Safeguard Your Information

User Accounts and System Security Preferences

• 

  Account Management

  Easily add and remove users from the system, assign them as General Users or System Administrators, and divide them into groups for easier management.

• 

  User Logs and Activities

  Track application and Admin Portal activity such as logins, document access, meeting changes, and profile updates. Generate usage reports through Audit Trail.

• 

  Password Policies

  Ensure account security with customized password policies and password expiration periods.

• 

  Session Timeout and Sign-In Retries

  Set session timeouts and limit sign-in retries to prevent unauthorized access to Convene.

• 

  Role Based Access Control

  • User Roles
    Configure system settings, customize access rights, and manage user accounts based on User Roles (General User or System Administrator).
  • Meeting Roles
    Define and limit what meeting participants can do during Live Meetings and with the board material by assigning Meeting Roles.

Document Security and Digital Rights Management (DRM)

• 

  Copy Restrictions

  Prevent the copying of document content to other applications so as to minimize exposure of user data.

• 

  Watermarks

  Selectively add customizable watermarks to documents in order to discourage misuse of sensitive material.

• 

  Secure Document Signing

  To prevent signature fraud, Convene requires users to provide their credentials before signing with an E-Signature. Users can also set Convene to timestamp their signatures.

• 

  Scheduled Archival and Disposal

  Schedule the archival and disposal of documents to avoid unauthorized access of files in specific Meetings, Review Rooms or Resolutions.

• 

  Multi-Level Encryption

  • Data at Rest
    Documents are protected with AES 256-bit encryption when stored in Convene’s local storage and web portal.
  • Data in Transit
    Wireless network transmissions to and from Convene are protected with RSA 2048-bit Transport Layer Security (TLS) encryption.
  • Key Management
    Documents are secured with the use of three-tier key management with a random document key, user key, and system key.
• 

  Document Access

  • Document Library
    Limit who can view, download or edit individual files or folders in the Document Library.
  • Meetings
    Assign Meeting Roles to limit who can view, download, forward, export, and print specific agenda items and documents from meetings.
  • Secure Agenda Contribution
    Meeting participants and organizers can be restricted from viewing classified or sensitive agenda items within a meeting.

Device Security

• 

  On-the-fly Decryption Model

  When a user needs to access encrypted files on storage, only the needed parts are decrypted into memory.

• 

  Jailbreak and Root Detection

  Convene is able to detect whether a mobile device has been jailbroken or rooted and will not run on these devices.

• 

  Measures to Secure Lost or Stolen Devices

  • Remote Data Wipe and Automatic Purge
    Remotely delete stored offline data downloaded to a device in case it is lost or stolen.
    
  • Re-Authentication
    In the case of lost or stolen devices, session timeouts render data inaccessible unless the device is re-authenticated.

Secure User Authentication

• 

  User ID and Password

  Convene only allows members with registered user accounts to log in to the system using their own unique password.

• 

  SAML Single Sign-On (SSO)

  Eliminate the need to repeatedly type in passwords per login through a streamlined single sign-on process using SAML 2.0.

• 

  Biometric Authentication

  Do away with the inconvenience of typing login information with Touch ID or Face ID (iOS) or fingerprint scanning (Android) for mobile devices.

• 

  Active Directory Integration

  Through Active Directory (AD) integration, users no longer have to remember another set of credentials, while organizations can ensure that only registered users have access to Convene.

• 

  Multi-Factor Authentication

  • One-time Pin (OTP)
    Receive and enter a one-time verification code, which is securely and instantly delivered to your registered mobile number, before logging in to Convene.
  • Device Registration
    Selectively restrict access to Convene to previously registered devices and/or browsers.
  • Time-Based One-Time Password (TOTP)
    Use the authenticator application of your choice to secure your Convene account.

Enterprise-Grade Cloud Hosting

Convene has partnered up with the leading provider of cloud services in the industry, Amazon Web Services (AWS), to guarantee that client data is protected on all levels.

• 

  Amazon Web Services (AWS)

  • Capable of analysing billions of events and continuous streams of meta-data to detect, prevent and defer any form of cyber-attacks regardless of size
  • Ranks highly on platform configuration options, monitoring and policy features, security and reliability
  • Preferred choice of government institutions and multinational companies worldwide

  Convene cloud global infrastructure is located in ISO-certified (ISO 9001, 27001, 27017 and 27018) and AICPA (SOC 1/2/3) compliant hosting facilities worldwide which are audited under the SSAE-18 standards.

  • Asia (Singapore)
  • Australia (Sydney)
  • U.S. (North Virginia)
  • Canada (Montreal)
  • Europe (United Kingdom & Ireland)

  Each physical hosting facility is protected and monitored 24/7 by professional security staff, video surveillance, intrusion detection systems, two-factor authentication, and many more. Client data is protected by an additional security layer with AWS’ EBS Encryption and is also segmented and stored separately from each other to ensure that data does not leak or overlap.

Cloud Data Segregation

Each Convene client has its own single-tenanted environment—with its own set of data schemas, protected with individual authentication credentials and completely unique keys—to ensure that data is separated from other organisations. All client environments are protected by security firewalls, with only specific ports and addresses allowed.

Cloud Data Availability

With AWS Cloud Hosting, Convene is able to store client data on multiple availability zones. Each availability zone is composed of at least one data centre with independent power and internet sources to make certain that no single point of failure and to provide high availability and durability at all times.

24/7 Intrusion Detection System (IDS)

The 24/7 Intrusion Detection System (IDS) monitors access logs for common malicious attack patterns and notifies the System Team of any suspicious activity.

24/7 Intrusion Prevention System (IPS)

The Convene cloud infrastructure is protected with an Intrusion Prevention System (IPS) that scans traffic and blocks any suspicious traffic, including uploads containing malware. Uploaded files are automatically scanned by services provided by Trend Micro.

Back-up and Recovery

Daily automated backups are done to ensure data integrity, while unused or obsolete archives are destroyed and replaced to prevent unauthorised retrieval.

Defined Security Policies

Convene has documented security policies and procedures in place to ensure the confidentiality, availability, and integrity of the system. All employees are trained and oriented to strictly adhere to these policies.

Designated Security Team

Under the supervision of the Azeus Chief Security Officer, Convene has a security team assigned who is responsible for ensuring staff compliance with security policies and procedures, protecting customer data, and regularly reviewing the effectiveness of security policies and procedures.

Data Processing

Convene’s data processing procedures are compliant with the GDPR and are overseen by a Data Protection Officer.

Business Continuity Measures

Convene’s Business Continuity Plan ensures that support services operate continuously in order to serve all customers at all times.

• 

  Daily Automated Backups*

  Customer data is automatically backed up daily to ensure system integrity.

• 

  Availability Zones and Data Redundancy*

  Convene leverages AWS’ (Amazon Web Services) availability zones in its cloud infrastructure to restore services during disaster situations to ensure high reliability and availability. These data backups are copied to another AWS location within the same region and remain encrypted are stored using Amazon Web Services S3 (Simple Storage Service).

• 

  Disaster Recovery*

  The Convene System Team conducts annual Disaster Recovery drills to test and improve the Disaster Recovery plan so that the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are met.

  *Security Measures are for Convene Cloud Environments only.

Incident Management

Monitored 24/7, Convene’s detection mechanism alerts the Support Team to any incidents that are then forwarded to the System Team for immediate resolution. Users can also report any incidents via chat, email or phone.

*This Security Measure is for Convene Cloud Environments only.

Vulnerability Management

Convene’s servers regularly undergo several security tests and are hardened following security benchmarks from the Center for Internet Security.

• 

  Internal Security Testing and External Penetration Testing*

  The Convene infrastructure is regularly tested and scanned for vulnerabilities by the Convene Systems Team, and is subjected to external penetration testing by independent third parties. Customers may also request for a copy of the results or perform their own security testing and pass their findings to Convene.

• 

  Application Development

  Convene was designed, developed, and tested for vulnerabilities against the Open Web Application Security Project (OWASP) Top 10 and Common Vulnerabilities and Exposures program. Convene’s System Team works with the Security Team to perform scans immediately after every major release and implement patch management procedures for critical vulnerabilities (Example: Spectre 2018).

• 

  AWS Vulnerability Scans*

  Using a variety of scanning tools, AWS performs regular vulnerability scans on the host operating system, web application, and databases in the AWS environment. The AWS security teams are subscribed to news feeds for applicable vendor flaws, and also proactively monitor the vendor’s website and other relevant outlets for new patches.

  *Security Measures are for Convene Cloud Environments only.

Personnel Security

All Convene employees are subject to criminal background checks and are bound by an agreement to uphold the company’s privacy policy and protect the confidentiality of customer data.

• 

  Security Awareness Training

  New staff members are required to undergo a security awareness training that discusses common security attacks, social engineering tactics, detection and prevention of attacks, and procedure for reporting.

• 

  Role-specific Security Training

  Convene developers and system engineers regularly undergo training so that they are updated on industry-standard security practices.