Best practises for the use of Conceptboard in the context of operational compliance
Conceptboard is designed from the ground up to meet the requirements of operational compliance.
The three essential building blocks are data protection and GDPR compliance, data security, which ensures the integrity of the data, and the data sovereignty of the company or employer over the operational data.
This is ensured by the operation of one or more Conceptboard teams, controlled by the company using Conceptboard.
Each corporate team has a Named Seats license contingent or a Campus license with unlimited user accounts. The team is built by allocating these license seats to new Conceptboard users.
In rare cases, professional teams may occasionally work with free users of the same organisation without realising it. These free (private) users should be included in the corporate team, as this is the only way that the entire team and all the user accounts within it can be managed professionally in the interests of the company and in accordance with internal IT or compliance guidelines.
Read more here.
The user accounts, all data in them as well as the administration rights over the accounts assigned to the team legally belong to the company or institution.
Hence, the entire team, as well as all user accounts within it, can then be managed professionally and in accordance with internal IT or compliance guidelines in the interests of the company.
The following steps can help customise Conceptboard for the needs of your organisation:
Checklist - collaborate as a team successfully and securely:
Ensure that all employees are part of the team
Regulate board access for non-team members
Review privacy settings
Set up single sign-on (if available)
1. Build the team
There are free user accounts (Free User) for private use of Conceptboard as well as professional user accounts (Teams) suitable for operational use. As a first step, the responsible parties/admins should ensure that all operational collaboration with Conceptboard takes place within operationally managed teams.
This ensures that the organization has access to and sovereignty over the user content created as well as the accounts used and that no data is in the private sovereignty of the users.
This can also be the case if users have registered free, i.e. non-commercial, user accounts with a company email address. The decisive factor here is often the company's internal guideline or policy. Further details can be found here.
Free users can act as "registered guests" in professional teams and also share content with professional users without it being visible at first glance whether the user is formally part of the team or not - therefore it is important to include all users with company email address in the professional team. If this is not possible or intended, please refer to the next point "Regulate board access for non-team members".
If you have any questions, our Customer Success Team will be happy to help: email@example.com
These steps help identify the Free Users in the collaboration environment:
Individual users can identify collaboration partners who are not part of their team on an individual level. The "My Contacts" page clearly lists who of the current participants on the user's boards is part of the team and who is not. This allows for individual evaluation of whether non-team contacts are legitimate and safe.
On a global level, your Conceptboard Customer Success Manager will help you identify users of your organization on our platform who are not part of your professional team and advise you on how to proceed.
Details about the set up of the team and how to add free users to the team can be found here:
Our Customer Success Team will be happy to assist you with any questions or concerns you may have. Contact us at firstname.lastname@example.org
2. Define global access rights
Global settings by the admins ensure that binding access settings that cannot be overwritten by the user apply to all team members and their new boards.
These allow the team as well as the content of the users to be completely sealed off from third-party access, to allow this in a restricted manner and exclusively with a password, or to leave this to the individual user in each case and to only make default settings that can be overwritten by the user → Board Access Management
You can find more information about the settings here:
When the global option "Non-team members can be invited to all boards" is selected, defaults can be set at the individual board level, each of which can be overridden by the individual user.
You can find more about this in our Helpcenter:
3. Check privacy settings (for EU GDPR only)
Conceptboard enables secure and fully GDPR compliant use. Please review and disable optional third-party services as needed.
The globally available Public SaaS version of Conceptboard, accessible via the website Conceptboard.com or app.conceptboard.com by Self Sign Up followed by Log In, is fully GDPR compliant without the use of optional third-party services.
Optional sub-service providers are the web conferencing tool Tokbox, Aspose for file conversion, and Zendesk as a help and ticket tool integrated into the app.
Due to the requirements of German institutions and companies in particular, these are optional and can be deactivated for secure DSGVO-compliant operation.
Please check the settings in the Team Settings. The sliders in the image here are ON. For GDPR compliant operation, these must be "grayed out" - i.e. off.
Important: Please do not forget to save the changes.
4. Set up Single Sign-On (SSO)
Easier Log in without password
With the use of Conceptboard SSO, users no longer have to use a separate password for their Conceptboard account.
Also, by avoiding password log ins, the sign up and log in process is easier.
Improved access control
The uniqueness of the log-in is ensured by any multi-factor authentication and log-ins become traceable.
The possible sharing or joint use of professional accounts through shared access data is prevented. This should be urgently avoided when using Conceptboard. (IT-side master admin accounts can be an exception here under certain circumstances).
Simplification of user licensing
The possibility of automated (just in time) provisioning of user accounts depending on defined criteria or AD groups also offers organizational advantages and leaner processes. In addition, as soon as an employee leaves the company and is removed from the Active Directory, the access to their account is immediately revoked and they cannot continue to log in with their password, as would be possible without SSO. Access to sensitive information is thus immediately prevented without the admin having to change this manually.
The SSO with user-defined subdomain is available starting with the business plan. We will be happy to assist you with the setup. Contact under: email@example.com
5. Set up custom privacy link
Teams have the ability to notify their employees and external collaboration partners of their own usage rules and organizational measures.
This avoids the need for time-consuming consent documentation, as consent is a mandatory checkmark when clicking on an active link in order to complete the sign-up process..
Create URL with own notes
Insert link in Team Settings & save changes
All guests acknowledge the notes to work together on the boards
You can get more information about the details of the function here:
Frequently asked questions
Our Customer Success Team will be happy to help you further: firstname.lastname@example.org