Better Boards takes information security seriously and maintains an ISO/IEC 27001-certified Information Security Management System.
This Trust Centre provides relevant interested parties with an overview of our approach to protecting information and a controlled route to request a copy of our current ISO 27001 certificate.
Our approved information security policies and procedures are controlled internally as part of our Information Security Management System.

Ambitious boards trust Better Boards
Our Approach to Security
We apply organisational and technical controls to protect the confidentiality, integrity and availability of the information entrusted to us. The sections below summarise how Better Boards secures customer data across our platform, infrastructure and operational processes.
How do we secure
your data?
Our systems are hosted on Amazon Web Services (AWS), which provides high availability while keeping strong privacy safeguards in place. Your data is stored in highly secure AWS data centres, which allows us to provide a reliable service and keep your data available whenever you need it.
Leading physical and environmental security measures are employed to secure these data centres, resulting in highly resilient infrastructure. The link below has more information about AWS security practices:
Our Development
& Application Security
The Better Boards platform is developed using a security-oriented design according to the OWASP Top 10 standards using secure coding techniques and best practices. For security and control, development, testing, and production environments are kept separate, and deployment is managed by our CI/CD process.
We ensure all code is peer-reviewed before it is deployed to production through our CI/CD process, including static code analysis, vulnerability assessment, end-to-end testing, and unit testing to address authorisation aspects and quality.
Our Infrastructure Security
Another layer of security is the infrastructure. As stated, Better Boards is hosted on AWS that has been accredited with the following global standards CSA, ISO 9001, ISO 27001, ISO 27017, ISO 27018, ISO 27701, PCI DSS Level 1, SOC 1/ISAE 3402, SOC 2, SOC 3. Furthermore, our infrastructure is protected using multiple layers of defence mechanisms, including:
- DDoS mitigation and rate-limiting
- Comprehensive logging of network traffic
- Comprehensive protection against all known infrastructure (Layer 3 and 4) attacks.
The Better Boards infrastructure provides high availability while putting strong safeguards in place for customer privacy.
Our Data Encryption
The Better Boards platform encrypts its data both in transit and at rest, this ensures our platform is security-sensitive to meet strict encryption compliance and regulatory requirements.
- Data In Transit is encrypted using TLS 1.2 as a minimum which creates a secure HTTPS connection to make API requests.
- Data at rest is encrypted with AES-256-GCM a symmetric algorithm based on Advanced Encryption Standard (AES) in Galois Counter Mode (GCM) with 256-bit keys, an industry-standard for secure encryption.
- Better Boards uses a key management system (KMS) to control the encryption keys that are used to encrypt your data.
Better Boards uses this technology to keep your connection secure and safeguarding any sensitive data sent remains private, preventing criminals from reading and modifying any information transferred, including personal details.
Our Infrastructure Security
Our platform is entirely cloud-based, and our data centres and architecture are located on Amazon Web Services which has been built to meet the requirements of the most security-sensitive organisations.
The platform employs the state-of-the-art physical security measures available.
The AWS hardware running the Better Boards platform uses FIPS 140-2 validated hardware security modules (HSM’s) to isolate and protect Data.
Our Access Control
The data on the Better Boards platform is private and confidential, which is why multi-factor authentication is required to access Better Boards technology resources. Our production password policy prohibits reuse and requires complexity, expiration, and lockout. Access is granted on a need- to-know basis utilising the least privileged rules. Permissions are reviewed quarterly, and admission is revoked immediately upon termination.
Our Disaster Recovery and Backups
It is Better Boards’ commitment to provide continuous and uninterrupted service. We employ a backup system to minimise downtime and data loss. User data is backed up regularly and backed up data is retained for 90 days. In the event of a disaster, we can quickly redeploy our whole platform using Infrastructure as code to ensure your business continuity.
Application and infrastructure systems log information to a centrally managed log repository for troubleshooting, security reviews, and analysis by authorised Better Boards employees.
Our Logging and Monitoring
Application and infrastructure systems log information to a centrally managed log repository for troubleshooting, security reviews, and analysis by authorised Better Boards Employees.
Information Security Policy Statement
Better Boards maintains an approved Information Security Policy as part of its ISO/IEC 27001-certified Information Security Management System.
Our policy sets out our commitment to protecting the confidentiality, integrity and availability of information entrusted to us by our clients, partners, suppliers and colleagues.
Better Boards is committed to maintaining appropriate organisational and technical controls, meeting applicable legal, regulatory and contractual requirements, managing information security risks, and continually improving our Information Security Management System.
The approved internal policy is controlled within Better Boards’ ISMS documentation. This public statement is provided for relevant interested parties as an external summary of our information security commitments.

Request our ISO/IEC 27001 certificate
Relevant interested parties may request a copy of Better Boards’ current ISO/IEC 27001 certificate through a controlled request process.
To help us manage certificate distribution appropriately, we ask requesters to provide their name, organisation, email address, relationship to Better Boards and reason for the request.






























