Too often nonprofits manage technology from one emergency to the next, on a tiny budget, so technology policies may never cross their minds. But written technology policies are worth it. They will help you clarify your thinking and approach to technology at your organization and provide clarity to staff about your expectations. They are also critical for handling growth and staff turnover. Have you ever lost your way with technology or data when a key staff member moved on? In the end, these policies will save you time and money.
Policy development should be led by your primary technology staff person and approved by your executive team. We also highly recommend talking with any external IT support consultants to get their recommendations.
Below, we outline the six policies you should have in place, along with some basic recommendations for each.
Hardware and platform policy
Your hardware policy should aim to ensure that your staff members have the tools they need with minimal downtime, while managing the cost of hardware, maintenance, support, and security. Your employees likely spend a significant amount of time on their computers, and you want that time to be as trouble-free as possible.
Your policy should cover what types of devices your organization provides, which platforms are supported, what personal devices employees can use for work and how they’re supported, and when tech is replaced.
One consideration is if you will require all employees to use the same operating system and compatible computers. Among our clients, we’ve seen a shift from strict single-platform offices to mixed environments where staff can work on the machines they prefer. For some, this shift is possible because of the increasing prevalence of cloud-based software, which only requires a web browser.
At Percolator, we provide an annual technology allowance and let employees choose their own computer and other hardware. Employees can spend their technology allowance on a new external monitor, a fancy mechanical keyboard, or save it for a top-of-the-line laptop or CPU. The goal is to make sure everyone has good hardware that they’re comfortable using.
Security policy
Your security policy should include requirements and recommendations for keeping your organization’s data and systems safe. We recommend including these requirements:
- Current anti-virus software on all computers that are allowed to connect to your network or shared data. Windows Defender is free and largely solid, but there are more powerful options too. Don’t forget about discounts from TechSoup!
- Password security – requiring strong, unique passwords for every organizational account. We strongly recommend adopting a centrally managed system for password management. For example, Lastpass allows you to securely share credentials and offers browser extensions to help each employee adopt good password habits.
- Security on mobile devices connecting to your systems. For example, with G Suite you can require a password or fingerprint for access. You can also require employees let you wipe organizational data if the device is lost or stolen.
Internet and mobile phone reimbursement policy
This should cover which employees can get reimbursed for home internet and wireless service. It should also specify minimum requirements or recommendations for home internet service (for example, a minimum speed), especially if your staff will be participating in online meetings.
On-boarding and severance checklists
These checklists should cover all of the technology-related tasks that need to be completed when an employee starts or ends their service with your organization. You want to make sure that new employees understand technology policies, are trained on your systems, have access to all of the accounts and data they need, and know where to get help. For departing employees, you want to be certain that you remove access to accounts and data, appropriately wipe their computer, and transfer ownership of key processes to other staff.
Software evaluation and management policy
This should specify best practices around org-wide use of software. This would include a process for evaluating new software (who makes the final decision, defining a ‘beta’ testing phase with a small group) and policies around rolling out new software to staff (training, establishing best practices, a review and feedback mechanism, and support). We also recommend having a central place where you store information about all of your active services.
Data hygiene policy
Putting in place a data stewardship policy now means that you are building good habits and growing a healthy list. The key elements of your data stewardship policy should include:
- Who can enter data and from where it is sourced (manual entry into Salesforce, Cirrus Insight, online forms, etc.)
- Data access: permission levels and who gets licenses
- Contact evolution (do contacts start as leads, when do they convert, etc.)
- Data hygiene process and schedule, like when you will match against NCOA and who is responsible for tasks
- Clear, documented processes for preventing duplicate data and for cleanup
- Data entry protocols: Required fields and standards for entry (address format, etc.)
- Policies on archiving or deleting contact records
- Data enhancement, including budget for services like WealthEngine, etc.)
For your email list, we also recommend regular review of email stats, re-engagement campaigns to non-responsive subscribers, and list pruning. We call this data stewardship Zombie Prevention!
Getting started
Building policies doesn’t have to be daunting. The goal is not technical depth, but understandable documentation your staff can follow. Start with one of these sections and creating an informal document. You can formalize it as you find clarity and finish researching your options, then incorporate it into your staff policies. Remember, involving staff in the process can help with adoption, too.