Security Measures at Governance360

Encryption

• Encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot.
• One of the most common encryption technologies used in website and application development is SSL. SSL, or more accurately Secure Sockets Layer is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
• From the moment you start using Governance360, all activity you have with us (and with your fellow Board members when using the platform) is encrypted with SSL. Our SSL certificates use SHA-256 & 2048-bit encryption to protect your data, amongst the most secure measures currently available.
• We enable Users to use 2 Factor Authentication when signing-in to the App (and recommend that they do).

Financial Security

• Governance360 never stores your credit card details on our platform, nor do we want to.
• If you pay for your services directly through Our Store using your credit card, then all payments are made over SSL connections, not logged or stored in our systems.
• Dependent on your choice of payment method they are either processed by:
  • Stripe, a PCI-DSS level 1 compliant service provider. Click here for a copy of the Stripe privacy policy.
  • or by GoCardless, a UK based payment systems providers – click here for a copy of their privacy statement and procedures.
• If you choose to pay in advance via invoice, then payments are processed manually using Stripe credit card functionality.

Password Security

• For your own security, we recommend you choose a password of at least 8 characters with a mixture of letters, numbers and punctuation characters when you create an account on Governance360. We also help enforce this with a simple validation check when you first register with the application.
• We recommend the use of a unique password (external password manager applications such as Roboform or Lastpass may help you here).
• Our platform is only accessible through the SSL protocols noted above, albeit we cannot be held responsible for how you access the internet and strongly suggest you ensure your environment is as secure as possible (for example we do not recommend you use public wifi to access the application).
• The Boards web app will log-out when you leave the browser you are logged in with and will ask you to log-in once again to use the platform again.
• Our App will sign-out automatically if there is no activity logged on the site thirty minutes after you log-in.  We have also set the application to not enable a ‘simple’ password to be used by an account holder – these checks are carried out automatically when you set up your account, our apologies if you find it frustrating to not be allowed to use a simple password but we believe that your security should come first.
• Your data should be saved on a regular basis during your use of the App, so please sign-in again and you should find that your progress is ready at the place at which you left it.

Data Retention & Storage

• We store the minimum amount of data required to provide our services as outlined in our Privacy and GDPR notice.
• Your data in the App is stored and backed up off-site daily by our sub-processors – you can find out more about these in sub-processors page.
• Your personal data is stored and backed up off-site daily for recovery from disasters in Data Centres in the UK & US so that we can enhance the delivery of our service.
• Customer data is held by Governance360 for the purposes of our accounting records and fiscal duties, either within our CRM system or our financial system, both of which we have received confirmation for from their vendors that they are GDPR compliant.
• Credit cards details are only stored by PCI compliant service partners as noted above.

People Controls