Directors Desk is developed and hosted in an environment protected by multiple layers of security including application security, infrastructure security, process security, and physical and personnel security. Directors Desk is hosted on redundant, high-performance servers in your choice of one of our three regions: the United States, the European Union (Sweden) or Canada. The Nasdaq Global Security Operations Center (GSOC) monitors security events related to Directors Desk and its supporting infrastructure 24/7.
Nasdaq does not transfer customer data among the US, CA or EU data centers. Rest assured that your administrators control your materials and data.
For customers required to comply with U.S. HIPAA or GLBA data security requirements, Directors Desk has features designed to help you do so.
Third-Party Penetration tests are performed before all major production releases.
All critical, high- and medium-risk vulnerabilities found during the review are remediated before code updates are released to the production site or mobile applications.
An attestation letter from each third-party vendor for recent penetration tests is in the full Directors Desk Information Security Packet, which is available upon request.
Nasdaq's internal application security team consulted for security-related matters during the Directors Desk software development lifecycle.
The Nasdaq Group Information Security Team has a role in the software development lifecycle for both web and mobile applications.
The Information Security Team arranges for Directors Desk developers to receive secure coding training.
Transport Layer Security (TLS) is used by the applications to encrypt data in transit.
All customer-uploaded data at rest (except basic account information required for support) is stored using AES-256 encryption with a unique key for each client.
Customer encryption keys are generated and stored using a hardware security module (HSM).
Control, Auditing, Tracking:
Built-in password and user access policies:
Unique log in per user.
Keylog prevention with proprietary Directors Desk scrambled PIN pad.
Customizable time-out feature.
Support for 2-factor authentication.
Application enables administrators to manage user accounts, delegate rights, adjust customizable account settings to determine access rights, set document retention periods (up to 7 years), and adjust other user permissions and parameters.
The application is designed to enable administrators to generate audit reports showing details such as page views; sessions; active/inactive users and password changes, which provide intelligence and visibility over users; login activity; and document management.
Data Centers are protected 24/7, 365 days a year.
All three primary data centers are configured with redundant power lines, internet circuits, and UPS/generator capabilities. The US primary data center is SSAE-16 audited, the EU primary data center is ISAE 3402 audited, and the CA primary data center is audited against CSAE 3416.
The servers used to host the Directors Desk application have an installed enterprise antivirus system.
Network Firewalls designed to provide isolation of network environments and network access control protection.
Host Intrusion Detection Systems (HIDS) technology is deployed throughout the Directors Desk server infrastructure.
Intrusion Detection Systems/Intrusion Prevention Systems – IDS/IPS technology are deployed throughout the application infrastructure.
Network Access Controls are in place for corporate, internally-managed networks.
Nasdaq has strict controls around production network access, including 2-factor authentication.
Web Application Firewalls (WAF) are deployed in blocking mode protecting Directors Desk.
Network VLAN and physical segmentation.
Company policy is that each employee must annually certify their understanding of and compliance with Nasdaq Code of Ethics.
Yearly Security Awareness Training is required by policy for all employees, as well as regular training sessions for software and hardware engineers regarding industry security best practices.
The Nasdaq Group has a dedicated Information Security Department headed by the Chief Information Security Officer who reports to the Chief Information Officer.
The staff within the Nasdaq Information Security Department is regularly provided training in advanced information security concepts.
Additional oversight of the Directors Desk application is provided by The Nasdaq Group’s Internal Audit Department.
In the event of a system or data center failure, client application requests will be redirected to the disaster recovery site if required. To facilitate timely failover between facilities, disaster recovery plans have been created and are tested on a yearly basis. Director’s Desk is designed for failover recovery times (RTO) of less than one hour and recovery point objectives (RPO) of less than 10 minutes.
Nasdaq has developed a comprehensive internal Business Continuity Plan that facilitates the continuation of client services and system support in the event of issues affecting standard operations, such as a force majeure event. The plan is kept current and tested on a periodic basis.
Backups are perform regularly to ensure continuity of service in the event of a primary data center or system failure. Client content is replicated in near-real time between primary and secondary data centers and backed up to a server based archival system on a nightly basis. Backup policies for Directors Desk specifically may vary based on client selected retention options.
Group Risk Management (GRM) is ultimately responsible for governing, developing, coordinating and controlling the Enterprise Risk Management process and providing relevant support to the line organization.
GRM is responsible for the Nasdaq wide risk reporting process and the aggregation of detailed risk information to a consolidated risk portfolio.
GRM also provide consistent and continuous information on risk exposures and current risk trends to Executive Management and the Board of Directors.
BOARD & LEADERSHIP SOLUTIONS
Resources for today’s board members and corporate secretaries.
Today's boards are going paperless. Board portals give directors greater visibility, streamline board book creation, and tighten information security.
Request a demo or contact us to setup your access today.
DISCLAIMER The details on these Directors Desk web pages is provided for information only. For terms and conditions applicable to use of Directors Desk service, prospective customers please refer to Corporate Solutions’ master services agreement, and current customers please refer to your contract with Corporate Solutions for Directors Desk. Nasdaq and Directors Desk are registered and unregistered trademarks of Nasdaq, Inc. and its affiliates in the U.S. and other countries. Apple and iPad are registered and unregistered trademarks of Apple, Inc. in the U.S. and other countries. Microsoft, Outlook and Windows are registered and unregistered trademarks of Microsoft Corporation in the U.S. and other countries.