Better Boards Trust Centre

Better Boards takes information security seriously and maintains an ISO/IEC 27001-certified Information Security Management System.

This Trust Centre provides relevant interested parties with an overview of our approach to protecting information and a controlled route to request a copy of our current ISO 27001 certificate.

Our approved information security policies and procedures are controlled internally as part of our Information Security Management System.

Leadership Behaviours overview in the Better Boards dashboard

Ambitious boards trust Better Boards

Logo Victoriabank Client
Logo Helios Client
Logo Fugro Client
Logo Eskhata Client
Logo ctt Client
Logo Babcock Client
Logo DHL Client
Aiglon Logo Clients
ZOPA Logo - Better Boards
Vonovia Logo - Better Boards
Rotork Logo Better Boards
ProCredit Holding Logo Better Boards
Oxford University Press Logo Better Boards
NHS Logo Better Boards
Nationwide Logo Better Boards.png
National Express Logo Better Boards.png
Mercedes Benz Logo Better Boards
Kingfisher Logo Better Boards.png
IG Logo Better Boards.png
Go Ahead Logo Better Boards.png
Genuit Group Logo Better Boards.png
Egon Zehnder Logo Better Boards.png
EasyJet Logo Better Boards.png
Daimler Trucks Logo Better Boards.png
Daimler Logo Better Boards.png
Clarios Logo Better Boards.png
CAML Logo Better Boards.png
British Friendly Logo Better Boards.png
Body Cote Logo Better Boards.png
Avena Logo Better Boards

Our Approach to Security

We apply organisational and technical controls to protect the confidentiality, integrity and availability of the information entrusted to us. The sections below summarise how Better Boards secures customer data across our platform, infrastructure and operational processes.

How do we secure
your data?

Our systems are hosted on Amazon Web Services (AWS), which provides high availability while keeping strong privacy safeguards in place. Your data is stored in highly secure AWS data centres, which allows us to provide a reliable service and keep your data available whenever you need it.

Leading physical and environmental security measures are employed to secure these data centres, resulting in highly resilient infrastructure. 
The link below has more information about AWS security practices:

AWS Security

Our Development
& Application Security

The Better Boards platform is developed using a security-oriented design according to the OWASP Top 10 standards using secure coding techniques and best practices. For security and control, development, testing, and production environments are kept separate, and deployment is managed by our CI/CD process.

We ensure all code is peer-reviewed before it is deployed to production through our CI/CD process, including static code analysis, vulnerability assessment, end-to-end testing, and unit testing to address authorisation aspects and quality.

Our Infrastructure Security

Another layer of security is the infrastructure. As stated, Better Boards is hosted on AWS that has been accredited with the following global standards CSA, ISO 9001, ISO 27001, ISO 27017, ISO 27018, ISO 27701, PCI DSS Level 1, SOC 1/ISAE 3402, SOC 2, SOC 3. Furthermore, our infrastructure is protected using multiple layers of defence mechanisms, including:

  • DDoS mitigation and rate-limiting
  • Comprehensive logging of network traffic
  • Comprehensive protection against all known infrastructure (Layer 3 and 4) attacks.

The Better Boards infrastructure provides high availability while putting strong safeguards in place for customer privacy.

Our Data Encryption

The Better Boards platform encrypts its data both in transit and at rest, this ensures our platform is security-sensitive to meet strict encryption compliance and regulatory requirements.

  • Data In Transit is encrypted using TLS 1.2 as a minimum which creates a secure HTTPS connection to make API requests.
  • Data at rest is encrypted with AES-256-GCM a symmetric algorithm based on Advanced Encryption Standard (AES) in Galois Counter Mode (GCM) with 256-bit keys, an industry-standard for secure encryption.
  • Better Boards uses a key management system (KMS) to control the encryption keys that are used to encrypt your data.

Better Boards uses this technology to keep your connection secure and safeguarding any sensitive data sent remains private, preventing criminals from reading and modifying any information transferred, including personal details.

Our Infrastructure Security

Our platform is entirely cloud-based, and our data centres and architecture are located on Amazon Web Services which has been built to meet the requirements of the most security-sensitive organisations.

The platform employs the state-of-the-art physical security measures available.

The AWS hardware running the Better Boards platform uses FIPS 140-2 validated hardware security modules (HSM’s) to isolate and protect Data.

Our Access Control

The data on the Better Boards platform is private and confidential, which is why multi-factor authentication is required to access Better Boards technology resources. Our production password policy prohibits reuse and requires complexity, expiration, and lockout. Access is granted on a need- to-know basis utilising the least privileged rules. Permissions are reviewed quarterly, and admission is revoked immediately upon termination.

Our Disaster Recovery and Backups

It is Better Boards’ commitment to provide continuous and uninterrupted service. We employ a backup system to minimise downtime and data loss. User data is backed up regularly and backed up data is retained for 90 days. In the event of a disaster, we can quickly redeploy our whole platform using Infrastructure as code to ensure your business continuity.

Application and infrastructure systems log information to a centrally managed log repository for troubleshooting, security reviews, and analysis by authorised Better Boards employees.

Our Logging and Monitoring

Application and infrastructure systems log information to a centrally managed log repository for troubleshooting, security reviews, and analysis by authorised Better Boards Employees.

Information Security Policy Statement 

Better Boards maintains an approved Information Security Policy as part of its ISO/IEC 27001-certified Information Security Management System.

Our policy sets out our commitment to protecting the confidentiality, integrity and availability of information entrusted to us by our clients, partners, suppliers and colleagues.

Better Boards is committed to maintaining appropriate organisational and technical controls, meeting applicable legal, regulatory and contractual requirements, managing information security risks, and continually improving our Information Security Management System.

The approved internal policy is controlled within Better Boards’ ISMS documentation. This public statement is provided for relevant interested parties as an external summary of our information security commitments.

Request our ISO/IEC 27001 certificate

Relevant interested parties may request a copy of Better Boards’ current ISO/IEC 27001 certificate through a controlled request process.

To help us manage certificate distribution appropriately, we ask requesters to provide their name, organisation, email address, relationship to Better Boards and reason for the request.


Ready to see Better Boards in action?

Our team of experts are here to answer any questions you
may have and help guide you through the process.