Group profile. A diversified group headquartered in Qatar, operating manufacturing and construction businesses with 160+ subsidiaries worldwide. The Board Office requested a secure, executive-grade platform to govern entity lifecycle management (incorporations, closures), Board & committee work, delegations and power of attorney, mandatory filings, and group statutory registers—with auditable approvals and performance reporting across jurisdictions.

What existed. Processes lived in email, office files, and ad-hoc trackers; approvals were dispersed; Board packs were assembled manually; entity data and documents were scattered; and reminders for filings were inconsistent. The case for a Company Secretary Platform (CSP) with entity management and a Board portal was formalised via a business case and BRD, then chartered as a group programme.

Strategic decision. Following a four-week Research & Innovation (R&I) phase, management compared market tools with a custom build. An in-house build was selected to meet security, integration, and design-for-the-Board requirements. The platform was developed on .NET with an Azure backend, integrated to SAP (for employees and plant structures) and the corporate single sign-on.

Board-level mandate. The primary users were the Board Office and senior executives; usability, reliability, and executive-grade reporting were non-negotiable. Approvals had to be complete and auditable across all jurisdictions.

Security posture. Internal portal classification; SSO, role segregation, VAPT, and OWASP-aligned secure coding were required. Guest (external) participation (e.g., counsel) needed tight access controls, auditability, and lifecycle management.

Multi-jurisdiction complexity. Country-specific mandatory filings calendars, escalation ladders, and documentary evidence had to be codified and kept evergreen.

Timeline and ownership. R&I in 4 weeks to finalise the BRD and options; 4 months to implement the selected custom solution, integrate with SAP and SSO, and move to pilot then production.

Why it mattered. Board risk, regulatory exposure, and executive time were all at stake: delayed filings, opaque delegations, or missing registers directly increase governance risk and hamper decision speed. The upside: one source of truth, time-boxed approvals, and traceable Board actions across 160+ entities.

Dispersed workflows. Incorporations, closures, delegations, and POAs were driven via email and documents, with approvals tracked manually; status and bottlenecks were hard to see.

Board & committee management. Agendas, papers, minutes, and actions were not tied to a single case spine; assembling Board packs was time-consuming and error-prone.

Registers and filings. Statutory registers sat in shared folders; mandatory filing reminders varied by country and relied on personal calendars; escalations were inconsistent.

Data integrity and identity. The platform needed authoritative people and organisation data (employees, roles, plants/companies) from SAP while enforcing least-privilege access through corporate SSO.

Security obligations. Internal-portal classification, vendor/guest access, and evidence for security compliance (incl. NDA and vendor security agreement templates) had to be built into the delivery path.

Impact baseline (pre-project).

• Board pack preparation was largely manual.
• Approval trails across incorporation/closure/POA/appointments often required back-and-forth to reconstruct.
• Filings calendars were fragmented; late confirmations created firefighting and reputational risk.

• Elicit & formalise requirements into a BRD: entity lifecycle, Board/committee governance, delegations & POA, registers, filings, and reporting.
• Tech-commercial scan of market options (e.g., Englobe, Diligent, DiliTrust) vs. custom build; assess fit, security, TCO, and integration risk.
• Blueprint an executive-first UX and a unifying Entity Case ID model to bind approvals, documents, and actions.
• Recommendation: choose custom (.NET on Azure) for tighter integration, security posture, and control of roadmap.

• Design & build the solution; integrate SAP for master data (employees, plants/companies) and corporate SSO; set up environments, CI/CD, telemetry, and VAPT.
• Migration & onboarding of existing entities and key documents; establish filing calendars by country.
• Pilot → production rollout with Board Office sponsorship; training for Corporate/Divisional Company Secretaries.

Architectural spine. A .NET application hosted on Azure (App Service + managed data services), secured via corporate SSO, and integrated with SAP to synchronise employees, roles, and plant/company structures. The platform defines a persistent Entity Case ID that ties approvals, documents, meetings, actions, filings, delegations, and POA end-to-end.

• Standardised forms to initiate incorporation/acquisition or closure, with required document checklists (AoA drafts, CR, financial statements, resolutions).
• Approval workflow across finance, legal, divisional and corporate company secretaries, and Boards—all logged with timestamps and rationale.
• Outputs: approved forms, filing packs, and CR/AoA issuance tracking; dashboards show recently opened/closed companies.

• Meetings: schedule, participants, agendas, papers, MoM, action tracking, attendance.
• Actions: Board and committee action registers with owners, due dates, reminders, and escalations.
• Board Office view: entity-by-entity oversight of planned/unplanned meetings and open actions.

• Appointments/removals of directors/CEO and delegation of authorities aligned to approved resolutions and DoA.
• POA lifecycle: request, approvals, issuance, archiving, and expiry alerts (e.g., 30-day warnings).
• Registers & reports: historical appointments, current authorities, POA status and expiry.

• Country-specific templates with due/expiry dates, owners, notified parties, and grace periods.
• Automated reminders and escalations (e.g., divisional → corporate sec → Board if overdue).
• Status dashboards: confirmed, not confirmed, finished/approved; escalation queue for leadership.

• Controlled archiving of AoA/CR and amendments, certificates, ISO, CoC, financial statements, etc., tagged by entity and ownership structure.
• Monitoring mode triggers reminders until evidences are filed; search and export support audit packs.

• SSO with role-based access; least-privilege by entity and function; auditable guest access; NDA and vendor security agreement gates.
• DevSecOps: OWASP practices, VAPT, environment hardening; Azure monitoring, logging, and incident playbooks.

• Entity status cockpit: incorporations/closures, Board actions, delegations/POA, filings due/overdue.
• Drill-through from group to division to entity, with exportable evidence for audit and regulators.

• Board pack preparation time: ↓ ~40% (median) via structured agendas, papers, and MoM with action tracking directly in the portal.
• Approval lead-time for incorporations/closures: ↓ ~30%, driven by standardised forms, complete checklists, and time-boxed routing.
• Overdue mandatory filings: ↓ from frequent ad-hoc escalations to <10% of total filings in the first quarter, with automated reminders and leadership visibility.
• POA/Delegation expiries: near-misses reduced materially; 30-day alerts and dashboards enabled proactive renewals.
• Audit readiness: complete approval trails and evidence packs assembled in minutes using per-entity registers.
• Executive visibility: the Board Office gained a single cockpit across 160+ entities, enabling risk-prioritised reviews and targeted interventions.

Operationally, the team established a run book (release cadence, VAPT cycle, access reviews) to sustain the platform and keep jurisdictional calendars evergreen.

• Design “Board-first”, then scale down. Executive clarity on one screen (what’s due, what’s late, who owns it) shaped every workflow and report.
• One case spine beats many trackers. The Entity Case ID connecting approvals, meetings, filings, and registers made audit and analytics straightforward.
• Codify jurisdictions early. Country filing calendars and escalation chains must be templated before build; avoid “local exceptions by email”.
• Identity is a feature. SSO roles, guest controls, and periodic access reviews deserve the same design rigour as UI.
• Build vs. buy is a governance decision. The R&I scan ensured the Board saw trade-offs across security, fit, TCO, and roadmap control—before committing to the custom build.
• Secure by default. OWASP practices, VAPT gates, and NDA/security-agreement workflows protect sensitive Board operations end-to-end.
• Change management is continuous. Corporate/Divisional Company Secretaries became super-users; training and a visible escalation inbox kept adoption high.