Board Intelligence

The Board Intelligence Portal

Board Intelligence is a board governance tool that provides leadership teams instant and secure access to their information. Packs are created and shared with users in 3 simple steps, allowing them to navigate, annotate and sign documents offline in our native app. Service includes UK Based 24/7 concierge support.

Features

• ISO 27001 accredited security for your most confidential information
• Library bookcase and bookshelf layout to manage separate committees
• Access material offline securely via native apps
• Three-click process to compile and publish board papers quickly
• UK-based 24/7 concierge support via phone and email
• Automatic page numbering, agenda creation, links and navigation tools
• Annotation features, allowing you to create and share notes
• Real-time control over document access for users
• Video Conferencing Integration
• Sign documents remotely with E-Signature tool

Benefits

• Increase security, control, auditability and be GDPR Compliant
• Save hours, by building and distributing board packs within minutes
• Ensure nothing is missed with the agenda planning tool
• Remove the headache of late papers with simple, instant republishing
• Access packs anytime, anywhere, online or offline
• Enjoy the convenience of all board papers in one place
• Easily search for related materials from other meetings or packs
• Easily manage directors outside your organisation’s network
• Remove confusion with easy version control
• Remove or suspend user access directly from our platform

£7,700 an instance a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tom.newman@boardintelligence.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

645025728518792

Contact

Tom Newman
02071928200
tom.newman@boardintelligence.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Where a planned outage is required, we will notify users two weeks in advance of any outage event. Planned outages are very rare and normally completed midnight UK time
• System requirements:
  • Web: Any device/laptop etc, running a modern Web Browser
  • Desktop Apps (min OS): MacOS 10.15.7, Windows 10/11
  • Mobile Apps (min OS): iOS 16, iPadOS 16
  • Browser support for Chrome, Firefox, Safari, Edge
  • No on site server installation or desktop installations required
  • Processor, memory and storage requirements are negligible
  • No other 3rd party software dependencies

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We a provide UK-based, 24/7 concierge-standard support service and aim to respond immediately to phone calls and within two hours to emails.; ; On the rare occasions where we are unable to resolve a support request immediately, we will prioritise the support requests according to the following criteria:; ; 1. Critical: Service down or users unable to use the system.; 2. Serious: Service operational but with degraded functionality.; 3. Inconvenient: Performance issue mildly affecting some but not all users. Routine technical issue.; 4. Cosmetic: Information request or change request.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: All clients receive our best, concierge standard, dedicated 24/7 support. Our 24 hour support team act as a first port of call for any support needs, responding to and resolving most issues at the first point of contact. This includes access to technical staff. Clients also have a dedicated account manager who will work with you to ensure that the service is set up in the best way for you and that you get the most out of everything we do. We will include regular reviews of usage, support and service levels and feature requests. You also have an escalation pathway direct to our senior management team.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our dedicated onboarding team will ensure that you are set up for success using Board Intelligence. ; ; SET UP; 1. Technical: we create your unique portal instance and run our full suite of quality and security tests.; 2. Structure: we will work with you to design and set up your personalised platform structure, which is optimised for your board, and committees.; 3. Users: we will set up your users and also train your administrators to ensure they have control over managing your user permissions.; ; TRAINING; 1. Unlimited: to ensure every user is fully supported to make the most of using the portal.; 2. Administrators: everything needed to manage the platform and publish packs.; 3. Readers: bespoke sessions which can be individual, in groups or even by attending your board meeting. ; 4. Resources: guides, videos, refresher sessions and webinars are available for all clients.; ; ONGOING USE & SUPPORT; 1. First meeting: we are happy to attend your meeting to ensure everything goes smoothly, offering hands-on 1-1 support, and providing functionality overviews.; 2. Regular reviews: we offer regular reviews of service levels and feature improvements.; 3. Ongoing support: we provide a full 24/7/365 support service from our dedicated in-house product specialist team.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Video
• End-of-contract data extraction: Clients' users with the appropriate permissions, can download a PDF version of every pack at any time. All data can be downloaded in the format in which it was uploaded, in aggregated PDFs and with annotations.
• End-of-contract process: All data remains secure and available to the client to extract in standard formats. We use data eradication techniques to ensure that all client data is securely erased from our systems. This is included in the contract price. Our offboarding process takes 30 days to allow users to extract their data in good time before access is removed and the data is permanently deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our native Apps (Windows 10/11 and macOS/iOS/iPadOS ) are designed for directors, trustees, governors and executives to use to securely receive, annotate, search, and sign their board materials. They feature secure offline storage for board packs, device approval to allow logins only from approved devices, and secure syncing of annotations across devices.; Access through a browser, allows admins and managers to manage the platform, and create board packs for dissemination to readers. You can also permission reader users to be able to download packs through our web interface and request documents to be signed remotely by the directors.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The service interface is accessed via a secure browser and allows managers to create and distribute board packs, to manage users and their access rights and to access the audit trail.
• Accessibility standards: None or don’t know
• Description of accessibility: Our platform has been built with the four core accessibility principles (Perceivable, Operable, Understandable, Robust) in mind. It meets some but not all of the common criteria, for example; Non-text content is limited to buttons and icons which all have a text name describing their functionality, and we do not use colour as the only means of determining status.
• Accessibility testing: We have completed an initial assessment of the platform for use with screen readers. Improvements needed to formally meet accessibility standards forms part of our roadmap
• API: No
• Customisation available: Yes
• Description of customisation: Customisation of the service is possible. This includes:; - Board pack branding and covers; - Security configurations (IP constraints, password complexity, MDA, 2FA etc.); - Training and implementation plans to suit your requirements; Customisations are carried out by our team at the request of your nominated points of contact.

Scaling

• Independence of resources: We perform regular capacity planning which ensures we are able to meet our client's growing needs, and ensure there is always sufficient buffer for high usage. We consistently monitor platform usage and are able to scale up or down individual clients' resource allocation as required. With our containerized architecture we are also able to isolate high usage platforms to avoid any effect to other users, while we investigate and remediate the cause.

Analytics

• Service usage metrics: Yes
• Metrics types: Full audit trail of activity in CSV format from which clients can see who did what and when. All actions are categorised and time stamped so can be reported on and analysed in a variety ways. Including:; - Logins; - Pack edits and publishes; - Downloads; - Access rights changes; - Annotations; A system screen in the administrator environment is available to review the above information at any time.; ; We also summarise the key usage stats for our client review meetings.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users with the appropriate permissions are able to export all packs through our management interface and through the app with or without annotations
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • The original format in which they uploaded the data
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Microsoft Office formats: Word, PowerPoint, Excel
  • PDF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Uptime guarantee: 99.9%; Restoration target in event of disaster recovery incident (RTO): 4 hours; Target state in event of disaster recovery incident (RPO): Less than 30 minutes of data loss.
• Approach to resilience: We operate over multiple data centres in the UK. Our set-up is active-active-active with each location kept in near real-time sync. Our architecture is set up so that that failure of a data centre or piece(s) of hardware in a data centre do not affect the ability of our service to operate.; ; More details available on request.
• Outage reporting: Email alerts and proactive communication from our support team and your account manager.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Reader users can login with their username as password to anyone of our apps (iOS, iPadOS, MacOS, Windows 10 and above),Device Authorisation functionality can be enabled on request for app users. Managers can login through our web portal also using their username and password, We can also enable 2 factor (over SMS or authenticator app), and IP range restrictions for web users. We are also able to offer SSO integration with all leading identity providers. Our platform can support a mixed login experience where some users can login without SSO if required
• Access restrictions in management interfaces and support channels: Access is strictly controlled. Clients are able to manage their own platforms directly including users and permissions. Clients can also nominate specific users to have ability to request changes of their platform through our support team. Our support staff have access only to basic user information, management, and troubleshooting tools with no access to client board pack data. Privileged access is restricted to client administrators and limited senior members of our technical team, who have undergone SC level clearance, and whose usage of such interfaces is governed by our strict policies, is logged, and monitored.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: For privileged access to our back end systems we utilise physical tokens as part of our authentication process for added security

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 15/06/2015
• What the ISO/IEC 27001 doesn’t cover: Our ISO27001 certification covers our whole business, all operations and all services
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We recognise that our secure software service forms just one part of our business and that it is essential our entire organisation maintains the same high standard of Information Security best practice and awareness. We maintain a dedicated Information Security function and a comprehensive set of policies, guidelines and training for all staff. All are updated regularly and embedded company wide and all are covered by our ISO27001 certification.; ; A full list of the relevant areas covered by our policies is below. More details are available upon request.; • Information Governance & Security Policy Overview; • Human Resources; • Firewall and Networking; • WIFI; • Penetration testing; • Vulnerability management; • Information Security Incident Management; • Risk Management; • Access Control & Account Management; • Business Continuity & Crisis & Disaster Recovery; • Data Protection; • Information Classification & Handling; • Software & Development Lifecycle; • Internal Audit and Review; • Viruses & Malware; • Internet & Email Acceptable Use; • Mobile Computing & Teleworking; • Physical Security; • Removable Media; • Whistleblowing

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All service changes are tracked, either through code control for software and infrastructure changes (GIT) or through management processes for service and support changes.; ; All proposed changes are subject to risk assessment before work begins, those deemed to affect or potentially affect information security are escalated to our Information Security Committee and, if needed, put to an internal working group or external experts for review of the plan and potential impact.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We subscribe to relevant industry feeds for zero day vulnerabilities and patches for all technologies in our stack.; ; We prioritise the assessment and application of these patches to ensure we stay up to date. Our infrastructure also allows us to hot swap clients to newly patched systems with zero downtime.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have a number of monitoring systems that provide automated alerts if a potential vulnerability or compromise is detected. This includes firewalls, malware scanners and intrusion detection systems. If an alert is triggered the support team respond right away to investigate. If an alert is confirmed as a compromise we quarantine the affected systems pending investigation, form a working team to prioritise our containment and resolutions actions and immediately notify any affected clients.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management response is governed by our ISO 27001 incident management policy which defines how we respond to common events, depending on severity. Our support team also has a range of operating procedures to govern response to support issues.; ; We track all support issues and incidents. Any incident that affects security is tracked in more detail in our incident tracker and receives a full follow-up retrospective from our information security committee to ensure it is properly closed and lessons learnt.; ; We provide incident reports to clients via their preferred channel. Established at set-up. Normally by email.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our secure board portal allows organisations to create and store digital board packs, eliminating the need for paper and reducing courier emissions associated with distribution. For instance, in 2023 alone, we helped a single client save 5 million pages using our board portal. That’s 24 tonnes of reports and 8 million litres of water.; ; We uphold stringent ethical standards when forging new client partnerships. Our due diligence processes are designed to vet potential clients rigorously, ensuring alignment with our commitment to environmental stewardship and corporate social responsibility. This includes assessments of prospective clients' business activities to confirm they do not harm the environment or people. Any ambiguity in these evaluations is escalated to our co-CEOs, who make the final decision.; ; The Board Intelligence Think Tank, a community for business leaders that we run independent of our commercial offering helps leaders to take action on climate change. It also develops thought leadership and regularly posts interviews thought leaders, blogs, and events focused on environmental stewardship and wider CSR issues to inform, educate and inspire business leaders. ; ; Additionally, we promote environmentally responsible behaviour internally in aims to combat climate change, with majority of our energy coming from renewable sources. We encourage our employees to be environmentally responsible with safe waste disposal and recycling policies, and also offer a cycle-to-work and travel card scheme to encourage greener and less damaging methods of travel.

  Tackling economic inequality

  Currently we are working closely with a local school providing access to business opportunities, to help alleviate challenges of societal inequality that some students face.; ; The BI Think Tank engages senior business leaders, helping them to create a fairer future. A major theme of this is tackling economic inequality. In 2023 we ran a major research project looking at how CFOs could be more impactful in driving social value, including financial inclusion and inequality.; ; Interns and work experience placements are paid the London Living Wage. All our full time employees are paid above London Living Wage level.; ; Highlights:; ; Fundraising for the School: We run bake sales, sponsored runs/bike rides, etc. to cover costs of educational trips such as university insight days. We also donate old IT equipment, such as laptops, to students, who would not otherwise have equipment.; ; Knowledge sharing: We run sessions such as insight days to see how our business runs, and get career advice, and other sessions upskilling students on university applications, interviews, and answer questions on university and careers in general.; ; Other Fundraising: We regularly run events to raise money for charities. Recently, for International Women's Day, colleagues donated hygiene products for a Women's Health charity.; ; Charity days: Employees at BI are given a volunteer day, aiming to give back to local communities, such as donating to food banks, litter picking, and fundraising.; ; TeachFirst programme: We work with the Sutton Trust, helping send underprivileged students take introductory legal courses, and we run a video interview series with leaders to help educated school leavers on possible future career paths. ; ; Crankstart internship: We partner with University of Oxford ,where we aim to bring talent from less privileged backgrounds to our business to open opportunities for them.

  Equal opportunity

  Board Intelligence is committed to inclusion, diversity, and equality of opportunity, and to eliminating unlawful discrimination. Our aim is to be a place that recognises brilliance and embraces all backgrounds, cultures, and experiences.; ; We provide training on how to identify and reduce bias, along with social and philanthropic initiatives designed to not just promote equal opportunities within our business but also elsewhere.; ; Our inclusion and diversity committee is run by members of the BI team and sponsored our co-CEO and founder. The committee runs initiatives designed to promote inclusion and belonging in the BI team, and to help drive diversity and equal opportunities internally. Example events include: ; ; A regular ‘What it Means to Be Me’ series, where team members are informally interviewed on an experience they have. This includes themes such as religion, ethnicity, physical and mental health and illness, sexuality, disability, parenting and pregnancy loss. ; ; A British sign language taster session, for Sign Language Week; ; In-office events to coincide with key events such as religious holidays, International Women’s Day and Pride. ; ; A dedicated social mobility workstream. ; ; The Board Intelligence Think Tank engages senior business leaders and board members, helping them to create a fairer future - a major theme of this is equal opportunity.

  Wellbeing

  We support our employees mental and physical well-being through access to private healthcare, regular team and all-company socials, a monthly wellbeing newsletter, regular team and all-company lunches, and Mental Health First Aiders.; ; We promote an effective listening culture, where we listen to everyone's voice and take action on feedback and suggestions. We run a quarterly employee engagement survey to give employees an opportunity to provide this feedback, and we communicate to teams how that feedback is enacted.; ; Our monthly performance reports ask all our managers to outline how the individual and team are helping to impact team spirit, culture and engagement.; ; We have dedicated Philanthropic committee, Social committee and Inclusion and Diversity committees, which are open to any employee who would like to join. All three contribute to employee wellbeing through their activities.; ; Our BI run club organises team running events, including fun runs, a summer sports day and participation in formal runs (such as Parkrun or the Pink Walk); ; We run regular lunch and learns on topics that promote employee wellbeing. Recent L&Ls include for example: Menopause in the workplace, learning from mistakes, personal effectiveness and financial wellbeing.; ; We promote a culture of openness, this includes inclusion training and a regular ‘What it Means to Be Me’ series, where team members are informally interviewed on an experience they have. This includes themes such as religion, ethnicity, physical and mental health and illness, sexuality, disability, parenting and pregnancy loss.

Pricing

• Price: £7,700 an instance a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Up to 30 day trial of the platform - set up and access is equivalent to that of a paying client

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tom.newman@boardintelligence.com. Tell them what format you need. It will help if you say what assistive technology you use.