Compliant and secure online meetings with Sherpany

Security is a primary human concern. As individuals we view security as a basic human necessity, and therefore it is logical that companies feel a particular obligation to protect both themselves and their employees. As a result, this requirement goes in all conceivable directions and has very specific economic impacts.

With advancing digitalisation, organisations have increasingly adopted  cloud computing services and much of knowledge work is undertaken in virtual environments. This has shifted the need for security into a new dimension: Compliance and data security are vital to business continuity and therefore have real economic implications for companies.

This should, therefore, be front of mind for leaders when selecting digital solutions and software. For financial institutions and companies with strict compliance guidelines, this is especially salient - and security as a selection criteria even ranks before an easy-to-use user interface. This is because the potential dangers are significant and many.​ For example, the US Clarifying Lawful Overseas Use of Data (CLOUD) Act poses a threat to sensitive data, and data leaks (so-called "bugs") form a breeding ground for hacker attacks. 

Sherpany ensures comprehensive compliance and data protection. Our meeting management software meets the highest security standards, as evidenced by our numerous certifications. In fact, data security is a major component of the high level of trust that customers place in Sherpany.

In this article, we take a deeper look at data security and compliance. A comprehensive picture emerges of the extent to which Sherpany software complies, is certified and provides security against hacking and data leakage.

Meeting security and compliance

Here we briefly illustrate the role of secure executive meetings and secure data. We also present measures to ensure more security for virtual meetings in particular.

The importance of data security and compliance in meetings

Meetings represent a considerable proportion of the time we spend working each day. For example, a study conducted by Augsburg University of Applied Sciences in 2018 found that 44.6% of respondents spend between 25% and 50% of their working time in meetings.¹ This data comes from the time before the pandemic, which has once again significantly increased the number of online meetings in particular.

Security and compliance requirements have often suffered as a result of the hasty implementation of conferencing tools, board portals, and other software solutions. However, security breakdowns and "bugs" (programme and software errors) can not only lead to successful hacker attacks and "leaked" data, but can also have serious economic and legal consequences for organisations. 

Meetings - especially in highly regulated sectors such as banking - are often bound by strict compliance rules. The higher the importance of a meeting, the more attention that has to be paid both to laws and internal rules and guidelines. Ensuring legal compliance and appropriate employee behaviour helps to mitigate legal risks and  also help secure possible competitive advantages.³ 

Data protection and data security: what's behind it

The terms ‘data protection’ and ‘data security’ are often used synonymously, but there are some key differences. For example, the former is exclusively about personal data, and is largely associated with the EU General Data Protection Regulation (GDPR) adopted in 2018, while data security means the protection of data in broader and more technical terms.

Therefore, data security has a higher target set, namely the storage of data in general, whereas the more specific data protection starts earlier in the process (before the data is even available) and aims at protecting the rights of individuals.⁴

In other words, to guarantee comprehensive protection and meet compliance criteria, organisations need to focus on data security. For a software solution like Sherpany, this results in the requirement to exercise care and due diligence at all levels.

Tips for secure online meetings 

Before considering Sherpany's specific security and compliance standards and certifications, it is important to provide some general, problem-based tips for secure online meetings. 

Place a high value on data protection

In meetings and video conferences, compliance with applicable data protection regulations should be a key consideration. The EU General Data Protection Regulation (GDPR), which guarantees the protection of personal data, is one example. In addition, tools and software solutions should be unaffected by the US CLOUD Act. The latter is a very common security risk from a data protection perspective. What many do not know: According to the US CLOUD Act, the American authorities may access data stored abroad by US companies. It does not matter where their server is located. As a result, it is important to ensure that any meeting management solution isn’t affected by this law in order to guarantee the privacy of all data stored on its servers. After all, meetings are sometimes used to share very sensitive and confidential information that is only intended for very specific circles.

Build in encryption

For secure online meetings, it is advisable to use encryption. With end-to-end encryption, it is impossible for third parties to listen in. In this case, video, audio, and text are sent between the participants in encoded form, and decryption only takes place again on the end devices. 

Use control functions

Meeting organisers and meeting leads should actively take control. It is advantageous in terms of data security if it is possible to set specific levels of control for those who are participating in each respective meeting. For example, in many video calling solutions, a "waiting room" can be utilised from which participants enter the meeting. In addition, it is possible to protect meetings with passwords so that no unauthorised parties can enter unnoticed. 

Only share content and data deliberately

Both on the screen itself and in the background, everyone should only make visible what is intended for others. For example, during a presentation, only a specific application can be shared instead of the entire screen. It is also advisable to keep other open tabs and confidential messages hidden. The same applies to the background: especially in office environments, there are often records, notes, and working papers that are only intended for very specific people or are even private.

Compliance and data security at Sherpany: Meeting all the necessary requirements

Sherpany’s software solution is designed to ensure data security and compliance. We are proud to hold numerous industry-standard certifications, and provide compliance and security measures that prove our sharp focus on the broader subject of data security and compliance. 

Here are the independent security and compliance certifications that Sherpany holds: 

FINMA

The FINMA outsourcing certification is an important compliance standard for Swiss banks and insurers. FINMA is Switzerland's independent financial market regulator, tasked with protecting creditors, investors, and policyholders alike. As the regulations of international financial markets are similar, this certification can also be applicable for financial market companies outside of Switzerland. FINMA and other European supervisory authorities regularly demonstrate that Sherpany maintains a high standard of compliance. 

BaFin

Sherpany also holds the BaFin outsourcing certification, which is approved by the auditing firm BDO. This is the German equivalent of FINMA certification. It covers the specific needs of banks and insurance companies operating in Germany. 

Sherpany meets the control objectives of the independent auditor. General risk management, such as data management and data quality, play just as much a role here as the risk controlling or compliance functions. 

ISO 27001

Swiss Safety Centre AG issues this certification for Sherpany. It is an international standardisation protocol based on basic IT protection and certifies that we have established a management system to guarantee the security of data in our software solution. This is for meeting  high security standards in the development, maintenance, and daily operation of the software. This certification demonstrates that Sherpany follows best practices in data security. In addition, the independent and expert review guarantees that proven international procedures are used to keep information secure. 

ISAE 3000 

This certification comes from the auditing firm BDO, which has independently approved our meeting management software in accordance with this standard. The international assurance standard ISAE 3000 serves to provide sufficient security, especially in technical matters.⁵ It is of great importance for the auditing of service providers and has a broad scope of applications.⁶ ISAE 3000 certifies that Sherpany has a functional internal control system and a high level of security in data processing and technical infrastructure.

Compliance with the EU General Data Protection Regulation (GDPR)

Compliance with the EU GDPR as well as local data protection and secrecy laws are part of Sherpany's daily business. As a Swiss company, with numerous clients from highly regulated industries, we fulfil a special responsibility. As a result, Sherpany has now become a compliance specialist and has numerous tools at its disposal to meet the high demands effectively and efficiently. For example, clients appreciate the secure and compliant storage of confidential documents.

Bug bounty tests

This is a truly unique measure. Since 2021, Sherpany has tasked up to a hundred ethical hackers for three weeks, on behalf of Bug Bounty Switzerland, to find a critical security hole in our software solution - without success. With prize money of up to 15,000 Swiss francs, the stakes were high. This test proves that Sherpany is well-protected against cyberattacks. What's more: the test at the time has since become a continuous programme, so that our users can be sure of a permanently high level of security. 

A holistic approach to security 

In general, Sherpany puts a great deal of effort into ensuring that our meeting management solution meets stringent data security and compliance standards. 

In line with this, we have implemented the following measures:

• Two-factor authentication: In order to keep the risk of unauthorised access low, a second factor is required in addition to a user’s password when logging in. This is either an SMS sent to an authorised phone number or a generated token in the Futurae app.
• Strong passwords and protection against unauthorised log-in: While the two-factor authentication already brings considerable advantages, we have taken further measures in the pursuit of high levels of security. These include, the forced selection of a strong password, protection against brute force attacks (attempts to crack a password), the monitoring of suspicious log-in activities, and encryption of user data.
• Audit trail: The software automatically logs all files and user activities and organises them so that they are subsequently available to administrators, security officers, or even other roles - whether internal or external. This concept supports the dual control principle and therefore bolsters security and compliance.
• Secure data exchange thanks to encryption: After secure login, users can easily upload files while the Sherpany software optimises data security and performance. An important factor here is SSL-TLS-256 encryption. This means that customer data is encrypted during transfers as well as on the end device used and at rest. In addition, Sherpany automatically creates daily backup copies so that data can be restored quickly. 
• Secure and platform-independent access: Numerous user interfaces are available for Sherpany, all of which enable secure access. For example, in addition to browser access, there are also native apps which are optimised for the respective devices. They have a high focus on security and protect the stored information through numerous encryptions. 
• The Sherpany Cloud: In the Sherpany Cloud, data is subject to strict and logical separation, and restrictive rights allocation. In addition, each file is encrypted using military methods and an individual path. This highly secure solution means that access to tokens, passwords and certificates is effectively controlled. 
• Backup and recovery: Our hardware is resistant to equipment failures. Furthermore, thanks to two redundant and geographically independent computing locations, we are able to compensate for an entire data centre without downtime. In addition to this, we backup our data daily and can restore it at any time. Backups are encrypted and stored in a secure environment.

As is evident, security and compliance play a central role for our meeting management software. Far from being mandatory, these aspects are essential components of Sherpany's identity. In fact, comprehensive data security is a key factor in numerous customers’ decisions to use our software solution and services. 

Therefore, the process of fulfilling comprehensive security and compliance begins in the development stage: Highly qualified programmers with a strong understanding of security have a keen eye on the entire process. This means that potential vulnerabilities and gaps are eliminated at an early stage. This is followed by constant tests, strict controls, and numerous training sessions. 

Conclusion: Data security and compliance as essential features

Socially, politically, and economically, security is often a trade-off between factors such as freedom, opportunity, and opportunity costs. For our software, this question does not arise as security is a criteria that brings benefits for users and should be fulfilled without question.

As meetings play a significant role in the business life and decision-making of an organisation, every participant must feel the certainty that the information shared is secure and controllable and will not be disclosed to third parties under any circumstances. As such, Sherpany has become synonymous with security. 

Users can fully trust the security and compliance of our meeting management software. This is proven not only by numerous certifications and measures, but also by daily efforts to protect data and sensitive information.

Security is a comprehensive process: It begins with software development and is continually renewed. As a result, users can also take some measures of their own to hold secure online meetings and in-person exchanges, too. After all, security is not an end in itself, but a continuous process. 

¹ "Survey: What percentage of your working time do you spend in meetings?", Statista, 2018.

² "Time killer meetings: the sad facts - and best tips", Kununu, 2018.

³ "Compliance: definition and importance for companies", Haufe, Ann-Kathrin Birker, 2021.

⁴ "Data security: measures for the protection of data", Datenschutz.org, 2022.

⁵ "The IAASB publishes non-binding guidelines on the application of ISAE 3000", BDO Germany, Markus Keil, 2021. 

⁶ "IT provider audits according to ISAE 3000 and ISAE 3402", Swiss IT Magazine, Peter R. Bitterli, 2020. 

Tobias Kortas

About the author

Tobias is an experienced writer who loves creating valuable content. His journalistic background allows him a deep focus on topics such as meeting management, digital transformation and agile leadership.