2FA, Touch ID, Document watermarking
  • Sync notes and annotations across multiple devices, collaborative note commenting

Benefits

  • Unlimited 1-2-1 training for all users throughout the contract life
  • Sign off documents remotely with digital signatures
  • Store and review your notes from your archived books
  • Distribute sections of books when ready and update periodically
  • Utilise your current hardware with support across iOS, Android, Windows
  • Access books offline and continue to take notes and annotations
  • 24/7/365 award winning support direct with Diligent employees and experts
  • 120+ development team dedicated to upgrading, patching & adding functionality
  • Automatically generate an agenda with presenter, timings and links created

Pricing

£500 per licence per year

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

3 0 9 6 2 2 2 5 2 6 3 0 4 3 4

Contact

Diligent Boardbooks Ltd

William Wastell

0207 605 7480

sales@diligent.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
Diligent is committed to the ongoing operation, support, maintenance, improvement, and enhancement of our board portal solution and we strive for the highest level of service delivery excellence. We are fully prepared to actively participate in partnership with the client throughout the engagement lifecycle. Check-in points and planned maintenance will be identified in our Implementation Plan and timeline from the start of the engagement. There are no specific hardware configuration limitations.
System requirements
Not applicable.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our superior “Concierge” level of service and support reflects our understanding of the importance of being available 24 hours a day, 7 days a week, and 365 days a year to assist every user. The board portal is the firm’s sole line of business, and all support personnel are experts on the system. Over 99% of all calls are typically answered in four rings by one of our 92 dedicated support team members (as of August 1, 2017) and 98% of issues are resolved in less than 8 minutes (as of January 1, 2018).
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
Each Diligent client is assigned a dedicated account team that is available during local business hours. Furthermore, all board members, company secretaries, executives, administrators and upload staff have the same level of around-the-clock access to global, multi-lingual customer support teams located in New York, London and Christchurch, New Zealand.

All Diligent Customer Success teams are headed by Directors with an average of 14 years of experience and proven track records in building long-term customer relationships. Each team is typically comprised of five members with an average of 10 years of experience, primarily in software, customer service and training. The board portal is the firm’s sole line of business, and all support personnel are experts on the system.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Diligent provide unlimited one-on-one or group training for users/personnel. The initial training includes:

• Separate training session(s) for the company secretary and the administrative staff (including uploaders). Training includes instruction on: log-in procedures, password usage, creating and building a Diligent Boards file/database, editing and making changes, and uploading/converting files into the Diligent Boards format for easy viewing by board members
• A separate training session for executives that wish to become familiar with Diligent Boards technology prior to the first board meeting
• One-on-one training sessions with board members. Training includes log-in procedures, managing your board materials (Current/Archived books and the Resource Center), reading a book, searching, annotating, voting, and printing; as well as how to check contacts, the calendar and email.
• Ongoing training, including training for new board members, executives and staff members, on-site or via web-conferencing, on an as-needed basis
• Printed, multi-lingual user guides for quick, easy reference
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Customer data is always available in the customer's database for as long as there is a contract in place. Diligent can assist customers with downloading their data in PDF format before the end of the contract.

Customers can delete data from the database at their discretion. The data retention periods are determined by customers. Should the contract terminate, the customer’s database will be deleted on the production servers and the encrypted data in the backups will be removed promptly.
End-of-contract process
Diligent provides clients with subscription-based access to its software and associated services, including: securely hosting the clients’ data, customer service, and support for the application. We are committed to the ongoing operation, support, maintenance, improvement, and enhancement of our board portal solution. Our processes include identifying and constantly recommending new enhancements and changes to the system. Our customers are always looking for more features and benefits – we are in a continuous cycle of improvements.

Included within contract:
- Unlimited Storage
- Unlimited Training
- Unlimited Product Upgrades
- Unlimited 24x7x365 Phone Support

Additional cost:
Diligent works in a modular fashion, enabling organisations to add on supporting modules as and when they require. This modules are continuously evolving and currently the list of modules
- Diligent Minutes
- Diligent Messenger
- Diligent Evaluations

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The primary difference is on the administrative side of the application, which is mainly used for uploading board books via a desktop. There are few differences for users viewing board books across various mobile and desktop interfaces.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
The appearance of the client’s various user interfaces (i.e., structure, logo, etc.) are customisable during implementation. The Diligent platform can be customised throughout each site, with any applicable logos (different logos for different sites, if multiple sites exist) and/or structures/hierarchies.

Scaling

Independence of resources
Diligent Boards’ Software as a Service (SaaS) architecture allows us to scale up (i.e., adding more powerful servers/ storage/network devices) and scale out (i.e., adding more servers/storage/ network devices to the system).

Diligent monitors the Boards production environment using commercial monitoring tools as well as internally developed tools to continuously monitor resource usage and application performance.

Our infrastructure is well positioned for growth and we are confident that we can easily accommodate our clients’ needs.

Analytics

Service usage metrics
Yes
Metrics types
All edits made to documents are tracked. Administrators can view a log of when documents were uploaded and by whom. Tracking for approvals of documents is logged as well.

In addition, Diligent offers reporting features for administrators to track a variety of information, such as: user access, committee membership, meeting attendance, voting results, and survey/questionnaire results.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Data is encrypted by Hardware Security Modules (HSM) to AES 256-bit and stored in per-customer database instances. The keys are kept internal to the system with the customer key being stored in the HSM

Secure containers, racks and cages. Cages require bio-metric scan for access
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data retention is determined by customers. Customer data is always available in the customer's database for as long as there is a contract in place and can be exported in PDF format at any time during the contract.
Data export formats
Other
Other data export formats
PDF
Data import formats
Other
Other data import formats
  • Microsoft Office Files
  • PDF
  • CSV
  • HTML
  • BMP
  • TIFF
  • JPEG
  • Other (drag and drop functionality accomodates most file types)

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
The Diligent Service will be available at least 99.5% of the time in any calendar month.

If the system level availability is between:
(a) Ninety-nine and forty-nine hundredths percent (99.49%) to ninety-five percent (95%) in any given calendar month, Client shall receive a credit equal to ten percent (10%) of that month’s Subscription Fees, being 1/12 of the annual Subscription Fee;
(b) Ninety-four and nine tenths percent (94.9%) and below in any given calendar month, Client shall receive a credit equal to twenty-five percent (25%) of that month’s Subscription Fees, being 1/12 of the annual Subscription Fee.

Further details are available in the Diligent Service Level Commitment upon request.
Approach to resilience
Database replication takes place between the primary and secondary data centers. In addition, daily differential and monthly full backups are taken and stored at both primary and secondary data centers. There is geographic separation between the primary and secondary sites. The RTO is 4 hours for full operation in the event of a failover.
Outage reporting
Service outages are reported via email alert.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Access, both logical and physical, to critical assets and the authorizations on those assets have to be requested by the employee's line manager, reviewed and approved by security group and implemented by MIS/ProdOps (as appropriate).​ All access is provided with consideration for least privilege and separation of duty. Privileged access changes are tracked and approved in accordance with the change management process. Changes in access permissions due to reassignment follow the above “Change in Position” process.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Schellman and Company
ISO/IEC 27001 accreditation date
30/07/2019
What the ISO/IEC 27001 doesn’t cover
The scope of the of the ISO/IEC 27001:2013 certification is limited to the information security management system (ISMS) supporting the Diligent Corporation Platform System to its customers, and prevailing managed information technology services best practices including people, processes, and facilities for Diligent Boards Services, BoardEffect Services, Board Level Consulting Services, Concierge-level Training and Support Services, and Electronic Hosting Services business units, and in accordance with the Statement of Applicability, version 1.7 dated May 15, 2019.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Trust-E

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Security process descriptions and incident management policies are available upon request.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Processes are assured by independent validation. Further details available upon request.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Processes are assured by independent validation. Further details available upon request.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Processes are assured by independent validation. Further details available upon request.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Processes are assured by independent validation. Further details available upon request.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£500 per licence per year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Users will be able to trial the end to end solution of both the board member view as well as the administration side to create and distribute papers. Supporting modules can also be trialed upon request.

Service documents

Return to top ↑