Are the appropriate IT Governance controls in place to protect your community value?

by | Feb 23, 2022 | Not for Profits

In most organisations, IT has grown organically, meeting business needs as they arise. Those demands have come through thick and fast from almost all areas of the organisation’s operations. IT has become integral to almost all aspects of operations in most workplaces, putting immense pressure on those that are responsible for delivering these systems.

It can be especially challenging in not-for-profits that rely on a lot of volunteers to deliver their programmes, with a wide range of skills and all sorts of equipment.

Under that pressure, it’s not uncommon for normal governance approaches to lag behind, but given the importance of IT, these clearly need attention.

There’s a wide range of topics that need thought.  Examples include :

Access Rights

From protecting systems with passwords, having a strong password policy, multi-factor authentication or PIN policies for mobile devices – with no PIN, a stolen mobile device can yield up significant amounts of data, personal information and website access details.

It is common for volunteer data to be seperated out to reduce risk, and clear obligations placed on them ,and agreed, before they are granted access.

Policies

Are policies in place for appropriate use of devices, internet, email etc? A common response for small NZ businesses is that they have never needed these, but these have to be in place before you need them. Once an employee takes advantage, the horse has bolted. Are they up to date? Do they cover consumer cloud services such as Dropbox? Do they cover BYOD?

What about the data available to a well-meaning volunteer?

Antivirus and EDR (xDR)

Security patches are the fence at the top of the cliff and anti-virus can be the ambulance at the bottom. We have seen organisations suffer significant downtime because of a virus infection that would have been prevented by patching.

Security

Data security process – With data privacy concerns emerging, and legislation like GDPR becoming relevant, how well placed is your organisation to ensure it follows best practice?

Do your systems allow you to track compliance, do you know what personal data your organisation holds?  This can often be informally held by well-meaning colleagues as well as your official systems, meaning that training and awareness matter as much as software – and that’s something that extends beyond the IT department.

Do your volunteers understand their obligations?  In Not-For-Profits, this can be the biggest weakness, but they can supported so you can harness their goodwill while protecting your data.

 

Reporting

Do you have regular IT reporting in place, and does it cover the topics you really need to know about? These will span infrastructure (are the backups working and tested?) do you have any pending capacity considerations?  What’s the reliability of core systems like?

A Kinetics FlightPlan is the structured process to easily help you find the answers to these questions, and more.

For more information, contact us today.

If you aren’t sure who in your organiusatin is best to answer these questions, it is probably time you tried a contract part-time IT Manager, to help you manage ALL your valuable IT.  Check out ourstructured, programmatic “IT Manager as a Service” approach to help you.

Your First Name (required)
Your Last Name (required)
Your Email (required)
Telephone (required)
Mobile
Your Message