Most boards manage their documents through email and shared drives. It works — until it doesn't. The moment a board packet contains compensation data, pending litigation, or a personnel matter, the entire system breaks down. There's no good way to share a document with some board members but not others using email or Google Drive.

This guide explains why traditional document management tools aren't built for board governance, what section-level access control actually means in practice, and why it matters for compliance and fiduciary duty.

The Problem with Email and Shared Drives

Email and shared drives solve the basic problem — getting documents to board members before a meeting. They break down on the governance-specific requirements that come with running a fiduciary body.

❌ Email & Shared Drives
  • No document-level access control — everyone gets everything or nothing
  • No audit trail for who opened what and when
  • Documents forwarded outside the board easily
  • Version confusion — which PDF is current?
  • No connection to the meeting agenda or minutes
  • Confidential items require a separate packet — version control nightmare
  • Resigned directors can still access shared drives
✓ Board Portal (Section-Level Permissions)
  • Section-level access — each section visible only to authorized members
  • Full audit trail: views, downloads, timestamps
  • Access revoked instantly when a director leaves
  • Single document — no version confusion
  • Documents linked directly to agenda sections
  • Confidential items handled within the same meeting workflow
  • Role-based access that changes automatically

The real risk: When a board chair emails executive compensation data to all board members — including those who shouldn't see it — that's not just an embarrassment. In some governance frameworks, it violates the fiduciary duty of confidentiality and creates legal exposure for the organization and the officers who distributed the information.

What Section-Level Access Control Means

In traditional document management, access control works at the file level: a person either has access to a document or they don't. Board governance requires something more granular — access to specific sections within a document based on role.

Here's a concrete example. A board meeting packet typically contains:

With email, you have two bad options: send everyone the full packet (including the confidential items), or create a separate confidential document and manage two distribution lists. Both options fail governance.

With section-level access control, you maintain one document. Each section is tagged with an access level. Board members see exactly what they're authorized to see — no more, no less — and the confidential sections simply don't appear in their view.

Sample Board Packet — Section Access View
All Members Admin/Chair Exec Committee
1. Call to Order & Attendance
agenda_q1_2026.pdf
All Members
2. Consent Agenda
consent_items.pdf
All Members
3. CEO Report
ceo_report_q1.pdf
All Members
4. Financial Review
financials_q1_2026.pdf
All Members
5. Executive Compensation 🔒
compensation_review.pdf
Admin Only
6. Litigation Update 🔒
legal_memo_q1.pdf
Exec Committee
7. Strategic Planning
strategy_2026.pdf
All Members

From the perspective of a regular board member, sections 5 and 6 don't exist. They see a clean, complete packet for the items they're responsible for. The compensation committee members see all sections. The audit trail records every access event.

Build Your Board Meeting Agenda in Minutes

Try our free interactive agenda builder — no signup required.

Build Your Agenda →

Why This Matters for Compliance

Fiduciary Duty of Confidentiality

Directors have a fiduciary duty of confidentiality — they must protect sensitive organizational information from unauthorized disclosure. This duty runs not just from directors to third parties, but within the board itself. A director who doesn't serve on the compensation committee generally has no need to review executive pay data, and sharing it unnecessarily creates risk.

Governance counsel increasingly advises boards to implement need-to-know access controls as a risk management practice, particularly for publicly traded companies, regulated industries, and nonprofits subject to IRS scrutiny.

Audit Trail Requirements

In regulated industries — community banks, healthcare systems, credit unions, insurance companies — regulators expect boards to demonstrate that confidential information is handled appropriately. An audit trail showing who accessed which sections, when, and from what device is increasingly required for regulatory examinations.

Email provides none of this. A shared drive provides limited logging. A purpose-built board portal provides a complete, immutable record.

Director Transitions

When a director leaves the board, their access to historical materials raises governance questions. Email and shared drives typically leave departed directors with indefinite access to everything they were ever sent. A board portal revokes access immediately on role change — and can maintain read-only access to historical materials for legitimate purposes while blocking access to current packets.

Regulated industries: If your board is subject to oversight from the FDIC, OCC, NCUA, CMS, or state financial regulators, expect examiners to ask about document access controls. "We email PDFs" is an increasingly insufficient answer.

What to Look for in Board Document Management Software

Not all board portals offer the same capabilities. When evaluating solutions, these are the features that separate adequate from purpose-built:

🔐

Section-Level Access Control

Permissions at the section level, not just the document level. Each agenda section and its supporting documents should be independently permissioned.

📋

Role-Based Permissions

Access levels tied to roles (all members, admin, committee member) rather than individually assigned — so permissions update automatically when roles change.

📊

Audit Trail

Log of every access event: who opened what, when, and from which device. Accessible to admins for compliance reporting.

🔄

Version Control

Single source of truth for each document. When a document is updated, all members automatically see the current version — no email threads with "use the attachment from this email, not the earlier one."

🗓️

Integration with Meeting Workflow

Documents attached to agenda sections, not stored in a separate repository. When a member reviews their agenda, the supporting materials are right there.

🔒

Encryption at Rest and in Transit

AES-256 encryption for stored documents. TLS for all data in transit. No unencrypted copies floating in email servers.

👤

Instant Access Revocation

Revoke a departed director's access in one click. All documents, all meetings, all sections — immediately inaccessible.

📱

Mobile Access

Board members review materials on their phones and tablets. Responsive design with offline reading for in-person meetings in areas with poor connectivity.

Comparing Board Document Management Approaches

Capability Email + PDF Shared Drive Board Portal
Section-level access control
Audit trail Partial
Version control
Instant access revocation Manual
Document tied to agenda
Encryption at rest Depends
Compliance-ready audit log
Zero setup cost Small

The Migration Path: From Email to Board Portal

Moving from email to a board portal doesn't require a multi-month implementation. For a mid-size board (8–15 directors), the transition typically looks like this:

  1. Set up the organization and invite board members (30 minutes). Role assignments propagate access automatically.
  2. Configure permission levels for your standard meeting structure (1 hour). Most organizations have 3–5 access levels: all members, board chair, executive committee, compensation committee, audit committee.
  3. Load your template library with your standard agenda structure and section permissions pre-set (1–2 hours). From that point, every meeting starts with the right structure.
  4. Distribute the next board packet through the portal instead of email. Send members a link rather than a PDF attachment.

The last step is the only behavioral change required of board members — and it's an improvement, not a burden. They get a clean, permission-filtered view of the packet without wading through email attachments.

Presido includes 100+ agenda templates pre-built for nonprofits, community banks, healthcare boards, HOAs, and more — each with section permissions configured out of the box. Upload a document to any section and it inherits the section's access control automatically. Board members see a filtered, personalized view of every packet they receive.

Special Considerations by Organization Type

Community Banks and Credit Unions

Regulatory examination expectations are highest in financial services. Examiners from the FDIC, OCC, and NCUA regularly review board governance practices, including how sensitive information is distributed and protected. Board books containing ALCO data, loan concentration reports, and compensation benchmarks should never travel through personal email.

Healthcare Boards

HIPAA considerations apply to board materials that contain patient data, quality metrics that could identify individuals, or credentialing committee decisions. Healthcare boards also frequently have sub-committees (quality, compliance, credentialing) that need committee-specific document access rather than full board access.

Nonprofit Boards

IRS Form 990 requires nonprofits to disclose their document retention and destruction policies. "We email PDFs and hope board members keep them" is not a policy. A board portal with defined retention settings satisfies this requirement and creates a defensible governance record.

HOA and Condo Boards

HOA boards face a different challenge: state open meeting laws often require that board records be available to homeowners on request. A board portal with appropriate access tiers (board-only vs. homeowner-accessible) handles this without requiring manual document preparation for every records request.

Related Guides
Board Governance

Board Meeting Agenda Template: Free Download + Best Practices

A structured template plus the seven governance practices that make board agendas actually work in practice.
Board Governance

Board Meeting Minutes: How to Take, Review & Approve

What belongs in the official record, how AI drafts minutes from your transcript, and the review-and-approval workflow.
Board Governance

How to Run a Board Meeting: The Complete Chair's Guide

Pre-meeting prep, quorum rules, Robert's Rules basics, confidential section permissions, and post-meeting follow-up — all in one guide.

Section-Level Access Control, Built for Boards

Presido handles board document management the way governance actually works. One document, permission-filtered per member, with a full audit trail. Try it free — no credit card, no commitment.

See How Presido Handles Board Documents

Free 14-day trial. Includes 100+ templates, AI meeting minutes, and section-level access control.

Frequently Asked Questions

Can't we just use Google Drive with folder-level permissions?

Folder-level permissions in Google Drive solve the document access problem but not the governance workflow. You'd need to create a separate folder for each access level, manually manage who belongs in each folder, and rebuild this structure for every meeting. There's no connection to the agenda, no audit trail, and no automated access revocation when roles change. It works as a workaround; it doesn't work as a governance system.

What about board member privacy — do we track their reading activity?

Audit trails in board portals record access at the organizational level for compliance purposes. Individual board members should be informed of this in your board governance policies. In practice, access logs are rarely reviewed except in the context of a governance dispute, audit, or legal proceeding. The audit trail protects the organization, not just directors.

How should we handle board packets that need to be shared with external parties?

Materials shared with auditors, legal counsel, or regulators should be treated as separate distributions — not by sharing portal access with external parties. Export a filtered PDF of the relevant sections (with the appropriate access controls applied) and share that. Never give external parties access to your board portal directly.

What's the right retention period for board documents?

Meeting minutes are permanent records — retain them indefinitely. Supporting board materials (financial reports, staff reports, presentation decks) typically follow a 7–10 year retention schedule, though this varies by jurisdiction and document type. Legal and compliance documents may have longer requirements. Consult your legal counsel for a written retention policy and apply it consistently.

Do we need to keep paper copies of board documents?

For most organizations, properly maintained digital records are legally equivalent to paper. The key requirements are authenticity (the record hasn't been altered), accessibility (you can produce the record on request), and durability (the record will survive system migrations). A cloud-based board portal with regular backups satisfies all three. Organizations with specific regulatory requirements (some regulated financial institutions, government bodies) may have additional paper retention requirements — check with your legal counsel.

Related guides: Board meeting agenda templates and best practices  ·  How to take, review, and approve board meeting minutes