Information Technology

From Guidelines & Principles
Revision as of 21:15, 6 August 2013 by Mercural (Talk | contribs)

Jump to: navigation, search

Effective and appropriate use of technology is critical to maintaining a nonprofit organization’s accountability and relevance. A nonprofit should manage information with regard for confidentiality, safety, accuracy, integrity, reliability, cost-effectiveness, and legal compliance. A nonprofit should incorporate appropriate technology into its work to improve its efficiency, efficacy, and accuracy in the achievement of its mission.

Infrastructure Checklist

Required

Yes No In Progress Not Applicable Not Sure
Compliance with applicable HIPAA, COPPA, PCI/DSS data security standards (Health Insurance Portability & Accountability Act of 1996; Children's Online Privacy Protection Act of 1998, Payment Card Industry Data Security Standard) US
Document retention & destruction policy (Sarbanes-Oxley Act of 2002) US


Strongly Recommended

Yes No In Progress Not Applicable Not Sure
Compliance with applicable data security standards (PCI, DSS, etc.)
Disaster recovery plan
Management information systems (MIS) policies, procedures & protocols (including data sharing, email, Internet, list-serve, passwords, security, social media, technology use)
Off-site system back-up
Organizational website and email accounts
Software license compliance
Surge protectors, patch management program, intrusion detection system, virus scans, firewalls, SPAM and passwords for all computers
Uninterruptable Power Supplies on key servers


Recommended

Yes No In Progress Not Applicable Not Sure
Data collection system—to support continuous improvement & evaluation
Database, searchable by strategic constituent groups
Funded equipment depreciation to allow for necessary technology upgrades
Hardware, software & vendor inventory
Monitor IT developments
Technology assessment & plan
Technology budget, including maintenance & upgrades
Technology training plan (staff & volunteers)


Assessment Tool

Plans & Policies

No/Not Begun In Process Yes/ Complete Not Applicable Not Sure
We are aware of and in compliance with all regulations and industry standards relating to the types of data the organization collects, transmits, and stores. Examples include health care information under HIPAA, credit card information under PCI DSS, and online information from children under COPPA. US
We have a written document retention and destruction policy that also covers electronic files and voice mail. US
We have a written technology plan that is integrated into our short-term and long-term strategic and operational plans.
Our technology policy prescribes how all organizational information is gathered and stored, how accuracy is maintained, how and what information is backed up, and to whom information is made available.
We have a technology use policy that addresses personal use of the organization’s information and technology, such as computers, phones, social media, data, etc.
We have a technology security policy, including measures to ensure security if employees or volunteers have remote access to proprietary/confidential information.
We have a social media policy that outlines clear rules around the use of social media and designates one person to oversee social media efforts.
Our technology plan includes regular assessments and funds for maintenance and making necessary technology upgrades.
We maintain and are ready to implement a catastrophic recovery plan that includes hardware and software inventory for insurance purposes, off-site back-up of key data and software information, and remote/alternative access in the event of an emergency.

Systems & Support

No/Not Begun In Process Yes/ Complete Not Applicable Not Sure
We have reliable information systems in place that provide timely, accurate, and relevant information to facilitate workflow and track our data.
We have appropriate and up-to-date telecommunications equipment, compatible computer hardware and software, and internet access.
We have up-to-date virus protection, firewalls, and password protection.
More than one individual is responsible for maintaining our information systems. (One person should be primary and at least one should be back-up).
Our support agreements are up-to-date.
We allocate sufficient resources to train our board, employees, and volunteers in the use of technology equipment.
All staff and volunteers receive ongoing training on those systems that are relevant to their work.
We monitor ongoing technological developments that have the potential to impact our information systems or mission.


Walking the Talk

  • Consider conducting a technology assessment of your organization to determine what systems you need to effectively meet your mission.
  • When budgeting for new or upgraded technology, make sure to consider the cost of updated training and the ongoing cost of maintaining the system (service contracts, software upgrades, etc.).
  • Engage a core group of staff in cross training on your technology systems to make sure you can handle emergencies and provide ongoing service during times of transition.
  • Develop written policies regarding technology use by staff and volunteers. They may not like the guidelines, but letting staff and volunteers know that “nothing conducted on office equipment is private” protects you and them.
  • Research innovative ways to utilize technology to engage volunteers and deliver services. Consider the needs and preferences of your target audience for specific activities and make appropriate decisions. Ask key questions, such as: Will our customers get frustrated if they are caught in an endless loop of voicemail and automated attendants? Do donors and volunteers prefer to access information online, outside of normal business hours?
  • Remember that you don’t always need all the bells and whistles, but you DO need to stay current in your ability to meet your mission and serve your constituents.