Sna

Many non-profit organizations' managers forget that information is an asset, and that it may be their greatest asset class. From mailing lists to credit card payment transaction records, information is often critical to the operation of the organization. Before you can hope to protect your physical assets such as cash or donated valuables, you should look at what information assets you possess. The following 7 points should be considered when identifying a non-profit organization's information assets.

1) Information as an asset - Information can be important as an asset, not only in its value to others - such as credit card numbers - but in its importance for keeping the operation running. If your operations can be damaged due to unauthorized disclosure, modification or destruction of a particular type of information, that information is considered to be an asset worth protecting. Information assets also include the computer systems and networks that you depend Celexa for operations. If they become go down and become unavailable, how does that affect your ability to meet your objectives? Furthermore, it is also important to protect any details that can lead a thief to know more than they should about your major assets.

2) Location of Information - In a non-profit organization, there is often a lot of paper-based information that delivers value to the organization. This occurs from the moment a volunteer collects a cheque or even a pledge when canvassing door-to-door, or over the phone. This information is distributed across many locations, as it makes its way back to your central repository. As it is passed along, records and data may be vulnerable to theft or disclosure. It can even remain vulnerable if people don't know how or when to dispose of it after passing it on to you by fax or email.

3) Regulated Protection of Payment Card Information - If you collect payments by credit card, either on-line, by phone, or on paper, you are obligated to follow the standards of the payment card institutions. The Payment Card Institutions Digital Signature Standard (PCI DSS) is an industry standard for protecting payment information collected by merchants. Even though you are a non-profit organization, you are a merchant in the credit card company's view. They have specific definitions for the types of information you collect for payments, and how each type must be protected. They can shut down your operation by denying access to their payment processing services if you are found to be violating their terms and conditions for information security.

4) Contributor Georgia truck accident lawyers Information - You may be collecting information about contributors that you don't realize may need protection. Not only for regulatory reasons, but as good business practice, you should be aware of what types of information you collect about your contributors. Even if it is just for market research, having records about individuals' salaries, affiliations, age, sex or other personal characteristics must serve a particular purpose. Furthermore, this kind of information must be handled and disposed of properly. If you must collect personal information, you should check for any legislation that governs how businesses handle and protect it in your jurisdictions (both by industry and by geography). If it is not essential to your operations or immediate marketing campaigns, it may be more of a liability than an asset to keep personal information around.

5) Staff and Volunteer Personal Information - You may be holding sensitive personal information about your staff or volunteers, such as police or criminal record checks. The people you depend on to perform your good work - and even those whom you decline to include in your workforce - also depend on you to be responsible with their personal information. They may take legal action against you if you do not properly handle and dispose of the information they have entrusted to you.

6) Central Information Storage - Once your organization receives donation information or contributor contact information, it must be protected from disclosure, modification or deletion - especially if it is kept in a central file or database. Whenever large quantities of valuable information exist on a computer system, thieves and hackers will be interested in knowing about it. Therefore, the security measures you use to protect stored information are important to protect, in themselves. For example, you must be able to protect the user names and passwords of accounts that have access to a central database. Staff and volunteers must be given only what information they need to know in order to perform their responsibilities. Too much information about your operations floating around in memos or documentation can easily make it into the wrong hands.

7) Staff Communications - Any time people communicate electronically, or by paper, they usually leave a trail of information. You should consider what methods your staff use to communicate amongst themselves. Do they use instant messaging or public forums to give instructions or report on statuses? Any communication method that uses the Internet can be a lot less secure than you might expect. If details of donation drop-off locations or events where sensitive information will be shared get into the wrong hands, you may be attracting unexpected visitors or observers. Thieves or hackers can use this information to plan more elaborate attacks based on having enough knowledge of your operations to fool a volunteer or staff member into sharing sensitive information.

Every organization relies on a different set of information to operate. Your non-profit organization is not immune to the rules, regulations and standards expected of any business; even if you have the best of intentions. It is your responsibility to know what information everyone in your organization handles, and how to protect it.

The bottom line for any business manager is that, with very little time, effort and even money, you can become more confident in how your business information is protected. You'll sleep better, and so will your customers.

You can learn more about Governance by Graffiti at http://www.streetwise-security-zone.com You'll also find FREE forums and tools for improving information security, specifically for managers with limited time and budgets for security.

From Scott Wright - The Streetwise Security Coach