Guide
How confidential meeting material, private links, access control, audit history, and security review fit together.
Guide · 21 min
How confidential meeting material, private links, access control, audit history, and security review fit together.
Security is strongest when it is visible in the ordinary minutes workflow.
Boardmate guide
The guide shows security, legal, and procurement teams how private workspaces, limited links, audit history, retention, and data-flow questions fit around confidential minutes work.
Use it before real confidential material is uploaded for evaluation.
Guide sections
Before files move
Use this when an IT reviewer, legal reviewer, compliance lead, or board support owner needs to understand how confidential source material, reviewer links, generated drafts, exports, and audit trail move through Boardmate.
Result of the exercise
Scope, access, retention, deletion, data-flow questions, and remaining procurement items.
Users, reviewers, links, revocations, exports, and outstanding access questions after the evaluation.
What is retained, deleted, or carried into a wider Boardmate workspace.
Boardmate view
Formal minutes may contain personal data, privileged context, commercial sensitivity, regulatory issues, fund information, and board decisions. A careful team should not wait until after upload to ask how the material is handled.
This guide starts that conversation early. Board support, IT, legal, and procurement can see what enters Boardmate, who can see it, what reviewers can do, which exports leave the system, and what happens at the end of an evaluation.
Security detail
Confidential minutes can carry personal data, commercial sensitivity, legal privilege, regulatory context, and fund board decisions. A careful team does not upload a broad archive and then ask later who could see what.
The secure workflow article makes the control surface concrete: sample scope, named users, private reviewer links, data flow, support access, exports, audit history, retention, deletion, and the material decision at evaluation close.
Named entities, meeting types, source files, workspace users, external reviewers, and excluded material are agreed before upload.
Boardmate workspace users may need a working area. External reviewers usually need limited access to one draft and a small set of allowed actions.
The team decides what is retained, deleted, exported, or carried forward when evaluation work finishes.
How to run it
Security review becomes clearer when every question is tied to an ordinary workflow event rather than generic software assurances.
List what can enter the sample, what needs redaction, and what stays out until legal or procurement review is further along.
Identify who can upload, draft, invite reviewers, decide comments, export files, request deletion, and see audit trail.
Trace source upload, preflight, generation, private review, uploads, comments, decisions, regeneration, export, audit, retention, and deletion.
A reviewer sees the relevant draft and allowed actions without unnecessary exposure to other reviewers, workspace notes, or unrelated meetings.
At the end, document what the team keeps, what Boardmate retains or deletes under the agreed terms, and what still blocks wider use.
Worked scenario
The team chooses five meetings and excludes one privileged file set, one employment matter, and unrelated archive material. IT receives the data-flow and subprocessor questions before upload. Legal approves a limited sample with named workspace users and two external reviewers.
After review, the team exports the DOCX, PDF, and audit record for the evaluation file. Source retention and deletion are then decided before the conversation widens.
Five named meetings and source types needed for the evaluation.
Privileged, employment, and unrelated archive material.
Named users, scoped reviewer links, and export lead.
Retention, deletion, and next security review questions recorded.
A good result
The first upload matches an agreed purpose and scope.
Access, reviewer activity, comments, exports, and decisions are traceable.
IT and legal can connect security review answers to the minutes workflow.
Sample material does not remain unmanaged after evaluation.
Boardmate review
The first upload is bounded by purpose, entities, meeting types, source files, reviewers, exports, and excluded material.
Boardmate workspace users and external reviewers have different access needs and should be reviewed separately.
Source files, preflight, generation, private review, comments, uploads, decisions, exports, and audit history are the practical data flow.
At the end of the evaluation, the team decides what is retained, deleted, downloaded, or carried into a wider workspace.
Worked example
The team starts with a scoped sample: named entities, five meetings, allowed source types, named workspace users, limited external reviewers, and a list of material kept out of the first run. IT and legal receive the current data-flow and subprocessor brief before any confidential archive is uploaded.
During the sample, access record is collected from ordinary workflow events: who received workspace access, which private links were issued, what reviewers could do, which exports left the system, and what audit history remains after close-out.
Specific meetings, source types, reviewers, export leads, and permitted evaluation use.
Privileged advice, highly sensitive transactions, employment matters, or unrelated archive material.
Retain, delete, export, or carry forward, with the responsible person and reason recorded.
Decision ledger
What material is allowed into Boardmate for this evaluation?
Scope register, excluded files, named users, and data-flow questions.
Use synthetic or redacted material until security review questions are ready for real files.
Can reviewers see only what they need?
Private links, draft scope, allowed actions, expiry, revocation, and activity history.
Separate workspace permissions from reviewer permissions.
Can the data flow be explained to IT and legal?
Source upload, generation, review, uploads, decisions, exports, audit, subprocessors, retention, and deletion process.
Move wider only when the current documentation answers the team's review standard.
What happens to sample material now?
Export record, retained material, deletion request, open questions, and close-out note.
Avoid leaving an unmanaged sample workspace after the commercial conversation ends.
Watch points
Policy abstraction Security copy is weak if it cannot be connected to the actual minutes workflow.
Generic links Shared access makes reviewer activity harder to attribute and harder to explain.
Forgotten samples A useful evaluation can still become a risk if nobody closes the material decision.
Boardroom wording
To IT Here is the workflow sequence: upload, preflight, generation, review, decision, export, audit, retention, deletion.
To legal We will exclude privileged or highly sensitive material until scope and access are agreed.
To board support Security review should make the sample cleaner, not slower for its own sake.
Boardmate toolkit
Security content becomes credible when it is tied to real workflow events: upload, preflight, draft generation, private review, comment decisions, export, audit, retention, and deletion. That is the concrete material a careful team can discuss with IT and legal.
Briefing note
The scope note names which entities, meetings, source files, users, reviewers, exports, and exclusions are part of the sample. It also records which material is redacted, delayed, or held outside Boardmate until security review is complete.
Named meetings, source types, workspace users, external reviewers, allowed outputs, and evaluation purpose.
Privileged advice, employment matters, highly sensitive transactions, unrelated archive material, or unapproved exports.
What the team retains, what is deleted, what is exported, and what carries into a wider workspace.
The workspace explains who can upload, draft, invite, moderate, export, request deletion, and read audit trail.
Reviewer links are not the same as workspace access. They are limited to the draft and actions the reviewer needs.
Upload, matching, review, comments, decisions, regeneration, export, download, revocation, and deletion questions remain traceable.
The guide introduces the questions; the current security and procurement pack supplies formal provider, role, retention, and contractual details.
Role by role
Connect each security review question to a workflow event.
Data-flow brief, user roles, reviewer links, subprocessors, logging, retention, deletion, and incident contact.Decide which material can enter the first sample and what needs contractual or confidentiality coverage first.
Scope note, exclusions, privilege sensitivity, export handling, and deletion request process.Prepare the sample without mixing in unnecessary confidential archive material.
Meeting list, source folder, excluded-material note, reviewer list, and close-out plan.Do not widen the workspace until security blockers have a named person.
Open questions, accountable person, due date, and material decision.Decision route
A broad archive is uploaded before purpose, access, exclusions, or retention are agreed.
Pause and define the sample.The sample scope, users, reviewers, exclusions, and outputs are named.
Proceed with limited material if security review questions are acceptable.IT and legal can trace data through upload, review, decision, export, audit, retention, and deletion.
Move to a larger evaluation or formal review.Close-out decisions and deletion or retention processes are documented after the sample.
Carry the controls into wider rollout.Record note
The guide helps the team write a clear security scope before asking for formal documents.
Evaluate Boardmate Lite for a seven-meeting backlog sample.
Two workspace users, one chair, two scoped external reviewers, no shared accounts.
No privileged advice, employment material, or unrelated archive folders in the first upload.
Export DOCX, PDF, and audit record; decide retention or deletion before widening.
Avoid
Unclear answers Security answers should connect to upload, review, export, retention, deletion, and access decisions.
Reviewer overexposure External reviewers usually need one draft and limited actions, not a workspace view.
Forgotten sample Evaluation material left unmanaged after the demo becomes a trust problem.
Certification overclaim Do not imply security certifications or commitments that are not in the formal security review material.
Scope
The safest first evaluation is deliberately scoped. Name the entities, meetings, source types, reviewers, and outputs that are in scope. Identify material that should be excluded, redacted, or held until security review is complete. This is especially important for privileged advice, sensitive employee matters, highly confidential transactions, or unrelated archive material.
Scope control also improves the product evaluation. If the team knows which files belong in the sample, preflight can be judged fairly. If the archive is dumped into the product without boundaries, security review and quality review become confused.
Specific meetings, entities, file types, reviewers, and outputs.
Material needing redaction, legal approval, or separate handling.
Unrelated archive material and files not needed for the first decision.
Access
Named workspace users usually need broader access than an external reviewer. A reviewer may only need limited access to read a draft, comment on a selected passage, upload support, or confirm no comments. The access model should reflect that difference.
Private links should be scoped, attributable, revocable, and expiring where appropriate. The team can check whether reviewers can see only what they need, whether activity is visible to authorised users, and whether access can be closed when the review round ends.
Who received access, when, and for which draft.
Open events, comments, uploads, and confirmations.
Revocation, expiry, replacement, or evaluation close-out.
Data flow
Data-flow questions are easier to answer when they follow the work. Source files enter the workspace. Preflight checks the batch. Draft minutes are generated. Reviewers access drafts through private links. Comments, uploads, decisions, regeneration, exports, actions, and audit history are created. Each step has access and retention implications.
A team should ask for current data-flow and subprocessor detail before uploading real material. The website can outline the workflow, but formal procurement will need the specific current documentation, contract terms, retention position, and deletion process.
Close-out
Security review does not finish when the demo ends. The team should decide what happens to source files, draft minutes, review comments, uploads, exported files, and audit history. Some material may be retained for the evaluation file. Some may be deleted. Some may be carried into a pilot or full workspace.
The close-out note should record the decision, the person who authorised it, and any unresolved security review questions. That discipline helps prevent a useful sample from becoming an unmanaged archive.
Questions to settle
Carry forward
Scope register, access record, security review questions, export record, and material close-out decision.
Agree confidentiality and security review answers before real confidential source material is uploaded.
Board support owns sample scope, IT and legal own security review, chair or delegate owns minutes decisions.
Before upload
Formal minutes can contain confidential decisions, commercially sensitive discussions, personal data, regulatory context, and privileged material. A careful evaluation should agree data-handling terms before real files are uploaded.
Synthetic sample or redacted board material used to learn the workflow shape.
Real meetings loaded after confidentiality, access, and data-flow questions are agreed.
Unscoped archive upload before security review, approvals, or access boundaries are understood.
Workspace access
A narrow workspace is easier to explain and easier to govern. It should contain the sample meetings, named users, source files, drafts, review links, exports, and audit history needed for the evaluation.
Private links
Many attendees and service providers only need focused access for draft-minute review. Private links can keep the task narrow while still recording who did what.
The link takes the reviewer to the relevant draft and allowed review actions.
The activity remains attributable to the intended reviewer.
Expiry, revocation, and replacement are available when access changes.
Comments, uploads, and no-comment confirmations remain with the meeting record.
Audit
A useful audit trail answers practical questions clearly: what was uploaded, who reviewed the draft, which feedback was accepted, when regeneration happened, and which outputs left the system.
Security review
Board support may understand the workflow quickly, but IT, legal, and compliance need structured answers. The key questions should be easy to raise before confidential material is uploaded.
What data enters Boardmate, where it is processed, and which services support the workflow.
Which external services may handle data and what role they perform.
How source files, drafts, reviewer activity, exports, and audit history are retained or deleted.
How users, reviewers, support access, revocation, and workspace boundaries are handled.
Who to contact and what process applies if a security concern is raised.
Evaluation close
At the end of an evaluation, the team should know what happens to the sample material. That includes source files, generated drafts, review comments, exports, and any notes created during the process.
Common questions
Yes. A team can review the workflow shape, security questions, and data-handling terms before uploading real board material.
Start with workspace access, reviewer links, support access, data flow, subprocessors, retention, deletion, exports, and who can request deletion.
Reviewer links are designed as limited access points. Expiry, revocation, replacement, activity records, and close-out should be part of the review plan.