Board Intelligence

The Board Intelligence Portal

The Board Intelligence portal is a digital board information tool. It allows for the efficient and secure creation and publishing of board and committee packs. It also provides native apps for iPhone/iPad, Mac and Windows 10 - providing readers with instant, secure access to their library of board papers.


  • ISO 27001 accredited security for your most confidential information
  • Three click process to compile and publish board papers quickly
  • Automatic page numbering, agenda creation, links and navigation tools
  • Annotation features, allowing you to draw, type, highlight & memo
  • Real time control over document access and proliferation
  • A searchable library of all of your past packs
  • An intuitive interface, the closest experience to paper
  • A dedicated service team available for you 24/7/365
  • Secure in-App note sharing
  • Video Conferencing Integration


  • Increase security, control, auditability and be GDPR Compliant
  • Save hours, by building and distributing board packs within minutes
  • Remove the headache of late papers with simple, instant republishing
  • Access packs anytime, anywhere, online or offline
  • Enjoy the convenience of all board papers in one place
  • Easily search for related materials from other meetings or packs
  • Easily manage non-executives outside your organisation's network
  • Remove confusion with easy version control
  • Remove or suspend user access directly from our platform


£7,700 an instance a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

4 0 9 6 4 8 8 2 9 9 4 2 3 3 6


Board Intelligence Tom Newman
Telephone: 02071928200

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
Where a planned outage is required, we will notify users two weeks in advance of any outage event. Planned outages are very rare and normally completed midnight UK time
System requirements
  • Web: Any device/laptop etc, running a modern Web Browser
  • Desktop Apps (min OS): MacOS 10.15.7, Windows 10
  • Mobile Apps (min OS): iOS 11, iPadOS 11
  • Browser support for Chrome, Firefox, Safari, Edge
  • No on site server installation or desktop installations required
  • Processor, memory and storage requirements are negligible
  • No other 3rd party software dependencies

User support

Email or online ticketing support
Email or online ticketing
Support response times
We a provide 24/7 concierge standard support service and aim to respond immediately to phone calls and within 30 minutes to emails.

On the rare occasions where we are unable to resolve a support request immediately, we will prioritise the support requests according to the following criteria:

1. Critical: Service down or users unable to use the system.
2. Serious: Service operational but with degraded functionality.
3. Inconvenient: Performance issue mildly affecting some but not all users. Routine technical issue.
4. Cosmetic: Information request or change request.
User can manage status and priority of support tickets
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Our web chat is designed to be simple and clear and can be screen read by assistive technologies.
Web chat accessibility testing
We are working towards making all our products and services more accessible
Onsite support
Onsite support
Support levels
All clients receive our best, concierge standard, dedicated 24/7 support: (a) Our 24 hour support team act as a first port of call for any support needs, responding to and resolving most issues at the first point of contact. This includes access to technical staff. (b) You will also have a dedicated account manager who will work with you to ensure that the service is set up in the best way for you and that you get the most out of everything we do. We will include regular reviews of usage, support and service levels and feature requests. (c) You also have an escalation pathway direct to our senior management team.
Support available to third parties

Onboarding and offboarding

Getting started
Our dedicated onboarding team will ensure that you are set up for success using Board Intelligence.

1. Technical: we create your unique portal instance and run our full suite of quality and security tests.
2. Structure: we will work with you to design and set up your personalised platform structure, which is optimised for your board, and committees.
3. Users: we will set up your users and also train your administrators to ensure they have control over managing your user permissions.

1. Unlimited: to ensure every user is fully supported to make the most of using the portal.
2. Administrators: everything needed to manage the platform and publish packs.
3. Readers: bespoke sessions which can be individual, in groups or even by attending your board meeting.
4. Resources: guides, videos, refresher sessions and webinars are available for all clients.

1. First meeting: we are happy to attend your meeting to ensure everything goes smoothly, offering hands-on 1-1 support, and providing functionality overviews.
2. Regular reviews: we offer regular reviews of service levels and feature improvements.
3. Ongoing support: we provide a full 24/7/365 support service from our dedicated in-house product specialist team.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
End-of-contract data extraction
Clients' users with the appropriate permissions, can download a PDF version of every pack at any time. All data can be downloaded in the format in which it was uploaded, in aggregated PDFs and with annotations.
End-of-contract process
All data remains secure and available to the client to extract in standard formats. We use data eradication techniques to ensure that all client data is securely erased from our systems. This is included in the contract price. Our offboarding process takes 30 days to allow users to extract their data in good time before access is removed and the data is permanently deleted.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Compatible operating systems
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
The mobile Apps (also available on Windows 10) are designed for directors, trustees, governors and execs to use to securely receive, read, annotate and search their board materials. They include secure offline storage for board packs, device approval to allow log ins only from approved devices, ability to remote wipe of app data, as well as secure syncing of annotations across devices.

Desktop access through a browser, allows admins and managers to manage the platform, and create board packs for dissemination to readers. You can also permission reader users to be able to download packs through our web interface.
Service interface
User support accessibility
None or don’t know
Description of service interface
The service interface is accessed via a secure browser and allows managers to create and distribute board packs, to manage users and their access rights and to access the audit trail.
Accessibility standards
None or don’t know
Description of accessibility
Our platform has been built with the four core accessibility principles (Perceivable, Operable, Understandable, Robust) in mind. It meets some but not all of the common criteria, for example; Non-text content is limited to buttons and icons which all have a text name describing their functionality, and we do not use colour as the only means of determining status.
Accessibility testing
We have completed an initial assessment of the platform for use with screen readers. Improvements needed to formally meet accessibility standards forms part of our roadmap
Customisation available
Description of customisation
Limited customisation of the service is possible. This includes:
- Board pack branding and covers
- Security configurations (IP constraints, password complexity, MDA, 2FA etc.)
Customisations are carried out by our team at the request of your nominated points of contact.


Independence of resources
We preform regular capacity planning which ensures we are able to meet our client's growing needs, and ensure there is always sufficient buffer for high usage. We consistently monitor platform usage and are able to scale up or down individual clients' resource allocation as required. With our containerized architecture we are also able to isolate high usage platforms to avoid any effect to other users, while we investigate and remediate the cause.


Service usage metrics
Metrics types
Full audit trail of activity in CSV format from which clients can see who did what and when. All actions are categorised and time stamped so can be reported on and analysed in a variety ways. Including:
- Logins
- Pack edits and publishes
- Downloads
- Access rights changes
- Annotations
A system screen in the administrator environment is available to review the above information at any time.

We also summarise the key usage stats for our client review meetings.
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users with the appropriate permissions are able to export all packs through our management interface
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • The original format in which they uploaded the data
Data import formats
  • CSV
  • Other
Other data import formats
  • Microsoft Office formats: Word, PowerPoint Excel
  • PDF

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Uptime guarantee: 99.9%
Restoration target in event of disaster recovery incident: 4 hours
Target state in event of disaster recovery incident: Less than 30 minutes of data loss.
Approach to resilience
We operate over multiple data centres. Our set-up is live-live-live and is set up so that that failure of a data centre or piece(s) of hardware in a data centre do not affect the ability of our service to operate.

More details available on request.
Outage reporting
Email alerts and proactive communication from our support team and your account manager.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication
Reader users can login with their username as password through one of our apps (iOS, iPadOS, MacOS, Windows 10), we offer Device Authorisation functionality for app users which can be enabled on request. Managers can login through our web portal also using their username and password, we can also enable 2 factor over SMS, and IP range restrictions to manage web users. We are currently developing SSO integration with most leading providers.
Access restrictions in management interfaces and support channels
Access is strictly controlled. Clients are able to manage their own platforms directly including users and permissions. Clients can also nominate specific users to have ability to request changes of their platform through our support team. Our support staff have access only to basic user information, management, and troubleshooting tools with no access to client board pack data. Privileged access is restricted to client administrators and limited senior members of our technical team, who have undergone SC level clearance, and whose usage of such interfaces is governed by our strict policies, is logged, and monitored.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
For privileged access to our back end systems we utilise physical tokens as part of our authentication process for added security

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Our ISO27001 certification covers our whole business, all operations and all services
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
We recognise that our secure software service forms just one part of our business and that it is essential our entire organisation maintains the same high standard of Information Security best practice and awareness. We maintain a dedicated Information Security function and a comprehensive set of policies, guidelines and training for all staff. All are updated regularly and embedded company wide and all are covered by our ISO27001 certification.

A full list of the relevant areas covered by our policies is below. More details are available upon request.
• Information Governance & Security Policy Overview
• Human Resources
• Firewall and Networking
• Penetration testing
• Vulnerability management
• Information Security Incident Management
• Risk Management
• Access Control & Account Management
• Business Continuity & Crisis & Disaster Recovery
• Data Protection
• Information Classification & Handling
• Software & Development Lifecycle
• Internal Audit and Review
• Viruses & Malware
• Internet & Email Acceptable Use
• Mobile Computing & Teleworking
• Physical Security
• Removable Media
• Whistleblowing

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All service changes are tracked, either through code control for software and infrastructure changes (GIT) or through management processes for service and support changes.

All proposed changes are subject to risk assessment before work begins, those deemed to affect or potentially affect information security are escalated to our Information Security Committee and, if needed, put to an internal working group or external experts for review of the plan and potential impact.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We subscribe to relevant industry feeds for zero day vulnerabilities and patches for all technologies in our stack.

We prioritise the assessment and application of these patches to ensure we stay up to date. Our infrastructure also allows us to hot swap clients to newly patched systems with zero downtime.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We have a number of monitoring systems that provide automated alerts if a potential vulnerability or compromise is detected. This includes firewalls, malware scanners and intrusion detection systems. If an alert is triggered the support team respond right away to investigate. If an alert is confirmed as a compromise we quarantine the affected systems pending investigation, form a working team to prioritise our containment and resolutions actions and immediately notify any affected clients.
Incident management type
Supplier-defined controls
Incident management approach
Our incident management response is governed by our ISO 27001 incident management policy which defines how we respond to common events, depending on severity. Our support team also has a range of operating procedures to govern response to support issues.

We track all support issues and incidents. Any incident that affects security is tracked in more detail in our incident tracker and receives a full follow-up retrospective from our information security committee to ensure it is properly closed and lessons learnt.

We provide incident reports to clients via their preferred channel. Established at set-up. Normally by email.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value



We support our employees mental and physical well being through access to private healthcare, team socials and mental health first aiders. Overall, we listen to everyone's voice and we take action on feedback and suggestions, listening to everyone's voice and opinions.

At Board Intelligence we have a dedicated Philanthropic Committee, which is open to any employee who would like to join. Staff are also encouraged to participate in the events and programmes run by our Philanthropic committee. Currently we are working closely with a local sixth form with the mission of providing equal opportunities and access to business, in order to help solve societal inequality, that some students from disadvantaged backgrounds face.


£7,700 an instance a year
Discount for educational organisations
Free trial available
Description of free trial
Up to 30 day trial of the platform - set up and access is equivalent to that of a paying client

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.