Diligent Boardbooks Ltd

Diligent Board Portal: Governance Cloud

The Diligent Board portal is a secure solution that allows, leadership teams and administrative staff to simplify how board packs are managed. Our board meeting management software enables leaders to govern at the highest level with offline access with added modules, minutes, messenger and evaluations supporting the digital board pack.

Features

• Cross-platform availability: iOS, Android & Windows
• Online & offline accessibility across all platforms
• Unlimited Storage across Current Books, Archived Books & Resource Center
• Voting & Resolutions – Create and embed your own signatures
• Unlimited training, onsite and offsite with dedicated account manager
• Automatic agenda builder linked to board papers
• Supporting modules for Minutes taking, secure Messenger & Evaluations
• Full search functionality across all documents stored in Diligent
• ISO 27001 accredited, 2FA, Touch ID, Document watermarking
• Sync notes and annotations across multiple devices, collaborative note commenting

Benefits

• Unlimited 1-2-1 training for all users throughout the contract life
• Sign off documents remotely with digital signatures
• Store and review your notes from your archived books
• Distribute sections of books when ready and update periodically
• Utilise your current hardware with support across iOS, Android, Windows
• Access books offline and continue to take notes and annotations
• 24/7/365 award winning support direct with Diligent employees and experts
• 120+ development team dedicated to upgrading, patching & adding functionality
• Automatically generate an agenda with presenter, timings and links created

£700 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@diligent.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

513688321331269

Contact

Sales
+44 (0) 207 605 7480
info@diligent.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Diligent is committed to the ongoing operation, support, maintenance, improvement, and enhancement of our board portal solution and we strive for the highest level of service delivery excellence. We are fully prepared to actively participate in partnership with the client throughout the engagement lifecycle. Check-in points and planned maintenance will be identified in our Implementation Plan and timeline from the start of the engagement. There are no specific hardware configuration limitations.
• System requirements: Not applicable.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our superior “Concierge” level of service and support reflects our understanding of the importance of being available 24 hours a day, 7 days a week, and 365 days a year to assist every user. The board portal is the firm’s sole line of business, and all support personnel are experts on the system. Over 99% of all calls are typically answered in four rings by one of our 92 dedicated support team members (as of August 1, 2017) and 98% of issues are resolved in less than 8 minutes (as of January 1, 2018).
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Each Diligent client is assigned a dedicated account team that is available during local business hours. Furthermore, all board members, company secretaries, executives, administrators and upload staff have the same level of around-the-clock access to global, multi-lingual customer support teams located in New York, London and Christchurch, New Zealand. ; ; All Diligent Customer Success teams are headed by Directors with an average of 14 years of experience and proven track records in building long-term customer relationships. Each team is typically comprised of five members with an average of 10 years of experience, primarily in software, customer service and training. The board portal is the firm’s sole line of business, and all support personnel are experts on the system.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Diligent provide unlimited one-on-one or group training for users/personnel. The initial training includes:; ; • Separate training session(s) for the company secretary and the administrative staff (including uploaders). Training includes instruction on: log-in procedures, password usage, creating and building a Diligent Boards file/database, editing and making changes, and uploading/converting files into the Diligent Boards format for easy viewing by board members; • A separate training session for executives that wish to become familiar with Diligent Boards technology prior to the first board meeting; • One-on-one training sessions with board members. Training includes log-in procedures, managing your board materials (Current/Archived books and the Resource Center), reading a book, searching, annotating, voting, and printing; as well as how to check contacts, the calendar and email.; • Ongoing training, including training for new board members, executives and staff members, on-site or via web-conferencing, on an as-needed basis; • Printed, multi-lingual user guides for quick, easy reference
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Customer data is always available in the customer's database for as long as there is a contract in place. Diligent can assist customers with downloading their data in PDF format before the end of the contract.; ; Customers can delete data from the database at their discretion. The data retention periods are determined by customers. Should the contract terminate, the customer’s database will be deleted on the production servers and the encrypted data in the backups will be removed promptly.; ; Client data is aviable for self-serve download.
• End-of-contract process: Diligent provides clients with subscription-based access to its software and associated services, including: securely hosting the clients’ data, customer service, and support for the application. We are committed to the ongoing operation, support, maintenance, improvement, and enhancement of our board portal solution. Our processes include identifying and constantly recommending new enhancements and changes to the system. Our customers are always looking for more features and benefits – we are in a continuous cycle of improvements.; ; Included within contract:; - Unlimited Storage; - Unlimited Training; - Unlimited Product Upgrades; - Unlimited 24x7x365 Phone Support; ; Additional cost:; Diligent works in a modular fashion, enabling organisations to add on supporting modules as and when they require. This modules are continuously evolving and currently the list of modules ; - Diligent Minutes; - Diligent Messenger; - Diligent Evaluations

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The primary difference is on the administrative side of the application, which is mainly used for uploading board books via a desktop. There are few differences for users viewing board books across various mobile and desktop interfaces.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: The appearance of the client’s various user interfaces (i.e., structure, logo, etc.) are customisable during implementation. The Diligent platform can be customised throughout each site, with any applicable logos (different logos for different sites, if multiple sites exist) and/or structures/hierarchies.

Scaling

• Independence of resources: Diligent Boards’ Software as a Service (SaaS) architecture allows us to scale up (i.e., adding more powerful servers/ storage/network devices) and scale out (i.e., adding more servers/storage/ network devices to the system).; ; Diligent monitors the Boards production environment using commercial monitoring tools as well as internally developed tools to continuously monitor resource usage and application performance.; ; Our infrastructure is well positioned for growth and we are confident that we can easily accommodate our clients’ needs.

Analytics

• Service usage metrics: Yes
• Metrics types: All edits made to documents are tracked. Administrators can view a log of when documents were uploaded and by whom. Tracking for approvals of documents is logged as well.; ; In addition, Diligent offers reporting features for administrators to track a variety of information, such as: user access, committee membership, meeting attendance, voting results, and survey/questionnaire results.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Data is encrypted by Hardware Security Modules (HSM) to AES 256-bit and stored in per-customer database instances. The keys are kept internal to the system with the customer key being stored in the HSM; ; Secure containers, racks and cages. Cages require bio-metric scan for access
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data retention is determined by customers. Customer data is always available in the customer's database for as long as there is a contract in place and can be exported in PDF format at any time during the contract.
• Data export formats: Other
• Other data export formats: PDF
• Data import formats: Other
• Other data import formats:
  • Microsoft Office Files
  • PDF
  • CSV
  • HTML
  • BMP
  • TIFF
  • JPEG
  • Other (drag and drop functionality accomodates most file types)

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: The Diligent Service will be available at least 99.5% of the time in any calendar month. ; ; If the system level availability is between:; (a) Ninety-nine and forty-nine hundredths percent (99.49%) to ninety-five percent (95%) in any given calendar month, Client shall receive a credit equal to ten percent (10%) of that month’s Subscription Fees, being 1/12 of the annual Subscription Fee; ; (b) Ninety-four and nine tenths percent (94.9%) and below in any given calendar month, Client shall receive a credit equal to twenty-five percent (25%) of that month’s Subscription Fees, being 1/12 of the annual Subscription Fee. ; ; Further details are available in the Diligent Service Level Commitment upon request.
• Approach to resilience: Database replication takes place between the primary and secondary data centers. In addition, daily differential and monthly full backups are taken and stored at both primary and secondary data centers. There is geographic separation between the primary and secondary sites. The RTO is 4 hours for full operation in the event of a failover.
• Outage reporting: We now have a site where clients can access to view uptime.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Access, both logical and physical, to critical assets and the authorizations on those assets have to be requested by the employee's line manager, reviewed and approved by security group and implemented by MIS/ProdOps (as appropriate).​ All access is provided with consideration for least privilege and separation of duty. Privileged access changes are tracked and approved in accordance with the change management process. Changes in access permissions due to reassignment follow the above “Change in Position” process.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman and Company
• ISO/IEC 27001 accreditation date: 02/05/2023
• What the ISO/IEC 27001 doesn’t cover: The scope of the ISO/IEC 27001:2013 certification is limited to the information security management system (ISMS) supporting; the Diligent Corporation Platform System for its customers, including sensitive client data, global personnel, global IT systems,; policies, procedures, standards, utilities, and data used in the business execution of the Electronic Hosting Services, Diligent; Boards Services, Diligent Boards Board Level Consulting Services, Concierge-level Training and Support Services, BoardEffect; Services, Diligent Equity Services, Diligent Entities Services, Diligent Secure File Share / Secure Meeting Workflow Services,; Diligent Modules Services including Messenger, Minutes, and Questionnaires, Diligent Director Network and Nominations; Services, and Diligent Compensation & Governance Intel Services, in accordance with the Statement of Applicability version 2.3,; dated August 29, 2022, and in alignment with the control set in ISO/IEC 27017:2015 and ISO/IEC 2
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 27017:2015
  • ISO 27018:2019
  • 2023 Type 2 SOC 1 + ISAE 3402
  • 2023 Type 2 SOC 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Security process descriptions and incident management policies are available upon request.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Processes are assured by independent validation. Further details available upon request.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Processes are assured by independent validation. Further details available upon request.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Processes are assured by independent validation. Further details available upon request.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Processes are assured by independent validation. Further details available upon request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Utilising Diligent's governance solutions can significantly bolster an organisation's ability to combat climate change. By facilitating streamlined communication, enhancing transparency, and fostering accountability, Diligent enables boards and executives to prioritise sustainability initiatives, set ambitious environmental goals, and drive meaningful progress towards a greener future. With Diligent, organisations can integrate environmental considerations seamlessly into their strategic decision-making processes, ensuring that sustainability remains a top priority across all levels of operations.

Pricing

• Price: £700 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Users will be able to trial the end to end solution of both the board member view as well as the administration side to create and distribute papers. Supporting modules can also be trialed upon request.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@diligent.com. Tell them what format you need. It will help if you say what assistive technology you use.