Many organizations have a comprehensive plan for managing regulated data with security, processes, and policies in place to guard against leaks or intrusions, either from external parties or internal personnel (be it accidental or deliberate). How that same organization manages and secures its unregulated data can reveal its natural and cultural approach to Information Security.
Perhaps there is no better indicator for this than how the organization works with its board materials. Board-level information, often seen by only the directors and most senior managers, can be amongst the most sensitive and private information an organization has, but it is often not classed as regulated data. Its approach to how this information is stored, controlled, distributed, and kept secure can be an indicator of how unregulated data is handled across the whole of the organization.
There are a multitude of standards used by boards in the way they distribute and consume board materials, be it board packs for meetings, processing of minutes and resolutions or circulation of policies, briefs and other board documents. These standards range from completely paper-driven meetings, to email and consumer file-sharing sites, to purpose-built electronic board portals. There are many iterations in-between, spread across different organisational sizes, industry sectors, geographic locations and organisation types (e.g. for-profit, not-for-profit, government, etc.).
If you are anyway involved in advising or setting how board materials are handled; from an IT security, corporate governance, or administrative perspective, one of the keys to success is to recognize who you are working with and how far they are prepared to travel. The directors, who are sometimes also shareholders, are often at the top of the hierarchical tree and you may need to work within the boundaries they set, as opposed to what you would like to implement in accordance with current best practices. Some examples of how this compromise can be achieved include:
- If directors want to receive paper copies, prepare to take their personal copy at the end of each board meeting to shred; keep one, official copy on file so they can refer to it in future when necessary
- If, upon moving to an electronic method, directors still want the ability to print paper copies then add watermarks so any printed copies clearly identify the individual concerned
- If the electronic method uses personal devices, or consumer file-sharing sites, ensure there is a way to wipe board documents from the device/site should that director leave the organization so they don’t have access to sensitive board material they are no longer authorized to read
We have co-authored a white paper that expands upon these best practices for data management and board governance.
About The Author
- At OnBoard, we believe board meetings should be informed, effective, and uncomplicated. That’s why we give boards and leadership teams an elegant solution that simplifies governance. With customers in higher education, nonprofit, health care systems, government, and corporate enterprise business, OnBoard is the leading board management provider.
- Board Management Software2022.05.17Technology Grants for Nonprofits: 5 Options in 2022
- Board Management Software2022.04.2713 Ways to Drive Board Meeting Engagement
- Board Management Software2022.03.15How to Amend Board Bylaws for a Nonprofit Organization
- Board Management Software2022.03.04The Board Skills Matrix: An Essential Tool for Better Board Composition