We had a great meeting again at Grow Pittsburgh! Thank you again to Rebekah and GP staff for hosting us! (We will be back at GP for the April meeting on 4/5, then we go to the Frick Art & Historical Center in May.)
Here are the notes and resources from the meeting. Note that we concentrated very specifically this month on questions and issues raised by group members.
Data security audits for nonprofits
- Assume banking standards because of donor-related info?
- HIPAA compliance required for health care orgs
- PCI-DSS – annual certification needed if accepting credit cards – there’s a 120 page document used to verify compliance on various systems
- Trustwave – scans monthly for testing purposes
- TransArmor – a security solution from First Data
- Think about all security systems by going through PCI certification doc
- PCI-DSS – limited where info is stored, who has access, etc.
- If keep paper copies of credit card data, only liable for that – must keep locked up and have procedures in places for storage and destruction
- If using 3rd party online service, compliance is on them
- In PA, if a single record in the database is compromised, the organization is liable for $60-70 fine per person for a mandatory three years of a monitoring service
- Idea: take risk analysis to executive director for org (to prove need to take action and/or make case for changes)
- Many nonprofits are already in a crisis state and don’t need additional problems added to that
- PNC Bank does not do merchant services – they resell for First Data
- In terms of credit card processing, there are really only three processors, with everyone else being resellers: First Data, World Link and ______ (group couldn’t think of third company)
Phone systems, vendors, best practices for implementations
- If don’t want cloud-based system, what are options? (Want phones that work when Internet goes down)
- Also want to depreciate as capital expenditure
- Avaya vendor – Advent Communications (pricey for support, but don’t have to call often – very stable)
- Can use a broker to do your telecom research and pricing negotiation for you – Connectel, Opticom Consulting
- Full Service Network – phone vendor, cloud-based retailer – not good for Internet service, only phones
- Computer Reach – has put in phones, vendor in California
- Internet configuration – suggest Internet router separate from phones so heavy network traffic doesn’t knock out phone system
- Prime Communications – sell MyTel system
- Guardian – owned by Armstrong Cable
OneDrive for Business if no Office 365 or Sharepoint
- OneDrive is integrated with Windows 10
- Hotmail is also integrated into OneDrive now
- Can now simultaneous work in docs on OneDrive
- TechSoup has Office 365 for $0, but need to purchase other things for it to be fully functional
- Tech Impact provides migration services for eligible organizations via TechSoup (it’s a partnership – there’s a $10 fee for an assessment first)
If leaving your tech job, what should you document and share with the incoming person?
- Keep a list of your daily activities for one month
- Make other lists for weekly/monthly tasks
- Propose that your org hires you as an independent consultant for a month or two
- Refer to job description, then list all possible jobs the person might need to do under each heading
- Get the info out of your head and onto paper
- Think about the spinning plates act on the Ed Sullivan show – china plates spin most easily but are hard to replace, so are more important (critical tasks). Paper plates are harder to spin but easy to replace, so are less important (busy work).
- Verbal only – give them the political read on people and relationships – but watch what you say because it’s a small nonprofit world in this geographical area