Board Extranets

• What is a "board extranet"?
• What are the advantages of a board extranet?
• How are board extranets used?
• Can board committees use board extranets?
• Can directors communicate with each other through a board extranet?
• Does using board extranets mean the end of paper for board communications?

• Are board extranets secure?
• What non-technological steps can a company take to boost security of a board extranet?
• Does a company's information technology department need to be involved with a board extranet?

• How might board extranet use be implicated in litigation?
• Can wide access by employees to a board extranet cause concerns?

• Who develops board extranets?
• Who are the board extranet service providers?

What is a "board extranet"?

A secure Web site that can only be accessed by a select group of individuals-typically the directors, corporate secretary, and perhaps the general counsel. See more @ advantages of a board extranet.

In this context, "extranet" is just a term for a corporate intranet with very limited access if you consider outside directors to be employees.

What are the advantages of a board extranet?

It can facilitate communication all day, every day, at any time. See more @ director communication through board extranets.

A board extranet can offer much more than the typical hard-copy board package that is mailed to directors before a board meeting. Reasonably current information is available all the time and communications are not "one-way" - since directors may be permitted to post messages and communicate privately among themselves on an ongoing basis. See more @ how board extranets are used.

How are board extranets used?

There are diverse types of materials posted on board extranets.

Typically, companies post materials from the board book, meeting minutes and attendance, committee materials, and other corporate governance-related documents.

Although these materials tend to be text-based with basic graphics, companies can also post other forms of electronic documents, such as a photograph of a prototype of a new product or property, or powerpoint presentation. See more @ committee use of board extranets.

Can board committees use board extranets?

Yes. Committee materials can (and, as discussed below, often should) be kept separate from general board materials.

Just like directors, committee members can collaborate with one another between meetings and while traveling. This can be particularly useful for the audit committee, which has been tasked with additional responsibilities by the SEC and the stock markets. Regular communication among audit committee members appears vital to accomplishing their quarterly tasks on a timely basis.

Can directors communicate with each other through a board extranet?

If the extranet is built to include that functionality.

Once a company decides to develop a board extranet, probably one of the most controversial decisions is whether to allow directors to use it to communicate with each other - as opposed to simply using it as a means for conveying information from management to the directors.

Each company and board needs to determine whether to provide this option based on the company's unique security and legal concerns, as well as the needs of the directors. As a practical matter, some managers are not excited about the prospect of outside directors regularly discussing company business outside management's presence. For these companies, a struggle could occur between the board and senior management about whether to include this functionality.

Does using board extranets mean the end of paper for board communications?

Not really. Despite the high-tech nature of extranets, companies sometimes still need to deliver paper to provide information to directors.

For example, crucial sections of the board book normally are still handed out at board meetings. However, the amount of paper is dramatically reduced.

In addition, during the transition phase from paper to electronic board materials, companies typically provide directors with both formats, and then gradually move towards a "paperless" board. For extremely sensitive information, such as that relating to a potential merger, paper often is mailed rather than posted, particularly if the merger partner insists (although the security of a mailed package may be more questionable compared to an online one).

Are board extranets secure?

If built appropriately, they are at least as secure as traditional methods of communication.

When compared with companies that currently send materials by express mail, fax, and e-mail, a board extranet appears to be a less risky option. Express mail and faxes are prone to low-tech human intervention, and unencrypted e-mails are easily intercepted. In contrast, board extranets are behind nearly impenetrable firewalls. Of course, any communication with the board about confidential information involves risks. However, if strict security measures are taken, many of these risks can be drastically minimized through use of a board extranet.

What non-technological steps can a company take to boost security of a board extranet?

Limit access on a need-to-know basis.

As they should, most companies want to protect their extranet from outsiders (such as competitors), as well as from unauthorized company personnel. Specific security measures are dependent on the technology architecture built into the extranet. Some prudent measures include implementing security passwords, data encryption, and firewalls. End-to-end security should be maintained on all aspects of the extranet, including user access, message transmission, document archiving, and disposal of information.

Director education about the need to maintain security is critical. In particular, "tech-challenged" directors should be tutored on the use of the extranet so that they do not rely on third parties to communicate for them and become privy to information that is "for the director's eyes only."

Due to security concerns, the number of company employees with access to a board extranet should be limited. Typically, access is limited to the corporate secretary's office, general counsel, key senior executives, and the board. Each additional individual that is granted access may compromise the overall security of the system. See more @ legal risks of too many people with access.

Does a company's information technology department need to be involved with a board extranet?

Not necessarily. If the IT department is involved, this adds to the risk of a security breach. Third-party service providers can provide the technological support in a secure manner. See more @ board extranet service providers.

Although the IT department can provide valuable technical expertise, board needs traditionally are not an IT specialty. It is possible to create a seamless extranet that, once built, requires little or no involvement from the IT department. See more @ risks of too many employees with access to the extranet.

IT employees should not be used to conduct routine tasks, such as posting board materials. That job should remain with the corporate secretary or general counsel's office. When assistance of a technical nature is required, the responding IT employee should be monitored to ensure that the extranet remains seamless and the employee only has temporary access.

How might board extranet use be implicated in litigation?

One consideration is whether an extranet could be used against the company in litigation - since most electronic information is discoverable today, unless privilege or other exceptions apply.

For example, if directors are alleged to have breached their fiduciary duties, plaintiffs' attorneys could examine the past activities of the board on the extranet to determine whether directors bothered to download the information provided in an online board book. Plaintiffs challenging the due care exercised by the board (or by a special negotiating or special litigation committee) may seek discovery of all communications among directors via the extranet in order to show that the members did not deliberate fully.

Potentially making matters worse, when directors engage in extensive communication among themselves via an extranet, they may become too casual in their choice of words, and may create documents that could be used against the company in subsequent litigation.

For the most part, privilege and other legal considerations should not be materially different between the electronic world and the paper world. For example, just as in the paper world, if directors communicate among themselves via the extranet without involving the company's counsel, the communication probably will not be protected by the attorney-client privilege.

On the other hand, with an extranet, there may be less risk of inadvertently destroying documents; the system can be set to automatically retain documents and dispose of them in accordance with a company's document retention policy.

Source: An article on this topic is "E-Discovery: Managing Digital Data with a Smart Document Retention Policy," ACCA Docket, p. 19 (Oct. 2001).

Can wide access by employees to a board extranet cause concerns?

Yes, it may be used as evidence that the company breached its insider trading compliance code.

If a company allows too many employees to have access to the board extranet, this can be used as evidence of a breach of the company's compliance code. A general lack of proper security measures can be similarly damaging.

Thus, if a company has established a special negotiating committee or a special litigation committee, extra care should be taken to ensure that communications among the committee members are restricted to the committee's page on the extranet, and that no non-committee members have access to those communications. Otherwise, the independence of the committee may be questioned.

Who develops board extranets?

Unlike other new technologies for which companies tend to rely on service providers, early board extranet adopters relied on their own personnel for development and implementation. Now, service providers are making inroads. See more @ board extranet service providers.

The primary reason for some self-dependence in this area is that many companies had garnered experience when they built intranets - before the emergence of board extranet providers. Once a company successfully developed an intranet for itself, the logical extension was to keep this function in-house as it built a board extranet. See more @ how much do board extranets cost.

Who are the board extranet service providers?

These providers include: