What are Boardfolio's Incident Response Plans?

At Boardfolio, we prioritize the security and continuity of our services. Our comprehensive Incident Response and Data Breach Management Plans, including our Disaster Recovery (DR) Plan, are designed to minimize disruptions and protect your data in the event of an incident. Below, we outline our approach, including key metrics like Recovery Time Objective (RTO) and Recovery Point Objective (RPO), as part of our Trust Center’s commitment to transparency and reliability.

Incident Response Plan

Boardfolio has established a robust Incident Response Plan to address potential security incidents, including data breaches, promptly and effectively. Key components include:

• Identification and Containment: We quickly identify and isolate any security incidents to prevent further impact. Our systems are monitored continuously to detect anomalies or unauthorized access.
• Notification: In the event of a data breach, we adhere to GDPR requirements by promptly notifying affected clients and relevant authorities, typically within 72 hours, as outlined in the Boardfolio Data Processing Addendum (DPA) (Boardfolio DPA).
• Mitigation and Resolution: Our team implements immediate measures to mitigate risks, such as patching vulnerabilities or restoring affected systems. We conduct thorough investigations to determine the cause and prevent recurrence.
• Communication: We keep clients informed throughout the process, providing clear updates on the incident and our response actions.

Our Incident Response Plan is aligned with our ISO/IEC 27001:2013 certification, ensuring that our processes meet international standards for information security management.

Disaster Recovery (DR) Plan

Boardfolio’s DR Plan is designed to ensure rapid recovery and continuity of services following a failure or disaster. Key metrics and components include:

• Recovery Time Objective (RTO): The maximum tolerable length of time that our systems, networks, or applications can be down after a failure or disaster. Boardfolio’s RTO is 24 hours, ensuring that critical services are restored within one day to minimize disruption.
• Recovery Point Objective (RPO): The maximum acceptable amount of data loss after an unplanned data-loss incident, expressed as the amount of time between the last backup and the incident. While the specific RPO for Boardfolio is not detailed in the provided information, our DR Plan ensures frequent backups and secure data storage using Transparent Data Encryption (TDE) to minimize data loss. We align with industry best practices to keep data loss to a minimum.
• Backup and Restoration: Data is securely backed up in EU-based data centers certified under ISO/IEC 27001:2013. In the event of a disaster, we restore systems and data from these backups to ensure operational continuity.
• Redundancy: Our infrastructure incorporates redundancy measures to maintain service availability, even during significant disruptions.

Data Protection Measures

To support our Incident Response and DR Plans, Boardfolio employs robust security measures:

• Encryption: Data in transit is protected using SSL/TLS-protected channels, and data at rest is secured with Transparent Data Encryption (TDE).
• Access Controls: Strict access controls limit data access to authorized personnel only, reducing the risk of unauthorized exposure.
• Compliance: Our plans align with GDPR and ISO/IEC 27001:2013 standards, ensuring regulatory compliance and robust security practices.

Our Commitment to Resilience

Boardfolio’s Incident Response and DR Plans are designed to protect your data and ensure service continuity, even in challenging circumstances. By maintaining an RTO of 24 hours and aligning with industry standards, we strive to provide a reliable and secure platform for our users.

For more details on our Incident Response or DR Plans, please refer to the Vistra Group Privacy Notice (www.vistra.com/en/privacy-notice) or the Boardfolio DPA.

If you have any questions or need further assistance, please raise a ticket through our support portal and our support team will respond promptly.