Security at Board: Our Commitment and our Practice with AI Security 

Security is not just a feature at Board—it’s a core value embedded in everything we do. As the Head of Engineering, I’m proud to share how we approach security from multiple perspectives: the features we offer, the way we manage our cloud infrastructure, and the software development practices we follow every day. This allows our customers to sleep soundly and to be compliant with the most common security and privacy regulations, resting sure their data is protected, while getting all the benefits of a cutting edge EPM platform.  

 

Security by Design: More Than a Buzzword 

At Board, security isn’t an afterthought—it’s integrated into the design and architecture of our platform from day one. Our features are built with privacy and protection in mind, ensuring that our customers’ data is always safeguarded. This commitment is reflected in our use of best-in-class security technologies and industry-leading standards across our entire solution stack. 

 

A Demonstrative Approach to Security 

We know that trust needs to be earned, not just made as a claim. That’s why Board has achieved a comprehensive set of industry certifications, including: 

• ISO/IEC 27001 – Information Security Management 

• ISO/IEC 27017 – Cloud Security 

• ISO/IEC 27018 – Protection of Personally Identifiable Information in the Cloud 

• ISO 9001 – Quality Management 

• SOC 1, SOC 2, and SOC 3 – System and Organization Controls for security, availability, processing integrity, confidentiality, and privacy 

Our commitment doesn’t end here: we are actively working towards compliance with the upcoming NIS2, DORA, and EU Data Act regulations, to ensure our platform continues to stay ahead of emerging requirements. 

 

Secure Development with the 3 C’s: Code, Cloud, and Culture 

Code: Security is woven into the DNA of our engineering processes (SDLC): 

• Automated Code Analysis: We leverage both static (SAST) and dynamic (DAST) code scanning tools throughout our development pipeline. This dual approach ensures that vulnerabilities are detected early and often, covering both source code and running applications. 

• Software Composition Analysis (SCA): Our tools automatically scan third-party libraries for known vulnerabilities. We patch severe risks as soon as they are identified, keeping our dependencies secure and up-to-date. 

• Developer Training: Our R&D team is regularly trained on secure coding practices. Security is not a one-time lesson but an ongoing journey for every engineer at Board. 

• Dedicated Security Team: We maintain a specialized security and architecture team tasked with oversight, guidance, and incident response across our products. 

 

Cloud: Enterprise-Grade Cloud Security 

Our SaaS offering is architected for resilience and security from the ground up: 

• Dedicated Tenant: each of our customers has a dedicated set of storage and compute resources, granting them the highest level of data segregation from all other Board SaaS customers. Unlike multi-tenant models, where the data separation is only logical and based on coded rules, Board’s single dedicated tenant model relies on separate Virtual Machines for each customer, ensuring security and compliance by default.  

• Certified Security Architecture: We design and operate our platform on certified, secure cloud infrastructures and we closely collaborate with our Cloud provider to regularly review and certify our deployment architecture, backup policies, DR procedures and the adherence to the best in class deployment practices. 

• Disaster Recovery and High Availability: Regional server distribution, rigorous backup policies, and tested disaster recovery processes ensure your data is always available, even in the face of disruption. 

• Single Sign-On (SSO): We support SSO integrations for seamless and secure user authentication across all major enterprise identity providers. 

• AI Security: our novel AI capabilities are all built on models that run on our Cloud, ensuring the data stays in your private SaaS. It is possible to bring your own key to integrate third party services for specific needs. 

 

Culture: Continuous Assurance: Penetration Testing and Beyond 

Driving security is not a static process, but one that is continuously evolving. We regularly subject our unified platform to rigorous penetration tests, conducted both internally by our security team and externally by trusted customers and partners. These assessments provide valuable insights and help us continuously enhance our defenses. 

 

The Bottom Line 

Security at Board is an ongoing commitment—one that spans technology, people, and processes. We are proud of the work we do to keep our customers’ data secure, and we will continue to invest, innovate, and lead by example in the industry. 

If you have questions or want to learn more about our security practices and certifications, please get in touch. Security is a journey, and at Board, we’re taking every step with you.