Information Technology

From Guidelines & Principles
Jump to: navigation, search


Effective and appropriate use of technology is critical to maintaining a nonprofit organization’s accountability and relevance. A nonprofit should manage information with regard for confidentiality, safety, accuracy, integrity, reliability, cost-effectiveness, and legal compliance. A nonprofit should incorporate appropriate technology into its work to improve its efficiency, efficacy, and accuracy in the achievement of its mission.

A nonprofit should have a written technology plan that is integrated into its short- and long-term strategic and operational plans.

A nonprofit should have a technology policy that prescribes how all organizational information is gathered and stored, how accuracy is maintained, how and what information is backed up, and to whom information is made available. The policy should addresses personal use of the organization’s information and technology and include security measures for remote access to proprietary/confidential information.

Assessment Items

Plans & Policies

Legal Essential Recommended
We are aware of and in compliance with all regulations and industry standards relating to the types of data the organization collects, transmits, and stores. Examples include health care information under HIPAA, credit card information under PCI DSS, and online information from children under COPPA. [Legal US] X
We have a written document retention and destruction policy that also covers electronic files and voice mail. [Legal US] X
We have a technology use policy that addresses personal use of the organizations information and technology, such as computers, phones, social media, data, etc. X
Our technology plan includes regular assessments and funds for maintenance and making necessary technology upgrades. X
We have a written technology plan that is integrated into our strategic and operational plans. X
We maintain and are ready to implement a catastrophic recovery plan that includes hardware and software inventory for insurance purposes, off-site back-up of key data and software information, and remote/alternative access in the event of an emergency. X
Our technology policy prescribes how all organizational information is gathered and stored, how accuracy is maintained, how and what information is backed up, and to whom information is made available. X
We have a technology security policy, including measures to ensure security if employees or volunteers have remote access to proprietary/confidential information. X

Systems & Support

Legal Essential Recommended
We have appropriate and up-to-date telecommunications equipment, compatible computer hardware and software, and internet access. X
More than one individual is responsible for maintaining our information systems. (One person should be primary and at least one should be back-up). X
Our support agreements are up-to-date. X
All staff and volunteers receive ongoing training on those systems that are relevant to their work. X
We have reliable information systems in place that provide timely, accurate, and relevant information to facilitate workflow and track our data. X
We have up-to-date virus protection, firewalls, and password protection. X


Compliance with applicable HIPAA, COPPA, PCI/DSS data security standards (Health Insurance Portability & Accountability Act of 1996; Children's Online Privacy Protection Act of 1998, Payment Card Industry Data Security Standard) US
Document retention & destruction policy (Sarbanes-Oxley Act of 2002) US
Compliance with applicable data security standards (PCI, DSS, etc.)
Disaster recovery plan
Management information systems (MIS) policies, procedures & protocols (including data sharing, email, Internet, list-serve, passwords, security, social media, technology use)
Off-site system back-up
Organizational website and email accounts
Software license compliance
Surge protectors, patch management program, intrusion detection system, virus scans, firewalls, SPAM and passwords for all computers
Uninterruptable Power Supplies on key servers
Data collection system—to support continuous improvement & evaluation
Database, searchable by strategic constituent groups
Funded equipment depreciation to allow for necessary technology upgrades
Hardware, software & vendor inventory
Monitor IT developments
Technology assessment & plan
Technology budget, including maintenance & upgrades
Technology training plan (staff & volunteers)

Best Practices

Plans & Policies

  • Consider conducting a technology assessment of your organization to determine what systems you need to effectively meet your mission.
  • Develop written policies regarding technology use by staff and volunteers. They may not like the guidelines, but letting staff and volunteers know that “nothing conducted on office equipment is private” protects you and them.

Systems & Support

  • When budgeting for new or upgraded technology, make sure to consider the cost of updated training and the ongoing cost of maintaining the system (service contracts, software upgrades, etc.).
  • Engage a core group of staff in cross training on your technology systems to make sure you can handle emergencies and provide ongoing service during times of transition.
  • Research innovative ways to utilize technology to engage volunteers and deliver services. Consider the needs and preferences of your target audience for specific activities and make appropriate decisions. Ask key questions, such as: Will our customers get frustrated if they are caught in an endless loop of voicemail and automated attendants? Do donors and volunteers prefer to access information online, outside of normal business hours?
  • Remember that you don’t always need all the bells and whistles, but you DO need to monitor and stay current in your ability to meet your mission and serve your constituents.