Many organizations have a comprehensive plan for managing regulated data with security, processes, and policies in place to guard against leaks or intrusions, either from external parties or internal personnel (be it accidental or deliberate). How that same organization manages and secures its unregulated data can reveal its natural and cultural approach to Information Security.
Perhaps there is no better indicator for this than how the organization works with its board materials. Board-level information, often seen by only the directors and most senior managers, can be amongst the most sensitive and private information an organization has, but it is often not classed as regulated data. Its approach to how this information is stored, controlled, distributed, and kept secure can be an indicator of how unregulated data is handled across the whole of the organization.
There are a multitude of standards used by boards in the way they distribute and consume board materials, be it board packs for meetings, processing of minutes and resolutions or circulation of policies, briefs and other board documents. These standards range from completely paper-driven meetings, to email and consumer file-sharing sites, to purpose-built electronic board portals. There are many iterations in-between, spread across different organisational sizes, industry sectors, geographic locations and organisation types (e.g. for-profit, not-for-profit, government, etc.).
If you are anyway involved in advising or setting how board materials are handled; from an IT security, corporate governance, or administrative perspective, one of the keys to success is to recognize who you are working with and how far they are prepared to travel. The directors, who are sometimes also shareholders, are often at the top of the hierarchical tree and you may need to work within the boundaries they set, as opposed to what you would like to implement in accordance with current best practices. Some examples of how this compromise can be achieved include:
- If directors want to receive paper copies, prepare to take their personal copy at the end of each board meeting to shred; keep one, official copy on file so they can refer to it in future when necessary
- If, upon moving to an electronic method, directors still want the ability to print paper copies then add watermarks so any printed copies clearly identify the individual concerned
- If the electronic method uses personal devices, or consumer file-sharing sites, ensure there is a way to wipe board documents from the device/site should that director leave the organization so they don’t have access to sensitive board material they are no longer authorized to read
We have co-authored a white paper that expands upon these best practices for data management and board governance.
About The Author
- Passageways builds collaboration software that helps people do meaningful work, from the board of directors through to the team and people who do today’s indispensable work. OnBoard is a board governance solution, designed to improve collaboration for directors and administrators throughout the complete meeting life cycle. OnSemble's an Employee Intranet that connects an entire workplace to one central collaboration hub, builds your culture, and inspires employee engagement.
- Employee Intranet2019.04.18State Bank of Lizton Bolsters Communication with OnSemble
- Board Portal2019.04.09College of Saint Benedict Successfully Transitions to AGB OnBoard
- Board Portal2019.04.08Survey Says: Forward Bank Improves Board Meetings with OnBoard
- Uncategorized2019.04.04OnBoard Named Leader in G2 Crowd Grid For Board Management Software