(Some states and countries don't have data-breach disclosure laws. You need to make sure that you are notified immediately if your data is exposed.)

Have you ever had a problem with malware before?

(This is a bit of a trick question. Everyone has dealt with a malware issue at some point. If the service says they have never had a problem, there are two possibilities, and both are bad signs. One, you know they aren't being candid, or two, they have no idea that they have a malware issue. This calls into question their other responses.)

Note: All the BCS solutions seemed to have a decent level of application controls within the communication app itself. The main concerns I found were around the infrastructure that the application (and your company's data) sits on.

We all know the (IP). Securing Board of Directors communications is absolutely essential. You have to take the time to do it right.