Nobody wants to imagine the worst, but we all need to plan ahead. Risk management and contingency planning are a critical part of that process for any charity. What steps does your organisation take to protect your supporters, their data and donations?
Recent years have seen an increase in data protection breaches and cyber attacks, with the Information Commissioner’s Office (ICO) issuing fines of more than £100,000 to organisations that fail to take appropriate technical and organisational steps to protect personal data. While a data breach could incur a hefty fine, it can also have a far more damaging and long-lasting impact on the charity’s brand credibility and reputation.
Ensuring that your supporters are fully protected and that you have a high level of information security to safeguard their data has never been more important. This means ensuring third parties have comprehensive safeguarding measures in place too.
What’s more, all parties will need to consider how those systems will be protected and daily operations continued during a power cut, fire, flood or other more familiar emergency scenarios, such as heavy snowfall preventing key operating staff from getting to work. It’s critical to maintain your donations processing schedules without costly delays, not only for your charity’s continued income stream but also for the peace of mind of your supporters.
With this in mind, here are three questions to consider within your charity and to ask your suppliers:
While GDPR brought about a huge step forward in the way that organisations handle people’s personal data and unified many processes, there is still some variance in the way that financial data is processed, stored and how transactions are made.
Make sure you understand what is happening behind the scenes to keep your supporters’ data safe, to limit data breaches and what protocols will be followed if a breach occurs.
Look for suppliers that carry the ISO 27001 certification for their information security management systems, indicating that their framework of policies and procedures cover all the legal, physical and technical controls that should be considered within a comprehensive information risk management process.
Financial security over supporters’ donations and financial details cannot be over-emphasised, particularly during the transaction process. How secure are your donations?
The advantage for regular donors is that Direct Debit is recognised as the safest method of payment. All building societies and banks offering the Direct Debit Guarantee, protecting supporters against payments made in error or fraudulently. But be sure to check where your financial information is hosted and stored, how it is protected or encrypted. Ask questions from any third parties to ensure you understand who has access to those financial details and what steps they take to keep those details secure.
Power cuts and other office emergencies can occur for a range of reasons. They might mean that the office systems go down for just a few seconds, minutes, hours or more. Of course, it’s no less important that you can provide the same level of protection for supporters during emergency scenarios. How will your supporters’ data be protected during an emergency and what business contingency plans do you have in place?
Ask yourself: how are your servers protected whether on-site or remote and how long will they stay online during a power outage? If the office is inaccessible, how will this impact the service you are provided with? Do you have an emergency generator or other back-up power redundancy measures? How are these contingency measures tested? Ultimately, will your Direct Debit donations continue to be drawn from your supporters’ accounts uninterrupted?
Under Bacs rules, all organisations must have an adequate contingency in case they suffer a hardware, software or communications failure. So, make sure any suppliers you work with have the ISO 22301 certification, which specifies the requirements for a management system to protect against, reduce the likelihood of, and ensure your business recovers from disruptive incidents.
At Rapidata, we know how important it is for charities and supporters alike to have confidence that their details and financial records are in safe hands and that processing will continue uninterrupted. That’s why we offer a Direct Debit Contingency Service, removing the risk of delays or lost income for clients. We are proud to have invested in certifications that demonstrate our commitment to offering reliable, secure and high-quality services for all our clients, including: ISO 27001 (Information Management), ISO 9001 (Quality Management), and ISO 22301 (Business Continuity).
If you would like to explore setting up a contingency plan for your organisation with Rapidata, feel free to chat it through with us today.