Trust Center

OnBoard Meetings Trust Center

Security is woven into the fabric of every OnBoard product, team, infrastructure, and process, so your team can rest assured your board and organization's data is safeguarded.

  • Compliance

    Last updated Fri, Feb 11, 2022
    • EU-US Privacy Shield

      Although Privacy Shield is deprecated, Passageways maintains the protections and reporting mechanisms per Privacy Shield’s requirements.

    • GDPR

      Passageways upholds a dedication to maintain GDPR compliance and its applicable data protection laws.

    • HIPAA

      Passageways is HIPAA compliant as a Business Associate.

    • ISO 27001

      Passageways is committed to maintaining our ISMS (Information Security Management System) at or above the standards set out in ISO 27001 and has been audited by an independent firm to certify our compliance.

    • SOC 2 Type II

      Passageways is SOC 2 Type II compliant. Passageways has been audited by an independent firm that has been verified to meet the requirements set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy.

  • Product Security

    Last updated Thu, Feb 10, 2022
    • Multi-Factor Authentication
    • SSO

      Integration is available with your Active Directory Authentication Library, both Okta and OneLogin SSO enable real-time access controls and automated user provisioning.

  • Data Security

    Last updated Thu, Feb 10, 2022
    • Data Encrypted At-Rest

      Data "At-Rest" is encrypted on the client and server side with the AES-256 standard.

    • Data Encrypted In-Transit

      Data "In-Transit" is encrypted using TLS 1.2 enforced and TLS 1.3 preferred technology.

  • Privacy

    Last updated Fri, Feb 11, 2022
    • Privacy Policy

      As a global board meeting solution SaaS provider, Passageways is committed to protecting personal information and complying with the applicable privacy requirements in a reliable and transparent manner.

    • Data Retention Policy
    • Data Removal Requests

      For any concerns, requests, or to exercise your data protection rights, please email

    • Data Protection Officer (DPO)
  • Incident Management & Response

    Last updated Fri, Feb 11, 2022
    • Data Breach Notification

      In the event of any actual or reasonably suspected information security breach or other incident affecting the security or integrity of Your Data, Passageways will adhere to the policies defined in the Passageways Information Security Incident Response Plan and shall notify You promptly and in any event within seventy-two (72) hours.

    • Incident Response Plan (IRP)
  • Availability & Reliability

    Last updated Thu, Feb 10, 2022
    • Auto Scaling
    • Data Redundancy
    • Denial of Service (DoS) Protection
    • Infrastructure Redundancy
  • Organizational Security

    Last updated Fri, Feb 11, 2022
    • Confidentiality Agreements
    • Employee Background Checks
    • Employee Security Training
    • Personnel Screening
  • Business Continuity

    Last updated Fri, Feb 11, 2022
    • Business Continuity Plan
    • Disaster Recovery Plan
    • Data Backups

      All data is persisted in a database and is fully backed up daily.

  • Infrastructure

    Last updated Fri, Feb 11, 2022

    OnBoard is hosted on the gold standard in Cloud Security: Microsoft Azure.

    Azure data centers maintain robust physical security standards and are ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2 compliant.

    For more information regarding Azure's compliance reports please see the following link - .

    • Physical Access Control - Data Center

      For more information, please navigate to the following link which further describes Microsofts security around the Azure Infrastructure.

  • Threat Management

    Last updated Fri, Feb 11, 2022
    • Penetration Testing

      Passageways works with independent security services that perform bi-annual penetration testing.

    • Vulnerability Scanning

      Passageways performs weekly vulnerability scans.