Features

Security

Security is a given with Convene

User Accounts and Security Preferences

Convene provides robust security measures for user accounts, including multi-factor authentication, strong password policies, and audit trails. Users can also set security preferences to control access to documents and meetings, ensuring confidentiality and data protection.

User Accounts and Security Preferences
account-management-feature

Account Management

Easily add and/or remove users from the system, assign them as General Users or System Administrators and divide them into groups for easier meeting set-up and granting of access controls.

role-based-access-control-feature

Role Based Access Control

Configure system settings, customise access rights and manage user accounts based on User Roles. Define and limit what meeting participants can do during Live Meetings and with the board material by assigning Meeting Roles.

authenticated-voting-feature

Authenticated Voting

Verify the identity of voters in Meetings and Resolutions on Convene through the use of additional authentication during the voting process.

user-logs-and-activities-feature

User Logs & Activities

Track application and Admin Portal activity such as logins, document access, meeting changes, profile updates, etc. System Administrators can also generate usage reports through Convene’s Audit Trail.

offline-logins-feature

Offline Logins

Offline logins to Convene are tracked and reported in the Convene Admin Portal.

password-policies-feature_330

Password Policies

Ensure account security with customised password policies and password expiration periods.

password-blacklist-feature

Password Blacklist

Specify a list of banned passwords to prevent users from using commonly used and vulnerable passwords for their Convene accounts.

session-timeout-and-sign-in-retries-feature

Session Timeout and Sign-in Retries

Set session timeouts and limit sign-in retries to prevent unauthorised access to Convene.

automated-security-alerts-feature

Automated Security Alerts

Automatically notify users or System Administrators of an attempted breach in the case where an account has been locked due to an excessing number of invalid login attempts.

Document Security & Digital Rights Management (DRM)

Convene offers document security features such as encryption, access controls, and watermarking to protect sensitive information. It also provides Digital Rights Management (DRM) capabilities, allowing administrators to manage document permissions and restrict unauthorised sharing or printing.

Rights management
copy-restrictions-feature

Copy Restrictions

Prevent the copying of document content to other applications so as to minimise exposure of user data.

document-access-feature

Document Access

Limit who can view, download or edit individual files or folders in the Document Library.

scheduled-archival-and-disposal-feature

Scheduled Archival and Disposal

Schedule the archival and/or disposal of documents after a certain time has lapsed to avoid unauthorised access of files in specific Meetings, Review Rooms or Resolutions.

watermarks-feature

Watermarks

Selectively add customisable watermarks to Meetings, Review Rooms and Resolutions documents to discourage misuse of sensitive material and to highlight key information such as author, version, and date created or produced.

secure-document-signing-feature

Secure Document Signing

Securely store and edit a freehand signature in Convene to easily sign documents and other meeting material.  Automatically timestamp E-Signatures, recording the exact moment a document was signed.

multi-level-encryption-feature

Multi Level Encryption

Data stored on Convene is protected with multi-level encryption whether at rest or in transit.

DATA AT REST: AES 256-bit encryption
DATA IN TRANSIT: RSA 2048-bit Transport Layer Security (TLS)

Device Security

Convene ensures device security by supporting remote wipe, enabling IT administrators to erase data from lost or stolen devices. The platform also provides end-to-end encryption for data transmitted between devices, ensuring that confidential information is secure and protected from interception.

Device security
on-the-fly-decryption-model-feature_330

On-the-Fly Decryption Model

When a user needs to access encrypted files on storage, only the needed parts are decrypted into memory

remote-wipe-auto-purge-feature

Remote Data Wipe & Automatic Purge

Remotely delete stored offline data downloaded to a device in case it is lost or stolen. Automatic purging of data can be set when users sign out of Convene or have been offline for a specific number of days, or when password guessing is detected.

re-authentication-feature_330

Re-Authentication

In the case of lost or stolen devices, session timeouts render data inaccessible unless the device is re-authenticated.

jailbreak-and-root-detection-feature

Jailbreak and Root Detection

Convene is able to detect whether a mobile device has been jailbroken or rooted and will not run on these devices. This reduces the risk of bypassing security measures and the exposure of sensitive information.

additional-protection-of-encryption-keys-feature

Additional Protection of Encryption Keys

System Administrators can apply an additional layer of protection for the encryption keys used by the Convene App on specific untrusted devices (e.g. BYOD devices). These devices will require a persistent online connection to Convene to view documents.

application-masking-feature

Application Masking

Convene is masked when in the background, serving users with a generic screen. This prevents sensitive information or documents from being accidentally disclosed through everyday use (e.g. switching between applications).

Secure User Authentication

Convene provides secure user authentication through multi-factor authentication (MFA) options such as One-Time Password (OTP) and biometric authentication. This helps prevent unauthorized access and ensures that only authorised users can access sensitive information and documents within the platform.

Secure user authentication
user-id-and-password-feature

User ID & Password

Convene only allows members with registered user accounts to log in to the system using their own unique password.

biometric-authentication

Biometric Authentication

Do away with the inconvenience of typing login information with Touch ID or Face ID (iOS) or fingerprint scanning (Android) for mobile devices.

active-directory-integration-feature

Active Directory Integration

Through Active Directory (AD) integration, users no longer have to remember another set of credentials, while organisations can ensure that only registered users have access to Convene.

single-sign-on

Single Sign-On

Eliminate the need to repeatedly type in passwords per login through a streamlined single sign-on process using SAML 2.0. 

sms-one-time-pin-feature

SMS One-Time Pin

Receive and enter a one-time verification code—which is securely and instantly delivered — before logging in to Convene.

device-registration-feature

Device Registration

Selectively restrict access to Convene to previously registered devices and/or browsers.

time-based-one-time-password-feature

Time-Based One-Time Password

Use the authenticator application of your choice to secure your Convene account.

Cloud Infrastructure & Network Security

Convene ensures cloud infrastructure and network security by employing industry-standard security measures such as firewalls, intrusion detection and prevention systems, and regular security audits. The platform also uses secure data centers with multiple layers of physical and environmental protection, ensuring that data is safe from unauthorized access, theft, or damage.

Cloud Infrastructure and Network Security
enterprise-grade-cloud-hosting-feature

Enterprise-Grade Cloud Hosting

Convene has partnered up with the leading provider of cloud services in the industry, Amazon Web Services (AWS), to guarantee that client data is protected on all levels. 

amazon-web-services-feature

Amazon Web Services

 

cloud-data-segregation-feature

Cloud Data Segregation

Each Convene client has its own single-tenanted environment—with its own set of data schemas that are protected with individual authentication credentials and completely unique keys—to ensure that the client’s data is separated from other organisations’. All client environments are protected by security firewalls, with only specific ports and addresses allowed.

cloud-data-availability-feature

Cloud Data Availability

With AWS Cloud Hosting, Convene is able to store client data on multiple availability zones. Each availability zone is composed of at least one data centre with independent power and internet sources to make certain that there is no single point of failure and to provide high availability and durability at all times.

24_7-instrusion-detection-system-feature

24/7 Instrusion Detection System 

The 24/7 Intrusion Detection System (IDS) monitors access logs for common malicious attack patterns and notifies the System Team of any suspicious activity.

24_7-instrusion-prevention-system-feature

24/7 Intrusion Prevention System

The Convene cloud infrastructure is protected with an Intrusion Prevention System (IPS) that scans traffic and blocks any suspicious activity, including uploads containing malware. Uploaded files are automatically scanned by services provided by Trend Micro.

backup-and-recovery-feature

Backup and Recovery

Daily automated backups are done to ensure data integrity, while unused or obsolete archives are destroyed and replaced to prevent unauthorised retrieval.

Security Governance

Convene has a robust security governance framework that includes policies, procedures, and guidelines for ensuring the security and privacy of customer data. The platform adheres to industry standards such as ISO 27001 and complies with data protection regulations such as GDPR. Convene's security governance framework also includes regular security assessments and audits to ensure that security controls are effective and up-to-date.

Governance
defined-security-policies-feature

Defined Security Policies

Documented security policies and procedures are in place to ensure the confidentiality, availability and integrity of the system.

designated-security-team-feature

Designated Security Team

Convene’s Security Team ensures staff compliance with security policies and procedures, protection of customer data and the regular review of the effectiveness of current security policies and procedures.

data-processing-feature

Data Processing

Convene’s data processing procedures are compliant with the GDPR and are overseen by a Data Protection Officer.

daily-automated-backups-feature

Daily Automated Backups

Customer data is automatically backed up daily to ensure system integrity.

availability-zones-and-data-redundancy-feature

Availability Zones and Data Redundancy

Convene leverages AWS’ (Amazon Web Services) availability zones in its cloud infrastructure to restore services during disaster situations, ensuring high reliability and availability. These data backups are copied to another AWS location within the same region and remain encrypted. The data is stored using Amazon Web Services S3 (Simple Storage Service).

disaster-recovery-feature

Disaster Recovery

The Convene System Team conducts annual Disaster Recovery drills to test and improve the Disaster Recovery plan so that the Recovery Time Objectives (RTO) and Recovery Point Objective (RPO) are met.

incident-management-feature

Incident Management

Monitored 24/7, Convene’s detection mechanism alerts the Support Team to any incidents that are then forwarded to the System Team for immediate resolution. Users can also report any incidents via chat, email or phone.

internal-security_external-penetration-test_330

Internal Security Testing and External Penetration Testing

The Convene infrastructure is regularly tested and scanned for vulnerabilities by the Convene System Team, and is subjected to external penetration testing by independent third parties. Customers may also request for a copy of the results or perform their own security testing and pass their findings to Convene.

application-development-feature

Application Development

Convene was designed, developed, and tested for vulnerabilities against the Open Web Application Security Project (OWASP) Top 10 and Common Vulnerabilities and Exposures program.

aws-vulnerability-scans-feature

AWS Vulnerability Scans

AWS performs regular vulnerability scans on the host operating system, web application and databases in the AWS environment. The AWS Security Teams subscribes to news feeds for applicable vendor flaws and proactively monitor the vendor’s website and other relevant outlets for new patches.

security-awareness-training-feature

Security Awareness Training

New staff members are required to undergo a security awareness training that discusses common security attacks, social engineering tactics, detection and prevention of attacks and procedures for reporting.

role-specific-security-training-feature

Role-Specific Security Training

Convene developers and system engineers regularly undergo training so that they are updated on industry-standard security practices.

Security FAQs

We have compiled the questions we get asked the most about our security features, but you can always contact us for more details or ask other security questions.

Try Convene

security-faqs-330

 

Is my data encrypted?

Your data is always encrypted whether it is on the cloud, on your device, or somewhere in between. We encrypt data to a standard called AES256. This is the highest level of encryption available and would take the fastest supercomputer several billion years to crack

Do you allow penetration testing?

Yes. As an existing or potential Convene customer you can arrange for a penetration test of both your portal site and the application with your own security consultants. We just need 48 hours notice to inform AWS that a test is going to take place, this is part of our contract with them.

We also have our own penetration test carried out by a company of ethical hackers at least once a year. In combination with our customer tests, this means we review the results of security tests at least once a month. Your security is our priority. 

What happens to the documents if someone loses their device or has it stolen?

You can remotely wipe documents from Convene from the system admin menu. You do not need to purchase any additional software for this to work and it does not depend upon the operating software of the device. Convene also contains offline hacking protection to prevent unauthorised access to the data - even when the device is offline.

Can I use biometrics to log on to Convene?

Yes, you can. Convene supports devices with fingerprint recognition as a way of logging on to the application. You can also choose to use other forms of two factor authentication with Convene.

How can I keep track of who has accessed our data?

Convene comes with a full audit trail that is available for viewing or exporting from the system administrator console. Convene is designed to allow only those who are invited to meetings or organising meetings to see meeting documents. Even though the system administrator can see an audit trail of all of the meetings, they cannot access any of the documents.

Can I set the user passwords to meet my corporate standards?

Yes, you can. As we developed Convene we have added multiple options for password creation that were requested by our customers. We are pretty sure that we will have a combination that will match your corporate password! If not, no problem, just ask us and we will add it to the product.

We also offer ADFS connectors which allow you to log into Convene with the same user-name and password that you use to login to your Office 365 account or corporate email.

Do you comply with any security standards?

Yes, we do. Our processes have been accredited to ISO27001 SOC 2, for our cloud hosting we use Amazon Web Services (AWS).  AWS has a complete range of certifications relating to country specific security including ISO27001, ISO 9001, C5, Cyber Essentials Plus, SOC 1-3, and more. 

We can also set up Convene on-premise if necessary to serve your organisation's data compliance and security procedures.

Azeus Convene is also certified by the UK Government's National Cyber Security Centre. This is a Government-backed scheme that certifies that Azeus Convene's organisational data is safe against a wide range of the most common cyber attacks.

Take a look at Convene Comments...

Try Convene today!

Fill out the form to start a Free Trial of the Convene Board Portal.

Try Convene

Convene devices