BOARDROOM BEST PRACTICES

How to Securely Digitise Board Meeting Procedures

Digital transformation has been underway in UK organisations for more than a decade. Companies have realised that staying competitive means leveraging the operational efficiencies and strategic insights that better use of data and communications technology deliver. However, when it comes to digitising board meeting procedures, businesses haven’t always led from the top. While the rest of the organisation has embraced real-time data-sharing and advanced collaboration tools, digitisation has often stopped at the boardroom door. Boards have stuck to the tried and tested manual processes that have served in the past, even though these are often fraught with security risks and productivity blockers. However, in today’s 24/7, always-on corporate environment – with in-person meetings now more difficult to deliver – communicating swiftly and securely on board-level matters has never been more important.

In fact, a recent survey conducted by executive search specialists Leathwaites underlined the urgency with which Company Secretaries view the need to digitise and automate board meeting processes. It found that digitisation and automation was the second-most important priority for their organisation after cost management when responding to the pressures exerted by the COVID-19 pandemic. Respondents indicated that this could drive much-needed progress towards technology integration, with one asking: “is this crisis the catalyst the function needs to move administrative processes onto digital platforms?”

Boards can no longer afford to be behind the curve when it comes to digital transformation. Digitising board meeting procedures is not a nice-to-have – it is essential to the safe, effective conduct of board business and a cornerstone of strong modern governance. With that in mind, here are three key board meeting procedures that are due for digitisation.

Creating and sharing board meeting materials

The board pack is the primary reference source for directors when preparing for meetings and was traditionally a weighty hard-copy document. Many organisations have already digitised the creation and sharing of board meeting materials to some extent, with administrators building packs in Word or other publishing software and distributing them via email as password-protected PDFs. While this eliminates the costly and time-consuming task of printing, collating and couriering board packs to directors, it also introduces cyber risk.

Sending confidential board materials by email exposes them to the risk of infiltration by hackers. Email compromise is a growing problem as cyberthieves focus on intercepting valuable data that they can sell to the highest bidder. For CISOs there is a particular concern around information sent to non-executive directors, who typically use personal email addresses that are outside of corporate cybersecurity measures.

Sharing documents by email also limits control over what happens to the board pack once it is received by the director: are they able to store it securely? Will they forward it to unauthorised recipients? What happens to all the confidential data on the director’s hard drive once their term is up?

More prosaically, sending a board pack out to directors limits the ability of administrators to make any last-minute updates or additions that typically are required in advance of the meeting. Sending updates by email can cause confusion over which version of the pack is current, which can be frustrating for directors

A more collaborative and secure alternative is to use company secretary software to build and share board packs through a board management software. This eliminates the use of email and means that directors can access the latest version of the pack whenever they need to. They can make personal notes in preparation for the meeting, giving them confidence that they are working on the most up-to-date version.

From the CISO’s perspective, this removes the risks associated with sending documents by email. Board pack documents can be secured to restrict access to only selected, authorised directors and/or executives and locked down to prevent copying, downloading or printing, adding greater control and certainty over data security.

For administrators, building and distributing board packs and other sensitive documents in a central location helps facilitate strong version control and solves the perennial problem of last-minute updates.

Meeting minutes – fast, accurate, secure corporate records

Taking minutes at board meetings is a key procedure undertaken by the Company Secretary or Board administrator. In the past it was often facilitated using shorthand – now a dying art in corporate boardrooms. Typically, the process is now digitised to the extent that the minute-taker will use a laptop to make notes during the meeting and save them for later editing and sharing for feedback and approval.

However, this process can be refined and enhanced with the use of tailored meeting minutes software that not only makes taking notes in the meeting easier, but also offers better version control and security, as well as action management tools. Minute-taking software creates a template that automatically draws in information such as dates, attendees and agenda topics. As the meeting proceeds, minute-takers can add action items and assign them to directors. After the meeting, these can be used to send reminders to directors to ensure accountability and transparency.

The meeting minutes are stored in a central, secure location and can be easily added to the board pack for the following meeting as an approval item. Once approved, minutes are safely archived in the portal as a permanent part of the corporate record.

Voting and resolutions

Now that fully or partially virtual meetings are becoming more common, the question of best practices around recording director votes is gaining importance. If votes don’t follow the correct protocols, they risk being challenged on the grounds of invalidity. While noting down a show of hands round the table may be sufficient in a conventional board meeting, this is much harder to do when directors aren’t in the room. Identifying who is voting and which way they are casting their vote is a challenge that we’ve seen recognised by Company Secretaries conducting board meetings through video-conference platforms or where directors are dialling in by phone.

This is where digital voting tools come into their own, allowing directors to record their vote at the touch of a button and instantly create a complete and secure record of the decision reached. There is no ambiguity over who has voted or what their vote is, and votes can be easily taken even if directors are unable to attend meetings in person.

Balancing productivity with security – the CISO’s conundrum

Every CISO has to walk a fine line between enabling their organisation to function by, on the one hand providing productivity-enhancing tools that enable remote-working and collaboration, and on the other keeping company-sensitive data safe from external attack or accidental loss. This is arguably even more important when it comes to board business, involving the organisation’s most sensitive and valuable information.

In the past, the CISO’s responsibility for board document security ended once the board pack rolled off the printer, but that has changed with the advent of digital board management software. When supporting the board to digitise meeting procedures, CISOs will naturally want to ensure that any third-party vendor responsible for board materials operates to the highest security standards.

Standards that should be specified include: 128-bit encryption of data in transit and at rest, with strong security key management; ISO27001 certification showing the rigorous application of information security management; a robust external security audit regime and regular penetration testing. Vendors should also be transparent about the number of breaches they have suffered in the past and their management plan in the event of future breaches.

Ultimately, the benefits of collaborative board governance software are compelling for organisations that want to improve productivity, efficiency and enhance governance. However, security should be a key driver and consideration when digitising board practices. This ensures that all board business is conducted with the level of protection it requires to safely serve the board and the organisation.

 WANT TO LEARN MORE?

Learn how your board can improve their governance and rely on Diligent’s dedication to customer performance. Request a demo today

Featured Blog