Account Management
Easily add and/or remove users from the system, assign them as General Users or System Administrators and divide them into groups for easier meeting set-up and granting of access controls.
Security is a given with Convene
Convene provides robust security measures for user accounts, including multi-factor authentication, strong password policies, and audit trails. Users can also set security preferences to control access to documents and meetings, ensuring confidentiality and data protection.
Easily add and/or remove users from the system, assign them as General Users or System Administrators and divide them into groups for easier meeting set-up and granting of access controls.
Configure system settings, customise access rights and manage user accounts based on User Roles. Define and limit what meeting participants can do during Live Meetings and with the board material by assigning Meeting Roles.
Verify the identity of voters in Meetings and Resolutions on Convene through the use of additional authentication during the voting process.
Track application and Admin Portal activity such as logins, document access, meeting changes, profile updates, etc. System Administrators can also generate usage reports through Convene’s Audit Trail.
Offline logins to Convene are tracked and reported in the Convene Admin Portal.
Ensure account security with customised password policies and password expiration periods.
Specify a list of banned passwords to prevent users from using commonly used and vulnerable passwords for their Convene accounts.
Set session timeouts and limit sign-in retries to prevent unauthorised access to Convene.
Automatically notify users or System Administrators of an attempted breach in the case where an account has been locked due to an excessing number of invalid login attempts.
Convene offers document security features such as encryption, access controls, and watermarking to protect sensitive information. It also provides Digital Rights Management (DRM) capabilities, allowing administrators to manage document permissions and restrict unauthorised sharing or printing.
Prevent the copying of document content to other applications so as to minimise exposure of user data.
Limit who can view, download or edit individual files or folders in the Document Library.
Schedule the archival and/or disposal of documents after a certain time has lapsed to avoid unauthorised access of files in specific Meetings, Review Rooms or Resolutions.
Selectively add customisable watermarks to Meetings, Review Rooms and Resolutions documents to discourage misuse of sensitive material and to highlight key information such as author, version, and date created or produced.
Securely store and edit a freehand signature in Convene to easily sign documents and other meeting material. Automatically timestamp E-Signatures, recording the exact moment a document was signed.
Data stored on Convene is protected with multi-level encryption whether at rest or in transit.
DATA AT REST: AES 256-bit encryption
DATA IN TRANSIT: RSA 2048-bit Transport Layer Security (TLS)
Convene ensures device security by supporting remote wipe, enabling IT administrators to erase data from lost or stolen devices. The platform also provides end-to-end encryption for data transmitted between devices, ensuring that confidential information is secure and protected from interception.
When a user needs to access encrypted files on storage, only the needed parts are decrypted into memory
Remotely delete stored offline data downloaded to a device in case it is lost or stolen. Automatic purging of data can be set when users sign out of Convene or have been offline for a specific number of days, or when password guessing is detected.
In the case of lost or stolen devices, session timeouts render data inaccessible unless the device is re-authenticated.
Convene is able to detect whether a mobile device has been jailbroken or rooted and will not run on these devices. This reduces the risk of bypassing security measures and the exposure of sensitive information.
System Administrators can apply an additional layer of protection for the encryption keys used by the Convene App on specific untrusted devices (e.g. BYOD devices). These devices will require a persistent online connection to Convene to view documents.
Convene is masked when in the background, serving users with a generic screen. This prevents sensitive information or documents from being accidentally disclosed through everyday use (e.g. switching between applications).
Convene provides secure user authentication through multi-factor authentication (MFA) options such as One-Time Password (OTP) and biometric authentication. This helps prevent unauthorized access and ensures that only authorised users can access sensitive information and documents within the platform.
Convene only allows members with registered user accounts to log in to the system using their own unique password.
Do away with the inconvenience of typing login information with Touch ID or Face ID (iOS) or fingerprint scanning (Android) for mobile devices.
Through Active Directory (AD) integration, users no longer have to remember another set of credentials, while organisations can ensure that only registered users have access to Convene.
Eliminate the need to repeatedly type in passwords per login through a streamlined single sign-on process using SAML 2.0.
Receive and enter a one-time verification code—which is securely and instantly delivered — before logging in to Convene.
Selectively restrict access to Convene to previously registered devices and/or browsers.
Use the authenticator application of your choice to secure your Convene account.
Convene ensures cloud infrastructure and network security by employing industry-standard security measures such as firewalls, intrusion detection and prevention systems, and regular security audits. The platform also uses secure data centers with multiple layers of physical and environmental protection, ensuring that data is safe from unauthorized access, theft, or damage.
Convene has partnered up with the leading provider of cloud services in the industry, Amazon Web Services (AWS), to guarantee that client data is protected on all levels.
Each Convene client has its own single-tenanted environment—with its own set of data schemas that are protected with individual authentication credentials and completely unique keys—to ensure that the client’s data is separated from other organisations’. All client environments are protected by security firewalls, with only specific ports and addresses allowed.
With AWS Cloud Hosting, Convene is able to store client data on multiple availability zones. Each availability zone is composed of at least one data centre with independent power and internet sources to make certain that there is no single point of failure and to provide high availability and durability at all times.
The 24/7 Intrusion Detection System (IDS) monitors access logs for common malicious attack patterns and notifies the System Team of any suspicious activity.
The Convene cloud infrastructure is protected with an Intrusion Prevention System (IPS) that scans traffic and blocks any suspicious activity, including uploads containing malware. Uploaded files are automatically scanned by services provided by Trend Micro.
Daily automated backups are done to ensure data integrity, while unused or obsolete archives are destroyed and replaced to prevent unauthorised retrieval.
Convene has a robust security governance framework that includes policies, procedures, and guidelines for ensuring the security and privacy of customer data. The platform adheres to industry standards such as ISO 27001 and complies with data protection regulations such as GDPR. Convene's security governance framework also includes regular security assessments and audits to ensure that security controls are effective and up-to-date.
Documented security policies and procedures are in place to ensure the confidentiality, availability and integrity of the system.
Convene’s Security Team ensures staff compliance with security policies and procedures, protection of customer data and the regular review of the effectiveness of current security policies and procedures.
Convene’s data processing procedures are compliant with the GDPR and are overseen by a Data Protection Officer.
Customer data is automatically backed up daily to ensure system integrity.
Convene leverages AWS’ (Amazon Web Services) availability zones in its cloud infrastructure to restore services during disaster situations, ensuring high reliability and availability. These data backups are copied to another AWS location within the same region and remain encrypted. The data is stored using Amazon Web Services S3 (Simple Storage Service).
The Convene System Team conducts annual Disaster Recovery drills to test and improve the Disaster Recovery plan so that the Recovery Time Objectives (RTO) and Recovery Point Objective (RPO) are met.
Monitored 24/7, Convene’s detection mechanism alerts the Support Team to any incidents that are then forwarded to the System Team for immediate resolution. Users can also report any incidents via chat, email or phone.
The Convene infrastructure is regularly tested and scanned for vulnerabilities by the Convene System Team, and is subjected to external penetration testing by independent third parties. Customers may also request for a copy of the results or perform their own security testing and pass their findings to Convene.
Convene was designed, developed, and tested for vulnerabilities against the Open Web Application Security Project (OWASP) Top 10 and Common Vulnerabilities and Exposures program.
AWS performs regular vulnerability scans on the host operating system, web application and databases in the AWS environment. The AWS Security Teams subscribes to news feeds for applicable vendor flaws and proactively monitor the vendor’s website and other relevant outlets for new patches.
New staff members are required to undergo a security awareness training that discusses common security attacks, social engineering tactics, detection and prevention of attacks and procedures for reporting.
Convene developers and system engineers regularly undergo training so that they are updated on industry-standard security practices.
We have compiled the questions we get asked the most about our security features, but you can always contact us for more details or ask other security questions.
