The security of your board data is our core business!
Leading Boards’ servers are located in Canada and France, and the whole service is ISO 27001 certified.
Data hosted is not shared in the cloud or subject to the U.S. Patriot/Freedom Act,
thus providing a permanent control on the access to your information.
Why trust us with your data ?
Three different levels of protection
ISO 27001 certified hosting
In order to continuously improve data protection and ensure the confidentiality of all information, Leading Boards Board portals are hosted on servers that have obtained certifications in the field of computer security.
The hosting is certified by the international standard ISO/IEC 27001:2005. This standard guarantees the implementation of an Information Security Management System for data safety. ISO 27001 also defines control measures to ensure the relevance of the system to provide our customers with very high level security requirements.
Qualys SECURE Seal
Our system is certified Qualys SECURE and tested daily to pass all external vulnerability audit recommendations of the organizations below:
- Department of Homeland Security’s National Infrastructure Protection Center (NIPC)
- SANS/FBI Top 20 Internet Security Vulnerabilities list
- Visa’s CISP and AIS
- MasterCard’s SDP
- American Express’ DSS
- Discover Card’s DISC security standards
As a Qualys SECURE site, our system is also certified to be in compliance with the network perimeter security criteria mandated in such regulations as:
- Health Insurance Portability & Accountability Act (HIPAA)
- Gramm-Leach-Bliley Act (GLBA)
- Sarbanes-Oxley Act (SOA)
- Government Information Security Reform Act (GISRA)
- Canada’s Personal Information Protection and Electronic Documents Act
256 bits SSL encryption key
Each user is identified by a unique username and given a temporary password. All users have to change their password on first login, and the default password strength enforces a “strong” password policy.
Each and every request made to our servers is authenticated to verify the user’s identity, and whether the user has the appropriate permissions to execute the requested action. Only if these checks successfully pass, does the request get passed to the main application for execution.
All confidential data is encrypted using strong, industry standard encryption protocols.