Discuss

last person joined: 2 days ago 

Ask a question. Give advice. Share resources. Looking for software or hardware recommendations? Want to know how others are using text messaging in their work? Trying to find examples of IT policies? The NTEN Discuss forum is a great resource for all of the above and more! It's the general discussion list for the NTEN community, and folks all over the US (and the world) are sharing their questions, answers, and news about nonprofit technology.

Policy Samples: Confidential Data Policy, Encryption Policy, Data Retention Policy

  • 1.  Policy Samples: Confidential Data Policy, Encryption Policy, Data Retention Policy

    Posted Nov 24, 2019 14:35
    Hi all. My organization has a long list of policies to create/revise and I was wondering whether anyone could share samples. Most of what I find online doesn't seems to transfer well to my organization given the variety of data we handle and how it is used (donors, scientists we give grants to, people who attend educational events).

    Our top priorities are:

    Confidential Data Policy: Defines what data is confidential for the company and how it should be handled.
    Encryption Policy: Describes when data needs to be encrypted and guidance on the use of encryption technologies.
    Data Retention Policy: How data is organized, where it is stored and why, and how data is archived or disposed of when it is no longer needed.

    I searched through old topics but got directed to dead links so apologies for semi-re-posting the topic.

    I did find this but it doesn't cover the above:
    https://drive.google.com/drive/folders/0B--MG31FlxoDfldkdzFQTHNOMEhIcC01YVdDcDF2ZjNGclNYby02VWEza19xR3VKaUZYeU0

    If you want to send direct please email me at info@cancerresearch.org.

    ------------------------------
    Alice Northover
    Senior Marketing Manager
    Cancer Research Institute
    New York, NY
    ------------------------------
    2020 Nonprofit Technology Conference Logo  w/ Baltimore Skyline


  • 2.  RE: Policy Samples: Confidential Data Policy, Encryption Policy, Data Retention Policy

    Posted Nov 25, 2019 09:35
    Alice,

    Not sure I have any free templates that meet your need precisely. One of the best things I've seen in this area is from ComplianceForge and is the NIST WISP (say that 10 times fast...). Stands for National Institute of Standards and Technology (NIST) Written Information Security Policy (WISP).

    It looks like it's $960 to get your own editable MS Word copy. You could try making your own from the PDF, but might take work than just paying the $960. But some of the tables that have for information classification and management (pages 80-92 roughly) are terrific. Those would be easy to remake yourself in Excel or Word.

    I filled out ComplianceForge's contact us to inquire about nonprofit discounts. If I get a response with anything useful, I'll update this thread.

    Hope that's helpful.

    -JP





    ------------------------------
    Joshua Peskay
    Lewiston, ME
    ------------------------------

    2020 Nonprofit Technology Conference Logo  w/ Baltimore Skyline


  • 3.  RE: Policy Samples: Confidential Data Policy, Encryption Policy, Data Retention Policy

    Posted Nov 25, 2019 10:31
    While sample policies exist in various places, including https://thecommunity.nonprofitnewyork.org/s/article/Sample-Data-Governance-Plan (free for members, $15 otherwise) these areas in particular are changing fast, and we haven't found many model policies to be satisfactory, especially with NY-SHIELD and GDPR reshaping the regulatory landscape in the last 12-18 months. Following along to see what others might post!

    ------------------------------
    Isaac Shalev
    http://www.sage70.com
    Stamford CT
    @Sage70
    isaac@sage70.com
    ------------------------------

    2020 Nonprofit Technology Conference Logo  w/ Baltimore Skyline


  • 4.  RE: Policy Samples: Confidential Data Policy, Encryption Policy, Data Retention Policy

    Posted Nov 27, 2019 14:56
    IT Governance also issues toolkits for many laws, regulations and standards. For GDPR it's https://www.itgovernance.co.uk/shop/product/gdpr-toolkit or https://www.itgovernance.co.uk/shop/product/gdpr-implementation-bundle.
    I would use any template with care. It might be tempting to quickly implement, but what means 'implement'? Implementation is a process that can only be skipped at the cost of building a nice paper framework, but without 'hearts and minds' of the employees.

    Leen Roeleveld
    GDPR Practitioner
    The Netherlands
    lroeleveld@gdpr-expert.org

    ------------------------------
    Leen Roeleveld
    Bennekom
    ------------------------------

    2020 Nonprofit Technology Conference Logo  w/ Baltimore Skyline