Guidelines and Principles

Effective and appropriate use of technology is critical to maintaining a nonprofit organization’s accountability and relevance. A nonprofit should manage information with regard for confidentiality, safety, accuracy, integrity, reliability, cost-effectiveness, and legal compliance.  A nonprofit should incorporate appropriate technology into its work to improve its efficiency, efficacy, and accuracy in the achievement of its mission.

A nonprofit should have a written technology plan that is integrated into its short- and long-term strategic and operational plans.

A nonprofit should have a technology policy that prescribes how all organizational information is gathered and stored, how accuracy is maintained, how and what information is backed up, and to whom information is made available. The policy should addresses personal use of the organization’s information and technology and include security measures for remote access to proprietary/confidential information.


Assessment Items

Plans & Policies



Systems & Support


Resources

  • Compliance with applicable HIPAA, COPPA (BROKEN LINK), PCI/DSS data security standards (Health Insurance Portability & Accountability Act of 1996; Children's Online Privacy Protection Act of 1998, Payment Card Industry Data Security Standard) US
  • Document retention & destruction policy (Sarbanes-Oxley Act of 2002) US
  • Compliance with applicable data security standards (PCI, DSS, etc.)
  • Disaster recovery plan
  • Management Information Systems (MIS) policies, procedures & protocols (including data sharing, email, Internet, list-serve, passwords, security, social media, technology use)
  • Off-site system back-up
  • Organizational website and email accounts
  • Software license compliance
  • Surge protectors, patch management program, intrusion detection system, virus scans, firewalls, SPAM and passwords for all computers
  • Uninterruptable Power Supplies on key servers
  • Data collection system—to support continuous improvement & evaluation
  • Database, searchable by strategic constituent groups
  • Funded equipment depreciation to allow for necessary technology upgrades
  • Hardware, software & vendor inventory
  • Monitor IT developments
  • Technology assessment & plan
  • Technology budget, including maintenance & upgrades
  • Technology training plan (staff & volunteers)

Best Practices

Plans & Policies
  • Consider conducting a technology assessment of your organization to determine what systems you need to effectively meet your mission.
  • Develop written policies regarding technology use by staff and volunteers. They may not like the guidelines, but letting staff and volunteers know that “nothing conducted on office equipment is private” protects you and them.
Systems & Support
  • When budgeting for new or upgraded technology, make sure to consider the cost of updated training and the ongoing cost of maintaining the system (service contracts, software upgrades, etc.).
  • Engage a core group of staff in cross training on your technology systems to make sure you can handle emergencies and provide ongoing service during times of transition.
  • Research innovative ways to utilize technology to engage volunteers and deliver services. Consider the needs and preferences of your target audience for specific activities and make appropriate decisions. Ask key questions, such as: Will our customers get frustrated if they are caught in an endless loop of voicemail and automated attendants? Do donors and volunteers prefer to access information online, outside of normal business hours?
  • Remember that you don’t always need all the bells and whistles, but you DO need to monitor and stay current in your ability to meet your mission and serve your constituents.