Diligent

Blog

January 8, 2025
6 min read

NIS2 Directive: 5 Key takeaways

The NIS2 Directive came into force in January 2023, and member states were tasked with implementing NIS2 into national law by October 2024. Although there have been some delays in national laws, NIS2 is not going away. An estimated 160,000 companies plus their supply chain ecosystems will be impacted across the EU. As someone who has been deeply involved with the NIS2 Directive, data protection and compliance more generally, I've seen first-hand how the NIS2 Directive has the potential to transform cyber-resilience management across Europe and countries that fall under its extraterritorial application. The need for enhanced governance and accountability, implementation of robust risk-management, cybersecurity measures and improved supply chain security has never been clearer. In this article, I want to go beyond the surface-level NIS2 discussions that fill our feeds. I will share a real-world perspective on what the Directive means for EU organisations and those serving the European market. This Directive is not just about meeting new requirements. It demands a strategic evaluation of how we approach cyber risks across the eighteen applicable high-criticality and other critical sectors, and their supply chains, including those not established within the EU. We will explore my five key takeaways of NIS2, their significance for your organisation and how you can effectively address the challenges they present. 1. Strengthen governance and accountability in cybersecurity at the leadership level The NIS2 Directive establishes clear responsibilities for senior management to ensure compliance with cybersecurity measures and reporting: Key steps Active governance and accountability by leadership: Management bodies are assigned an active role. They will have the responsibility to approve the cybersecurity risk-management measures taken by their organisations and to oversee their implementation. Continuous assessment: There is a need for continuous evaluation and updating of cybersecurity strategies to respond to new threats. Severe penalties for non-compliance: Failure to comply with this Directive can lead to significant consequences, including: Fines of up to €10million or a maximum of 2% of global turnover for essential entities. Fines of up to €7million or 1.4% of global turnover for important entities. Being forced to notify customers or service recipients about the nature and severity of the risk due to compliance failings. Temporary prohibition of key figures like CEOs or legal representatives from exercising managerial functions. Beyond the financial penalties, non-compliance can lead to a loss of reputation for the organisation, resulting in reduced market penetration and negative media attention. If regulators report non-compliance, the associated negative media coverage can further damage the organisation's reputation. Nils Müller, Partner, Privacy, Cyber & Tech at Eversheds Sutherland, emphasises the impact of NIS2’s requirements: As a by-product of this, there is a real opportunity to weave cybersecurity into the fabric of your company’s operations: Integrating cybersecurity at leadership level will help align the function with broader business goals, fostering a culture of security awareness. This is essential for ensuring your organisation reduces cyber incidents effectively while supporting business continuity and resilience. 2. Implement effective, up-to-date and proportionate cybersecurity measures Under the NIS2 Directive, organisations must now implement minimum cybersecurity measures while considering the state-of-the-art. Key steps Cybersecurity measures: Entities must take appropriate and proportionate technical, operational and organisational measures to manage the risks posed to the security of network and information systems, with reference to relevant European and international standards. Cost-effectiveness and risk alignment: They need to do so with reference to relevant European and international standards, the cost of implementation, and the level of security proportionate to the risks posed. Comprehensive requirements: Entities are mandated to consider 10 requirements outlined in Article 21, which include risk analysis, incident response, business continuity, cybersecurity training, cryptography, and multi-factor authentication. Nils recommends mapping a control library to these measures: Steps for compliance 1. Classification assessment: Organisations must first determine if they qualify as essential or important entities by conducting a thorough assessment. This involves analysing sector involvement, staff numbers, financial thresholds, and group structures. 2. Sector inclusion: It's crucial to understand the broad scope of sectors included under NIS2. For example, entities in the digital infrastructure sector with more than 50 employees may be classified as important entities, regardless of financial metrics. As a high-level guide: Important entities: These are medium-sized enterprises with at least 50 employees, and either a EUR 10 million annual turnover or a EUR 10 million balance sheet total. They should expect reactive monitoring and periodic audits. Essential entities: These are large enterprises with more than 250 employees and either EUR 50 million in annual turnover or a EUR 43 million balance sheet. The regulatory authorities will proactively monitor these sectors of high criticality. Whether you are an essential or important entity, meeting the requirement for cost-effective, state-of-the-art cybersecurity measures is a complex but vital process. Beyond ensuring the handling and prevention of security incidents, adhering to this regulation will help your organisation use innovative security practices in everyday operations. This will directly and positively impact long-term business continuity and resilience. 3. Strengthen supply chain security by ensuring all partners meet high cybersecurity standards Supply chain security is a huge challenge for the ecosystem. There is growing cyber inequity between organisations that are cyber resilient and those that are not. Large highly regulated organisations have demonstrated gains in cyber resilience, but the same is often not true for smaller less regulated organisations. This means that smaller organisations are increasingly unable to prevent critical operational disruption from a cyber incident, often incur larger financial loss when seeking to recover, and find compliance with customer contractual obligations very difficult. The result is targeted attacks on the supply chain, which often have less mature cybersecurity risk management and attack response measures. Bad actors then use this access to target larger entities that rely on these suppliers for products or services. Addressing cybersecurity weaknesses within supply chains is a crucial mandate under the NIS2 Directive. This pain point of supply chain due diligence will only increase as large organisations contractually impose NIS2 onto their direct supply chains. So, how can your organisation proactively approach this challenge? Key steps Contractual commitments: Direct suppliers or service providers should ready themselves for these contractual obligations. Essential and important entities should ensure they have adequate contractual terms and conditions in place to help the entity with compliance. A good example would be adherence to new breach notification requirements and reporting. Comprehensive strategy: Essential and important entities should enhance their current supply chain programs to ensure compliance with the Directive and ensure their supply chain can achieve and demonstrate their own compliance. Nick Frost, Co-founder and Chief Product Officer at Cyber Risk Management Group, reminds us, "Securing the supply chain is probably one of the biggest challenges organisations and security functions face.” But if we look to find a positive with the impact of NIS2; by embedding cybersecurity standards into supply chain contracts, you ensure consistent security practices, mitigate vulnerabilities, and reduce cyber incident disruptions. Ultimately, a proactive approach to the NIS2 Directive will strengthen your reputation and customer trust, positioning your organisation as a leader in cybersecurity diligence. 4. Ensure timely and effective reporting for significant cybersecurity incidents Your organisation’s role in managing cybersecurity incidents takes on a new level of urgency and importance under the NIS2 Directive. As an essential or important entity, you must now follow stringent reporting obligations when a significant cybersecurity incident is detected: Key steps Immediate early warning: Within 24 hours of detecting a significant incident, you must issue an early warning to your government’s Computer Security Information Response Team (CSIRT) or the competent authority. This initial alert is crucial as it sets the stage for a coordinated response. Detailed incident notification: Follow up the early warning with a detailed incident notification within 72 hours. This step goes beyond mere compliance; it involves providing a clear and comprehensive overview of the incident to aid authorities in understanding and effectively responding to the situation. Ongoing communication: Your responsibility doesn’t end with these initial notifications. Continue to provide updates as requested by the CSIRT or competent authority, keeping them fully informed as the situation evolves. Final report: Within 30 days, a final report is due. This report should not only recap the incident but also offer insights and recommendations to prevent future occurrences. Again, there is a positive long-term outcome: your organisation will develop an enhanced cybersecurity framework. By preparing effectively so you can adhere to these reporting obligations, you are doing more than following protocol. You are actively protecting your organisation – and your customers and partners - and bolstering its resilience against cyber threats. 5. Ensure compliance for non-EU-based entities serving the EU market The NIS2 Directive doesn't only apply to EU established entities; it reaches out globally with extra territorial application, mandating requirements and obligations for international entities that offer services within the EU market. This move ensures that any entity, regardless of its geographical location, adheres to stringent cybersecurity norms if it serves the EU market. It also means that EU entities cannot contract out of their obligations by leveraging non-EU partners who do not need to adhere to the NIS2 requirements. Key steps Who is affected: NIS2 casts an extra-territorial wide net, much like the GDPR, and applies to: DNS service providers, TLD name registries, cloud computing service providers, data centre service providers, content delivery network providers, managed service providers, managed security service providers, online marketplaces and search engines and social networking services platforms. If your services reach into the EU, you are on the radar. Importantly, direct suppliers who are not established inside the EU, such as UK businesses, but which supply EU essential or important entities, will also need to satisfy those customers that they are operating to NIS2 standards. Requirements for non-EU entities: Particularly for entities like those in the UK (post-Brexit), it may be a contractual obligation and a competitive advantage to prove that your operations meet NIS2 requirements. This isn't just about compliance; it's about ensuring that your services are trusted by customers and partners within the EU market. Appointing an EU representative: Much like the GDPR, if your business doesn’t have a physical presence in the EU, but offers services within the EU, appointing a local representative is mandatory. This representative will facilitate your compliance processes and act as a point of contact with EU authorities. Advice to non-EU businesses Contractual clarity: If you are a supply chain partner to an applicable EU essential or important entity, then ensure your NIS2 contractual obligations and the processes (and people) you will need to implement to deliver on them are agreed. Strategic advantage: Compliance with NIS2 should not only be seen simply as a regulatory hurdle but as a strategic advantage in the competitive EU market for supply chain organisations. If you can proactively demonstrate NIS2 compliance, that should be an advantage in securing new commercial opportunities inside the EU, because you lessen that compliance burden for your potential customers. The NIS2 advantage: transforming challenges into opportunities By setting a new standard in cybersecurity, the NIS2 Directive ensures that above and beyond a compliance exercise, cybersecurity becomes an integral part of an evolving organisational cybersecurity strategy that places an increasing focus on operational resilience. Before your executives and board members can lead on NIS2, they must develop expertise and best practices. The NIS2 training courses available through the Diligent One Platform provide a comprehensive understanding of the directive, offering guidance on compliance obligations and key provisions, and include practical tools like a preparation checklist to ensure thorough readiness. As you prepare to meet its ongoing requirements and obligations, concentrate on developing a robust framework that not only meets immediate compliance needs but also improves long-term resilience across your supply chain. Get armed with everything you need to easily map, manage, and demonstrate your NIS2 compliance with a scalable method for managing future risks. Find out more about our NIS2 Toolkit and book a demo here. 

Continue readingchevron_right
Dale Waterman  Image
Dale Waterman
Solution Designer, Diligent
cybersecurity-professionals-in-a-meeting
January 8, 2025
9 min read

How to write a board report: Examples & best practices (with template)

If the board of directors is the brain, board reporting is the eyes: a strategic and goal-oriented look at business or organizational activities and the broader industry landscape. “Boards across the country continue to get a lot of data, but we’re always requesting more analysis. To the extent that you can use your software to turn data into more analytics, that’s very helpful,” says James S. Hunt, Board Director at The Penn Mutual Life Insurance Company and Brown & Brown, Inc. Done well, board reporting gives the board the insight they need to stay agile in the face of ever-evolving business needs. On the other hand, ineffective board reporting can cut the board off at the knees, forcing them to make decisions without a clear picture of the business. What is board reporting that helps, not hinders? We’ll explain from the beginning, including: What a board report is The purpose of board reporting Who writes board reports, and how often The four most common types of board reports How to write a board report and what to include Board reporting template (with examples) Best practices and mistakes to avoid What is a board report? A board report is a document that conveys to the board key insights and information related to the organization’s risks, opportunities and overall performance. It’s the culmination of everything practitioners and executive leaders do to synthesize organizational insights for the board. Simply put, there is no board reporting without a clear and consistent board report. The purpose of a board report Board reports are a vital communication tool. They give the board a window into business activities — going well and at risk — and how each aligns with the organization’s strategic objectives. “The reality is, no really important decisions are made based upon historical information. All important decisions are based on what you’re seeing today and what you think you’re going to see in the future. The ability to have good data and good information on a daily basis is what will drive your really important decisions.” – Avedick B. Poladian, Board Director, Public Storage and Occidental Petroleum Corporation. By offering relevant data, insights, and recommendations, board reports enable the board to assess performance, address challenges, and chart a clearer, data-driven path toward long-term success. Who is responsible for writing board reports? Board reporting is almost always a group effort. Executives at the C-suite level often guide their teams in delivering reports that they know will resonate with the board. Practitioners, including the Chief Information Security Officer (CISO), General Counsel, Head of Audit and Head of Sustainability, use that guidance to compile the essential insights and recommendations related to their area of oversight. How often are board reports prepared and distributed? The frequency of board reports varies. Though board reports have historically been prepared and distributed quarterly or annually, modern boards need more frequent reporting to stay abreast of rapidly evolving risks and opportunities. Pace is a limiting factor for traditional board reporting, but governance platforms are increasingly becoming the link between the board and daily operations. Platforms like these give executive leaders and practitioners instant and holistic oversight across the organization, unlocking more frequent board reporting without the added burden of preparing them. 4 types of board reports Not all board reporting is alike. While some may be a comprehensive overview of the entire organization, others might drill down into a specific function. The four most common board reports are: Operational reports: These reports detail day-to-day activities and performance and illustrate how that information aligns with the organization’s objectives. Financial reports: Boards use financial reports, specifically income statements, balance sheets and cash flow statements, to assess fiscal health. CEO reports: Offering higher-level insight, these reports cover achievements, challenges, strategic initiatives and the organization’s progress against pre-defined goals. HR reports: Human capital is essential to organizations. Directors use HR reports to assess workforce engagement, talent acquisition, turnover and more. What to include in a board report Board reports should provide members with the right information to make informed decisions. That requires that board reports include: Executive summary: Write a concise overview of the report contents to help the board familiarize themselves with the subject matter. Highlight main points, progress updates and any decisions the board needs to make. Key metrics and performance updates: Share quantitative and qualitative data on organizational performance, such as financial metrics, program outcomes or progress toward strategic goals. Accomplishments: Highlight successes, major milestones or impactful initiatives since the last meeting. Challenges and risks: Forecast any obstacles, risks or issues the organization faces, along with proposed mitigation strategies. Financial overview: Most board reports include a summary of the organization’s financial health, using details like income, expenses, budget variances and more. Updates on strategic initiatives: Outline progress on key projects or goals from the strategic plan. Note timelines, deliverables and alignment with the organization’s mission. Decisions or approvals needed: Indicate items that require board input, approval or action, with relevant background information for each. Upcoming events and key dates: Alert the board of important upcoming events, deadlines or initiatives, especially those involving board members. Appendices or supporting documents: Compile detailed reports, charts, data or any other documents that support the main content but don’t need to be part of the core board report. How to write a board report Writing a board report is both an art and a science. It requires adherence to specific structures while making the information clear and concise enough to help board members fulfill their roles effectively. Here’s how to craft an effective board report: Start with a template: A standardized board reporting template can promote consistency. This also makes the report easier for the board to interpret because they won’t have to navigate a different structure every time. Create one using Google Docs or another word processing tool, or streamline report creation further with board management software. Focus on clarity and brevity: Board reports don’t have every detail about a department or initiative. They focus on key points and avoid jargon and technical language so the board can quickly identify critical information. AI tools in board management software can help analyze data and recommend which details to highlight. Organize information logically: Follow a structure that is easy to read. Use headings, subheadings and bullet points to help board members absorb details quickly. Incorporate data visualizations: Using charts, graphs and dashboards not only makes the report more visually appealing but can also highlight stats the board would otherwise miss. Make it easy for the board to understand all data points even if they only skim the report. Leverage AI: AI-powered board portals can help draft sections, generate summaries or analyze data. This is particularly helpful for recurring reports, like financial reports. For example, AI can quickly summarize meeting notes or compile performance insights into actionable items for the board. Proofread and review: Read through the report for accuracy and completeness. It can help to have a colleague review it as well to catch any omissions you may have overlooked. Board reporting examples A good board report offers the board both critical information at a glance and deeper narratives and data they can dig into over time. Board reporting best practices go a long way toward solid board reports, but your reports’ effectiveness has everything to do with the structure. What a good report looks like will vary based on the type of report it is. Generally speaking, though, here is an example of what a board report can include based on a hypothetical organization: Board reporting template to adapt to your own organization Based on the example above, here is a template you can use for your next board report: 11 board reporting best practices Board reporting is not one-size-fits-all. At its most basic, though, a board report is a single deliverable that compiles insights on a given topic — human resources or environmental, social, governance (ESG), for example — into a single resource. Yet, countless employees at multiple levels will touch that report: Practitioners will prepare it The C-suite will guide the preparation The board will ultimately use it to make better decisions Board reporting best practices are vital to creating board reports that check all those boxes. These include: Communicating clearly: The reports themselves should communicate essential information to the board. However, delivering those reports also relies on clear communication. Develop a reporting structure that allows practitioners and the C-suite to create consistent reports and give the board quick access. Establishing a schedule: Board reporting is only valuable if it’s timely. Creating a reporting cadence gives stakeholders fresh insight into the organization’s performance and risk landscape. Aligning reporting with strategic goals: Board reporting doesn’t exist in a vacuum. Instead, it’s a glimpse into the organization’s performance against predetermined goals. Executives at the C-suite level should share the organization's overarching goals and strategies with their teams so the reports articulate how business activities contribute to those objectives. Including key performance indicators (KPI): Relevant KPIs are another board reporting best practice teams can use to quickly and clearly communicate the organization’s performance in crucial areas. Boards can then quickly assess the metrics and any associated trends. Learn more specifics about board governance metrics here. Outlining risk and mitigation strategies: Boards also need a clear understanding of the risk landscape. This includes updates on known risks and forecasts on emerging ones. Don’t just list the risks themselves, either. Offer mitigation strategies for each that the board can consider. This aids the board in making swift and informed decisions. Utilizing visuals: Board members don’t need to be data analysts. Consider how to ensure they don't need to do extra work to understand critical data and trends. Charts, graphs, and more can help data lead to more productive discussions and faster decisions. Providing a narrative: Add narratives explaining the report's data beyond visuals. You are the expert in the field, and your team’s commentary is critical. But of course, triple-check that the report is jargon-free (a simple but frequently forgotten step). Many people prefer to use software that facilitates both visuals and commentary. “We’ve actually asked our CEO to write a description of what we want to understand in this section to make sure we’re understanding what the key points are. It allows you to arrive in the room more informed and equipped to have a productive discussion and make better use of the time,” says Karen Francis, chair of the board at Vontier. Board reporting in this style helps board members and other stakeholders understand what the data means and any broader trends it represents. Like visuals, ‌commentary is vital for empowering your board to make effective and timely decisions when it counts. Implementing a feedback loop: There must be a mechanism to communicate feedback on board reports. This should include a pathway for executives to comment on reports before presenting them to the board and a second pathway for the board to ask questions or offer recommendations. Collecting feedback unlocks continuous improvement. This feedback loop helps to foster the top-down and bottom-up approach — a perspective that GRC analyst and pundit Michael Rasmussen shared in-depth with Diligent. Looking to the future: The best board reporting isn’t limited to the past. Instead, examine what’s ahead. Include a brief forecast and any strategic recommendations so the board can anticipate what’s coming and prepare accordingly — leveraging integrated analytics and automation. Prioritizing data security: Board reports must be confidential. Ensure you’ve implemented robust security measures to guarantee that reports won’t fall into the wrong hands. This includes internal controls for preparing and handling reports and encryption for the tools you use to distribute and communicate. For example, assessing risks associated with free board management portals such as unsecured cloud-based data. Another consideration is whether your board communication practices (email, etc.) protect or sacrifice your legal privilege. The WeWork vs Softbank lawsuit demonstrated how critical it is to evaluate communication methods and protect your board communications. Offering board reporting training: Executives are responsible for building teams that understand and can leverage board reporting best practices. Offer thorough onboarding and ongoing training to keep protocols fresh for new and veteran employees. Common mistakes to avoid in writing a board report Board reporting is a lot like Goldilocks — there is such a thing as too little information and even too much, and there is an art to getting it just right. On the path to effective board reporting, these are the pitfalls the C-level and their teams must avoid: Lack of clarity: Board reporting misses the mark when it’s too long or uses overly complex language. The report may be thorough when that happens, but the board won’t understand it. “Sometimes we just get snapshots of where we are right now and get pulled into meetings. That’s what’s difficult because you want to know if we are getting better or improving. That’s the important element to really analyzing the data.” Catherine Lego, Founder of Lego Ventures LLC and Board Director at Cirrus Logic and Guidewire Software. Strive to create clear and concise reports without leaving out critical information. Misalignment with strategic goals: Reports are challenging to act on when the narratives and KPIs don’t match the company’s direction. Ensure you create an explicit link between the information in your reporting and the organization’s strategic goals. Inconsistent format: Boards will review an updated version of the same report many times throughout the year. If every GRC update looks different, quickly understanding and comparing the reports isn’t easy. A consistent framework streamlines report creation since teams can compile the same information every time. Unreliable reporting: Effective board reports depend on data. If your reporting is inconsistent, siloed, or sporadic, that data could be inaccurate by the time it reaches the board. Today, leaders with the most effective board reports leverage technology so the board always has fresh insights. For instance, leaders are using automation, ensuring their program is driven by analytics, and eradicating silos by consolidating software across departments. Failure to collaborate: Your reports should spark ongoing conversation, whether feedback, questions or a discussion about possible solutions. For robust reporting, departments need to work together. The CEO, CISO, CFO, and COO should communicate to ensure a holistic view of organizational risk. Rather than using multiple tools for one-off siloed reports, what if your GRC software met your daily, weekly, quarterly, and annual needs? Your teams would have quality data at their fingertips. This ensures alignment with organizational goals, fostering effective board reporting. Simultaneously, the board accesses clear, insightful information crucial for strategic decision-making. Create a secure, integrated, and interactive environment to facilitate collaboration before, during and after board meetings. Streamline board reporting by consolidating software into one platform Though board reporting comes in after your strategy, objectives and goals are in place, it should be anything but an afterthought. Board reporting best practices underpin everything that makes the board effective: proactivity and strategic decision-making. As the business landscape evolves, senior leadership teams — including CEOs, CISOs, general counsel, and more — are looking for greater oversight into board reports and the activities it takes to create them. For that, they’re turning to software. Integrated GRC gives boards comprehensive data in an easy-to-view dashboard, balancing the need for deep insights that are also accessible. At the same time, consistent data powered by accurate analytics and cross-departmental visibility reduces the burden on both the C-suite and practitioners to complete the repetitive tasks board reporting requires. Instead, those teams can be the experts and advisors they are, offering nuanced analysis and insights rather than rote statistics. The Diligent One platform centralizes the entire GRC practice by: Channeling the power of Diligent Market Intelligence Connecting disparate internal and external data sources in a single dashboard Complementing your data with a powerful analytics engine Consolidating your view of risk Learn more about how better GRC starts with the Diligent One Platform. Q&A How can I structure my board report for maximum impact? To structure your board report for maximum impact: Strike a balance of data and commentary. Include ample KPIs and accompanying visuals, then pair that with a narrative that explains what those metrics mean. Once you’ve settled on a structure, use it consistently so the board knows exactly what the report contains and can quickly digest it. How can I ensure that my board report is concise yet comprehensive? Aligning board reports with your organizational objective is the best way to ensure they’re concise and comprehensive. Then, you can prioritize the insights, KPIs, and visuals the board will need to make informed decisions about those objectives. How can I tailor board reports to different types of stakeholders on the board? Tailoring board reports to different stakeholders on the board requires understanding each director, their priorities and responsibilities and their ability to interpret data. Create reports that support the board in defining the organization’s strategic direction and provide that information in multiple ways — raw data, visuals, and narratives — so all directors can engage with it. How can I gather feedback from board members to improve future reports? Choosing a platform that enables commenting and communication from board members is a fantastic way to create a feedback loop. The board can access reports between meetings, add feedback, and even converse on a secure platform. How can I ensure my board reports align with the organization’s strategic goals? Align your board reports with the organization’s strategic goals by familiarizing yourself with the strategic plan. With that as your foundation, you can identify and report on measures that reflect the organization’s progress against that plan. This also requires communication across departments before the board meeting as the strategic plan will likely contain objectives for multiple business areas — finance, risk and compliance, and cybersecurity, for example. Platforms like Diligent One can facilitate communication across the entire C-suite. What is board reporting for government organizations? In government organizations, board reporting is preparing and presenting information to governing boards or oversight committees. Government board reports typically include compliance and regulatory updates, budget performance, policy implementation and more. How can you ensure you’re always prepared for a surprise board meeting (and save time across all your reports)? Practitioners can prepare and deliver board reports more quickly if your reporting interface is seamlessly integrated with daily activities. Using a single platform for both board reporting and routine operations allows practitioners to easily access all the analytics they need and seamlessly report back to the board. Practitioners can then report as accurately and efficiently for urgent meetings as they do for scheduled ones. How does using one platform for board reporting increase organizational alignment? Many organizations manually pull data from multiple different sources. These sources don’t always align, making it difficult to articulate the relationship between one piece of data and another. Using one platform connects all data in a single dashboard, giving practitioners a clear view of cross-departmental data that can be tied to organizational objectives clearly and strategically. What is board reporting for the education sector (is it different than for corporate)? Board reporting for the education sector has some similarities to corporate board reporting, but the differences come down to the unique structure of educational institutions. Unlike corporate reports, reporting in the education sector focuses on areas like the institution’s mission and educational goals, student performance and curriculum and program updates.

Continue readingchevron_right
The CFO of a company in a meeting following the board reporting best practices
security

Your Data Matters

At our core, transparency is key. We prioritize your privacy by providing clear information about your rights and facilitating their exercise. You're in control, with the option to manage your preferences and the extent of information shared with us and our partners.

© 2025 Diligent Corporation. All rights reserved.