Security

Our clients entrust Boardfolio with some of their most valuable information, therefore ensuring your data is secure and protected on our board management portal is one of the most crucial responsibilities we have. Boardfolio takes a broad and uncompromising approach to security and we have implemented a multi-layer defence framework to safeguard your data in our portal.

Two hands on a tablet with padlock on the screen

Application

Advanced data security

Boardfolio protects your data using sophisticated cryptographic models. Our encrypted board management portal ensures the confidentiality and integrity of your communications, data, and files.

Boardfolio protects every file and resource using a multi level encryption framework together with industry-accepted encryption algorithms and standards. Sharing and accessing of files is protected by both access control and user's unique decryption key.

Data transiting to and from Boardfolio's servers is encrypted using secure SSL/TLS-protected channels. All client data at rest is secured using the Transparent Data Encryption (TDE) mechanism.

Administrator of digital board meeting software accessing cloud-based Boardfolio application

Secure by design

Secure by design

Boardfolio is designed and developed with security considerations from the ground up. Security reviews, which leverages automated code scanning tools, as well as manual reviews, are implemented as part of the software development process.

Independently tested

Independently tested

Regular penetration tests are performed on Boardfolio by 3rd party cybersecurity experts and we ensure no high-risk component is ever released to the client production environment. Board portal security will always be a priority.

Granular access configurations

Granular access configurations

The application enables clients to have complete control over their data. Administrators can manage user accounts, delegate rights and assign roles and permissions. Spaces, board packs, and files can be granted specific access privileges.

Infrastructure

State-of-the-art data centres

State-of-the-art data centres

Boardfolio is hosted in highly secure, ISO 27001 certified data centres in the Netherlands. Your data on our board portal is managed under widely adopted security processes and standards for commercial Information Security Management Systems.

Physical security

Physical security

Physical access to our data centres is protected 24x7 by advanced, multi-layered security systems which include documented security policies and procedures for access, round-the-clock onsite security officers, CCTV surveillance, motion detection as well as biometric access control card readers.

Highly robust architecture

Highly robust architecture

Boardfolio's infrastructure has built-in high availability, consisting of failover mechanisms in the unlikely event of hardware and component failures. Redundancy is built into all aspects of our infrastructure to ensure reliability of service and prevent data loss.

  • Multi-layer firewalls installed to protect networks and instances
  • Enterprise antivirus installed on all Praxonomy servers
  • Network access control (NAC) implemented on individual machines and private virtual networks (VLAN)
  • Intrusion Prevention System (IPS) deployed throughout the architecture to detect and prevent vulnerability exploits
  • Strict access controls and procedures around production servers
  • Network segmentation implemented to allow for better access control, improved monitoring and prevention of unauthorised access
  • Detailed security event monitoring, logging and analysis

Privacy

Praxonomy shares the belief that privacy is a fundamental human right, therefore we have built strong security and privacy in the very fabric of our board management solution. We secure your most valuable information. We continuously strive to achieve the highest security standards in our board portal.

Privacy by design

Privacy by design

We only collect and store information that is necessary to offer high-quality service and we only do this with your consent. Our privacy practices are detailed in our Privacy Policy.

Transparency report

Transparency report

Praxonomy is transparent about lawful data requests we receive from third parties and how we handle them. We publish the details here.

GDPR Compliant

GDPR Compliant

Boardfolio is fully compliant to the strict data protection laws of the European Union and we are committed to helping clients fulfil their relevant obligations of GDPR.

In light of this Cure53 black-box security assessment, it can be stated that the Praxonomy application makes a rather positive, robust impression.

Dr.-Ing. Mario Heiderich
Founder of Cure53, Berlin-based cybersecurity firm
Logo Cure53
(Despite repeated efforts, Cure53’s analysts were unable to break Praxonomy’s document security.)

Certifications

ISO/IEC 27001:2013 Certified Badge
ISO/IEC 27001:2013

Praxonomy is ISO 27001 certified. ISO 27001 is one of the most widely recognised and internationally accepted information security standards that sets out requirements for an information security management system.

ISO 9001:2015 Certified
ISO 9001:2015

ISO9001 specifies requirements for a quality management system. The certification requires Praxonomy to demonstrate the ability to consistently provides products and services that meet customer and regulatory requirements.

GDPR Compliant logo
GDPR Compliant

Boardfolio is fully compliant to the requirements set out in The General Data Protection Regulation 2016/679 and we are committed to helping clients fulfil their relevant obligations of GDPR.

Verasafe Privacy Seal
Verasafe Privacy Seal

Boardfolio's data governance and data security in relation to the processing of personal information (see Privacy Policy) is certified by Verasafe. Praxonomy is required to maintain a high standard & implement best practices for data privacy.

Boardfolio Security

Personnel and operational security

The company employs formal operating procedures, controls and well-defined roles and responsibilities over all aspects from development, testing, deployment to post-deployment monitoring to ensure continued data security and integrity. System and configuration changes can only be performed by authorised engineers under strict control measures.

Independently audited

Praxonomy appoints independent security experts to perform regular and in-depth security audits. We also employ internal processes to ensure that our security measures are properly implemented and in accordance with industry best practices.

Backups and disaster recovery

On top of our high availability and redundant infrastructure, the system is backed up at regular intervals to ensure uninterrupted service availability.

Security Whitepaper

An in-depth look at Praxonomy's approach to security and compliance, including details on infrastructure, application design, cryptography, organisational and technical controls.

Download Now

Learn more about Boardfolio