Many organizations have a comprehensive plan for managing regulated data with security, processes, and policies in place to guard against leaks or intrusions, either from external parties or internal personnel (be it accidental or deliberate). How that same organization manages and secures its unregulated data can reveal its natural and cultural approach to Information Security.
Perhaps there is no better indicator for this than how the organization works with its board materials. Board-level information, often seen by only the directors and most senior managers, can be amongst the most sensitive and private information an organization has, but it is often not classed as regulated data. Its approach to how this information is stored, controlled, distributed, and kept secure can be an indicator of how unregulated data is handled across the whole of the organization.
There are a multitude of standards used by boards in the way they distribute and consume board materials, be it board packs for meetings, processing of minutes and resolutions or circulation of policies, briefs and other board documents. These standards range from completely paper-driven meetings, to email and consumer file-sharing sites, to purpose-built electronic board portals. There are many iterations in-between, spread across different organisational sizes, industry sectors, geographic locations and organisation types (e.g. for-profit, not-for-profit, government, etc.).
If you are anyway involved in advising or setting how board materials are handled; from an IT security, corporate governance, or administrative perspective, one of the keys to success is to recognize who you are working with and how far they are prepared to travel. The directors, who are sometimes also shareholders, are often at the top of the hierarchical tree and you may need to work within the boundaries they set, as opposed to what you would like to implement in accordance with current best practices. Some examples of how this compromise can be achieved include:
- If directors want to receive paper copies, prepare to take their personal copy at the end of each board meeting to shred; keep one, official copy on file so they can refer to it in future when necessary
- If, upon moving to an electronic method, directors still want the ability to print paper copies then add watermarks so any printed copies clearly identify the individual concerned
- If the electronic method uses personal devices, or consumer file-sharing sites, ensure there is a way to wipe board documents from the device/site should that director leave the organization so they don’t have access to sensitive board material they are no longer authorized to read
We have co-authored a white paper that expands upon these best practices for data management and board governance.
About The Author
- Passageways is a SaaS provider of collaboration solutions for boards and employees. OnBoard is a board governance solution, designed to improve collaboration for directors and administrators throughout the meeting life cycle. OnSemble's a lovable, drag and drop, Employee Intranet that connects an entire workplace to one central collaboration hub, builds your culture, and inspires employee engagement.
- Board Portal2020.03.28Staying Connected While Working Remotely
- Board Portal2020.03.28The Guide to Virtual Board Meetings: 6 Best Practices for Staying Connected While Working Remotely
- Board Portal2020.03.28Where Credit Unions Can Find Help During the COVID-19 Crisis
- Board Portal2020.03.28Where Community Banks Can Find Help During the COVID-19 Crisis