Cyber security, data protection, data privacy and availability. These are all highly topical matters across all industry sectors and Not For Profits (NFPs) are certainly no exception.
NFPs hold as much, and sometimes more, identifiable personal information than other sectors. Take for example donor information, grant funding data, research information and additional sensitivities for health related NFPs. NFPs that accept donations via credit cards may also be subject to PCI DSS security obligations. Beyond just data confidentiality, the integrity (quality and accuracy) and availability of information are also of utmost importance to the successful operation of the NFP and to help preserve the reputation and brand-value of the entity.
Often, NFPs receive funding from State and Commonwealth governments including the COAG. A common condition of those funding agreements is that the NFP must ensure appropriate controls over data security and privacy. Depending on the NFP, the agreement may also require compliance with the funding agency’s security standards such as the Australian Signals Directorate’s Information Security Manual and/or the ISO 27001 standard. Often, the funding agency will require an independent review of the NFP’s security and privacy controls.
Centium has undertaken a number of such reviews for large and small NFPs. We understand and appreciate the unique challenges faced by NFPss including the need to balance its compliance obligations with its ability to deliver high quality outcomes all within very tight budgets. Other unique challenges include the involvement of volunteers who, whilst not employees of the NFP, may still require access to sensitive information to undertake their work. Having worked with many NFPs over decades, we are able to leverage good practices observed across not only NFPs but also other industry sectors. We understand NFPs’ compliance overheads but, more importantly, understand how to meet those requirements in an economical and practical way. You don’t always need a $50,000+ piece of kit to keep your data secure.
If you’d like to learn more about Centium’s data privacy and security assurance and improvement services, and how we’ve helped other NFPs meet their compliance needs, contact any of our Senior Partners for an informal chat. Beyond data security and privacy, we’ve also assisted NFPs in areas such as Customer Experience Management, business continuity and resilience, fraud risk management, investigations and training. Leverage Centium’s decades of experience and learnings so you don’t have to re-invent any wheels. centium.com.au