Boards on Fire Trust Center

For us, information security and confidentiality are one of the top priorities. Boards on Fire serves large, publicly traded companies worldwide, all of which have stringent security standards. These organizations trust us with their confidential and crucial business information, making information security a fundamental aspect of our operations.

We uphold strict protocols and continuously enhance our security measures to guarantee that all our customers can securely manage their data with us. The data your organization gathers on our platform is encrypted, backed up, and accessible solely to the users you authorize.

People

Our employees play a crucial role in our ensuring the security and privacy of the Boards on Fire application and your data. Here are some of the steps we take:

  • Background Checks
    Every candidate must pass a standard background check to proceed with the hiring process. Additionally, they are required to sign a non-disclosure agreement (NDA) as part of their employment contract.
  • Roles & Responsibilities
    The Development, Operations, and Customer Success teams are continuously informed of their duties in ensuring the security, confidentiality, integrity, and accessibility of customer data.
  • Training
    Boards on Fire offers information security and privacy training to all new hires, as well as continuous training for all employees. Beyond this general training, we also provide specialized training for specific needs.

Application Security

Boards on Fire is designed to be secure from the very first line of code. Security is always top of mind in our development.

Software Development Life Cycle

At Boards on Fire, we leverage the DevOps and Continuous Delivery models. The highly automated nature of our software and infrastructure delivery, combined with frequent releases, requires security to be embedded into the SDLC is essential.

Here are a few controls included in our process:

  • Design and requirement reviews
  • Code review on every line code
  • Static Code Analysis
  • Static Security Code Analysis
  • Automated vulnerability scans
  • Automated unit, integration and end-2-end tests
  • Principle of least privilege (PoLP)
  • Detailed change and release management

How is the Boards on Fire application available?

Boards on Fire is available as a Software as a Service (SaaS) delivery model, providing you with access to the most up-to-date and advanced application with no requirement for maintenance and upgrades. Boards on Fire uses many of the security benefits from Microsoft Azure, as for example Azure Front Door with Azure Web Application Firewall (WAF).

Azure Web Application Firewall takes all knowledge within Microsoft and protects Boards on Fire from common web-based attacks like SQL injection, cross-site scripting attacks and session hijacking. It comes preconfigured with protection from threats identified by the Open Web Application Security Project (OWASP) as the top 10 common vulnerabilities.

Authentication

Authentication to Boards on Fire is handled through Microsoft Azure B2C. Passwords are stored in Microsoft Azure B2C and not visible to anyone at Boards on Fire. If the password is forgotten, the only way is to reset it.

Boards on Fire lets you implement Single Sign On (SSO) through OpenID Connect (OIDC) with your Microsoft Entra ID.

Physical Security

Boards on Fire uses an industry leading cloud platform (Microsoft Azure) to host production environments. Microsoft understands the importance of protecting your data and is committed to helping secure the datacenters that contain your data. Microsoft has an entire division devoted to designing, building, and operating the physical facilities supporting Azure.

The Boards on Fire office is only accessible with the use of a key. Keys are only given to authorized employees. Visitors always require escort throughout the office. Our workstations use full disk encryption and are always locked when not in use.

Your data stays with us

Data is stored in Microsoft Azure Database for PostgreSQL – Flexible Server. It's a fully managed database-as-a-service that can handle mission-critical workloads with predictable performance, security, high availability, and dynamic scalability. Microsoft Azure Database also takes care of automatic (daily) backups and encryption of data.

Segregation of data

Boards on Fire is multi-tenant with logical and strict separation between all customers. Customers are segregated with unique subdomains and all customer data is segregated at both the application and database level using unique IDs.

If you have a requirement that says your data should be stored in its own database, that is also possible.

Authorization

Boards on Fire gives you the ability to limit access to your data and configuration by defining custom access groups that you assign to your users. Access can be limited per user, or per organization, within Boards on Fire.

File storage

Files are stored and managed in Microsoft Azure Storage. Azure Storage offers highly available, massively scalable, durable, and secure storage. Each customer has its own segregated area for their files.

Encryption

Data in transit
All data in transit is encrypted with Secure Sockets Layer and Transport Layer Security (SSL/TLS) with a minimum requirement of TLS 1.2.

Data in rest
Data in rest in database is encrypted using FIPS 140-2 validated cryptographic module. Data is encrypted on disk, including backups and the temporary files created while queries are running.

Data in rest in file storage is encrypted and decrypted transparently using 256-bit AES encryption. Microsoft is responsible for encryption key storage, key control, and key rotation.

Read more about security in Azure Database: Security in Azure Database

Further information on Azure Storage encryption: Azure Storage encryption

Boards on Fire staff access

Access to your data, stored within Boards on Fire, is restricted to only employees who have a need to know this information.

Boards on Fire employees may sign into your account to access settings related to your support issue. For this they use their individual SSO account with 2FA, and all activity is logged to audit logs. This way special access improves efficiency and security. They can easily see your environment without you sharing any credentials.

Further on all employees at Boards on Fire strive to respect your privacy as much as possible, and only access files and settings needed to diagnose and resolve your issue.

Secure and well trusted infrastructure

Boards on Fire uses Microsoft Azure as a cloud provider. Microsoft ensures high availability, regular backups, continuous updates, 24/7 monitoring and the most effective firewalls.

Certifications

Among others, Microsoft Azure holds certifications in accordance with ISO/IEC 27001, 27017, 27018, and 9001.

Read more about Security in Microsoft Azure.

Scalability and reliability

Boards on Fire is built as a modern, secure and scalable cloud application. We continuously monitor performance metrics and make sure our environments meet the high demands from our users. Microsoft Azure guarantees an SLA of 99,95%.

Logs

Security, authentication and application logs are centrally collected in Microsoft Azure Log Analytics for a retention period of 90 days. Exceptions are collected with an exception tracker for monitoring and analysis purposes. Logs are stored in separate storage locations from other application data.

Every instance of data modification and selected events of data access are recorded in the Audit Log, which includes the user ID and the precise time at which these actions occurred.

Privacy and GDPR

Boards on Fire is committed to protecting your data, including the personal information of all your employees. As a result, we help your organization remain and demonstrate compliance with privacy laws and regulations such as GDPR.

Our services only collect personal information necessary to provide access to our service. This information is classified, kept up to date, and is never shared with any third party. All data is stored within the European Union.

Read more in our Privacy Policy.

Reporting Security Vulnerabilities

If you believe you found a security vulnerability, please head over to our responsible disclosure page.

Additional terms

For additional terms, please see General Terms and Conditions.