Section Quicklinks

A nonprofit must manage information in a manner consistent with confidentiality, safety, accuracy, integrity, reliability, cost-effectiveness, and legal compliance. A nonprofit utilizes appropriate technology to enhance capacity and thereby improves its efficiency, effectiveness, and accuracy in the achievement of its mission.

KEY

  • Legal Practices are legally required of all Montana nonprofits
  • Essential Practices are widely recognized as industry standards and generally expected of all nonprofits
  • Recommended Practices should be considered by all nonprofits, with implementation dependent on capacity and life stage

Practices

    INFORMATION MANAGEMENT AND POLICIES 

  1. ★★ A nonprofit has in place information systems, including but not limited to accounting and financial management; evidence of regulatory compliance; program evaluation; fund development and donor management; community outreach; and public relations, that provide timely, accurate, and relevant information.
  2. ★ A nonprofit has technology use, confidentiality and security policies that address staff and board use and that prescribe how all organizational information is accessed, gathered, stored, and transmitted; how client and sensitive information is kept secure; how accuracy is maintained; how and what information is backed up; and to whom information is made available.
  3. ★★★ A nonprofit retains relevant documents if it receives notice of pending or actual litigation or government audit or investigation or it if it appears reasonably foreseeable that such litigation, audit, or investigation, may occur. MT, US
  4. ★★ A nonprofit has and adheres to a written document retention and periodic destruction policy that includes guidelines for handling documents (physical and electronic files, e‑mail messages and voicemail); disposition of documents; legal hold procedures that prohibit destruction when required; procedures to remove network and physical access of former employees; back-up procedures; archiving of documents; and regular inspections of the reliability of the system.
  5. ★★ A nonprofit addresses the appropriate use of mobile technology to access, store, and transmit confidential information.
  6. ★★★ Along a spectrum, a nonprofit must increase the level of cyber security with increased data sensitivity so that data is not compromised. A higher level of cyber security must occur, for example, with data that is subject to the security rule under Health Insurance Portability and Accountability Act (“HIPAA”). MT, US
  7. ★★ A nonprofit considers the sensitivity of all data stored on populations it directly or indirectly serves, as well as clients, donors, staff and volunteers, and implements reasonable cyber security to protect it. For example, applicable Payment Card Information (“PCI”) Security Standards may require a higher level of cyber security for credit card information.
  8. TECHNOLOGY 

  9. ★ A nonprofit designates responsibility for maintaining the organization’s information systems to more than one staff person, volunteer, or board member; one person is primarily responsible and at least one other person is the back-up. All staff have ongoing training to use the systems relevant to their work.
  10. ★ A nonprofit has a written technology plan integrated into its short- and long-term strategic and operational plans. The plan includes annual assessment of technology capacity and effectiveness and provides for budgeting, funding and a schedule for deployment of necessary technology acquisition and upgrades, as well as provisions for staff training.
  11. ★★ A nonprofit invests in appropriate telecommunications equipment, hardware, software and online platforms to enhance its ability to achieve its mission. Technology equipment is appropriately depreciated and replaced. 
  12. ★★ A nonprofit ensures its electronic and information technology is accessible to staff and volunteers and reasonable accommodations are made.
  13. ★★ A nonprofit that chooses to invest in technology equipment allocates sufficient resources both to train its employees and volunteers in its use and to maintain and service that equipment. A nonprofit also ensures that its support agreements are up-to-date. A nonprofit fosters engagement in system development and allows individuals who will work in‑house to understand, experiment, and champion system advancement and adoption. Increasing the use of a system maximizes the investment in that system.
  14. ★ Nonprofits provide effective, consistent, and sustainable technology support so that its staff and volunteers are able to use and maintain the information systems required for them to fulfill the organization’s mission. The support may range from in-house paid staff to tech savvy volunteers to external consultants.
  15. ★ A nonprofit has a catastrophic recovery plan; utilizes reasonable security measures, such as off-site electronic back-up, virus protection (updated regularly), and firewalls; and considers cloud-based technology solutions. It develops and regularly updates its website and maintains e-mail accounts. To the extent possible, back-up processes should be automated and the back-ups should exist in a location outside of the office.
  16. ★★ A nonprofit creates and maintains documentation on the current configuration of its technology infrastructure including user credentials to access mission-critical websites, software licensing agreements, network topology diagrams and a thorough inventory of key hardware including computers & printers.