WHITEPAPER
On-premise and off-premise based Board communication platform
In recent years, information technology has changed how people interact in business in almost every industry. Even executive bodies such as Board of Directors, who are traditionally more conservative towards the adaptation of new technologies, have increasingly embraced these technologies in terms of safety, reliability and ease of use. The iPad has paved the way to paperless meetings, and suits with its intuitive user interface the representation of complex reports and information, especially on the road. Thus, this device replaces the traditional printing and mailing of meeting materials. In other words, communication and documentation of the modern board office work 100% paperless.
By the launch of twelve, the Swiss loomion AG now provides the solution with which Board members can access important data in a safe environment. The data can be hosted either at the customer’s site or at our high-security data center provider, Green.ch, in Switzerland as a service (SaaS). The software is based on the industry standard Microsoft SharePoint and provides information on both the browser on PC, as well as on an offline app available on the iPad. Directors may prepare for their upcoming meetings while traveling. So, last-minute changes to documents can still be published. loomion offers with twelvethe most advanced and secured information and document exchange platform for the needs of your Board of Directors.
Security plays an important role. It is covered on all possible layers and components of this solution. Whether you plan to be in control of the entire infrastructure yourself, or you want to have us taking over the hosting of data and managing the farm, your data is secure.
TECHNICAL PARAMETERS
Has your Board of Directors identified the need to streamline their •
communication processes?
Was there an audit finding about insufficient security measures for their •
document exchange, since an email with important and classified information didn’t get sent to another Board member?
Does Board member X need to access the 18-month historic information about the •
compensation agreement?
Do your Board members want to have additional information about the venue the •
quarterly Board meeting is been held?
Should your Board members be able to work through all documents while they •
are traveling?
With our Board communication and secure document exchange platform, twelve, we address these needs and give you the answers - a platform to manage and handle intuitively information for Board members, their assistants and, of course, also for the Board office secretaries.
TYPICAL SCENARIOS
Central server and secure data storage
The central backend of twelveis a Microsoft SharePoint 2013 and Microsoft SQL Server 2012 system that is managed with twelve Admin. Its user interface is based on SharePoint with enhanced web parts to support all required document and information workflows that occur during the day-to-day work of a Board office assistant, such as, but not limited to:
The process of content creation is streamlined and enhanced with versioning •
and workflows by Microsoft SharePoint, de-facto-standard for document management
Administration of meetings, committees, documents and persons takes place in •
one central console
Intelligent user support for data management (uploading of documents, •
plausibility checks during data entry, context-sensitive on-screen help, wizards etc)
Various search options for meetings and documents •
Notification when new documents are available (by mail, SMS and/or Apple Push •
Notification) Export functions •
All data and documents are stored on a central SQL Server instance. This server will be hardened and secured according to state-of-the-art security standards.
If you intend to license the on-premise version of twelve, you might consider high-availability and/or disaster recovery requirements, thus clustering and mirroring your systems in a remote location is possible.
ARCHITECTURE
Secure and efficient communication
Having all the documents uploaded to the platform, the Board office assistant initiates a notification run. twelve Admincrawls through all uploaded or changed documents and checks the access matrix. According to it and the notification preferences of the Board members, notifications are sent: text messages to their mobile phones, emails to the private mail accounts and mobile device specific messages (e.g. APNS).
Thus, even before boarding the airplane to the meeting venue, your Board members can receive the latest updates of relevant documents.
Management of content
All content is managed through the Board office using twelve Adminthat is based on the industry-leading document management system Microsoft SharePoint. Users are managed; committees are populated; meetings are created; and documents and data like event venue location are added – all in one single place.
The Board office secretaries’ permissions to see each others’ documents can be restricted. So, for example, twelve allows documents that are intended for the Compensation Committee members not to be seen by the Audit & Compliance Committee members - for the administrators as well as for the Board members.
Management of users
Access to documents and data is strictly role-based. A very granular access matrix can be adjusted and enhanced at any time. All document types are matched against the roles that have been created: from the Audit Committee member to the VIP support co-worker. All involved users must be members in the Active Directory domain. New users can be on-boarded easily.
Off-premise (SaaS) or on-premise model (operated in your infrastructure) •
End-to-end encrypted communication between servers and clients (laptops and •
mobile devices)
Integration of PKI, certificates validated on various checkpoints •
strong authentication for mobile device access: AD credentials and client •
certificate
strong authentication for browser-based access: AD credentials and secure cloud-•
based authentication service
Internal and external access for all devices follows the same communication •
paths
Centralized web service for stateless synchronization communicating with •
loomion twelve on-premise architecture
All data and documents are stored within your company on your own on-premise servers and your own infrastructure. This gives you total control over the access to the most precious information in your company. Documents will be uploaded to the devices of your Board members only if you explicitly grant access.
The entire Microsoft SharePoint environment will be hardened according to the state-of-the-art security standards to prevent unauthorized access - externally as well as internally. WAF twelve.customer.com PROXY
DMZ
INTERNAL NETWORK
APNStwelve mobile for iPad
twelve WebApp/ twelve Admin Authentication Provider IIS PKI Active Directory SharePoint farm AD credentials 443 oAuth 443 AD credentials 443 AD credentials 443 AD credentials 443 2195, 2196 2195, 2196 2195, 2196 2195, 2196
client auth cert
CRL check
AD credentials 443 AD credentials 443
2195, 2196
Network traffic twelve WebApp
AD credentials client auth cert
loomion twelve off-premise architecture
If your IT strategy doesn’t allow for your own Microsoft SharePoint infrastructure, we can additionally provide the hosting services for the content in our highly secured and highly available data center located in Switzerland. The same high degree of security measures against unauthorized access will be provided as on the on-premise solution.
The Board office manages all content and users on the remote environment. The Board members access this infrastructure with their twelve mobile for iPadapp and their regular laptops. twelve WebApp/ twelve Admin WAF twelve.customer.com PROXY (hosted by loomion)
DMZ
INTERNAL NETWORK
APNStwelve mobile for iPad
Authentication Provider IIS PKI Active Directory SharePoint farm AD credentials 443 oAuth 443 AD credentials 443 AD credentials 443 2195, 2196 2195, 2196
client auth cert
CRL check
AD credentials 443 AD credentials 443
2195, 2196
AD credentials
Network traffic twelve WebApp Network traffic twelve mobile for iPad
twelve WebService
FUNCTIONS
Application featuresUser interface of browser-based and mobile device app can be branded according •
to your CI guidelines
Personalized views to calendar, meetings and documents •
Configurable contact and help information of Board office and VIP IT support •
Information about next meeting event, venue, local weather, leisure activities, •
entertainment facilities and social events
Monthly overview of meetings with short agenda and corresponding documents •
grouped by document type
Dissemination of personal documents (travel tickets, visas etc.) •
Combined meetings lasting longer than a day are presented in a combined look •
Application-wide icons and colors for committees and meetings •
Special meetings (TCs, face-to-face) can be displayed in different colors and icons •
A document can have the following statuses: new, read (showing the read date) or •
changed by the Board office
Display of number of unread documents •
Document viewer with annotation functions: highlight, underline, notes and •
free-hand drawing
Annual calendar overview of all meetings of all committees •
Overview of the constitution of the Board of Directors: all members are displayed •
with picture and contact details
The content of all documents is full-text indexed and searchable •
Information/Alerting
Users get notified about new documents by mail, text message and device •
specific notification center (Apple Push Notification)
If app is running and “new documents” alert is received, synchronization starts •
automatically Synchronization
Stateless synchronization mechanism: after interrupting, synchronization run •
resumes at the last position
Integration of device specific notification centers to inform users about new •
Security Management
In general
End-to-end encryption of transferred data between servers and clients •
Encryption of stored data on all devices and servers •
Strong authentication for online and offline access •
Auto log-off after 15 minutes of inactivity •
Role-based access - documents and data are uploaded to mobile device on need-to-•
know basis
Role-based concept for Board office and committee secretariats for uploading of data •
and documents
Board members don’t have direct access to twelve Adminconsole •
Central user and certificate management •
Authentication and authorization checks are the same for external and internal users •
Implemented in adherence to generally recognized security coding standards (OWASP) •
Security hardened server environment according to NSA standards •
On mobile devices: twelve mobile for iPad
Central blocking of mobile devices and deletion of content in case of theft •
No storage of any passwords on mobile devices •
When smart-cover is closed, log-out is enforced •
Automatic log-out on background entry of app •
Jailbreak and debugger detection •
Exclusion of Apple iCloud or iTunes backup •
Secure deletion of all content after 5 failed authentication attempts •
Prevention of taking screenshots •
No data leaves the application-policy •
Retention of aged documents •
Certificate Revocation List (CRL), certificate serial number checks and •
authentication for each transmission request
Browser-based access: twelve WebApp
Security awareness disclaimer shown once per day •
Whitelisted internet browsers supported only •
Implementation of PFS (Perfect Forward Secrecy) for secure key exchange •
PLATFORM HIGHLIGHTS
SecurityEnd-to-end secure platform for document and information exchange for your Board members.
Intuitive UI on multiple platforms
twelve mobile for iPadis an easy to use application from the get-go because Apple’s
design style-guide has been applied stringently.
twelve Webappis the intuitively used browser-based meeting information display for
convenient reading on any desktop computer.
Optimal support of processes for the Board office through streamlined document creation and management tools in twelve Admin.
Two different licensing models
On-premise licensing, where all data and documents are stored within your company on your own servers. Or off-premise (SaaS) licensing, where we provide the hosting services for the content in our highly secured and highly available data center located in Switzerland.
SYSTEM REQUIREMENTS
CONTACT
Questions? Simply contact us at: info@loomion.com
call +41 61 500 16 25
or visit us online: www.facebook.com/loomion www.linkedin.com/company/loomion google.com/+loomion www.twitter.com/loomion Server Hosting systemMicrosoft SharePoint 2013 Standard Edition (or higher), including •
Microsoft SQL Server 2008 R2 (or higher)
Operating System
Windows Server 2008 R2 (or higher) •
Further specifications
See http://goo.gl/RTuLA for minimum requirements for Microsoft SharePoint 2013 •
Infrastructure
Supported web application firewalls •
Microsoft Active Directory •
PKI (if not available, commercial certificates could be used) •
Clients (with offline capabilities)
Apple iPad with iOS 6.x or higher •
Google Android tablet – planned for 2014 •
Windows 8 tablet – planned for 2014 •
Clients (browser-based access)
Microsoft Windows 7 or higher with Internet Explorer 8 (or higher), Chrome or Firefox •
MacOS X with Safari, Chrome, Firefox •
Up-to-date virus scanner (recommendation) •
Contact Tel +41 61 500 16 25 www.loomion.com info@loomion.com loomion AG Steinengraben 18 4051 Basel Switzerland loomion S.à r.l.
7A, rue des jardins 5963 Itzig
Luxembourg
loomion Germany
Werftstr. 12 76189 Karlsruhe
loomion United States
Florham Park New Jersey 184 Columbia Turnpike Suite 4-232 Florham Park NJ 07932
loomion Brasil
Rua Machado Bittencourt 190 - Cj 606
CEP 04044-903 São Paulo
loomion India
Stylus Serviced Offices
The information provided in this document does not warrant or assume any legal liability or re-sponsibility for the accuracy and completeness. This document is meant to provide a general structure on the discussed issue. Thus it is not meant to document specific licensing terms. Please refer to your license agreements, availa-ble product licensing information and other sour-ces provided by loomion AG to review valid terms and conditions for license compliance reconcilia-tion.
This documentation is protected by copyright. All rights reserved by loomion AG. Any other usage, in particular dissemination to third parties; sto-rage within a data system; distribution; editing; speech; presentation; and performance, are pro-hibited. This applies to document in part and as a whole. This document is subject to change. Reprints, even of excerpts, are only permitted after written consent of loomion AG. The products described in this documentation are continuously developed, which may result in differences bet-ween the documentation and the actual systems. This documentation is not exhaustive and does not claim to cover the complete functionality of the products and
services.
© 2014 loomion AG
Microsoft, SharePoint, and Windows are either re-gistered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.