Annual security audit checklist/Proposed revisions June 2014
Jump to navigation
Jump to search
|
This page is still a draft and is not finalised. Feel free to edit it. |
| Task Name | Description | Due | Responsible | Date completed |
|---|---|---|---|---|
| Annual staff update | Provide update briefing to members of staff on changes to the law and implications and seek feedback on current practice | May | Fundraising Manager | |
| Review Access control document | Check up to date reflecting all users and services | May | Office and Development Manager | |
| Update risk register | Review known and planned practice and update Risk register | May | Fundraising Manager | |
| IT Security policies | Review charity policies and seek to agree amendments to reflect current circumstances | June | Fundraising Manager | |
| Annual Trustee update | Provide updated briefing to Trustees on changes to the law and implications and seek feedback on current governance procedures | June | Fundraising Manager | |
| Payment Providers PCI Compliance | Upload most recent certifications of providers to relevant page on UK Wiki | August | Fundraising Manager | |
| Security Audit | Conduct a security audit - check staff, Trustees and volunteers complying with procedures | August | CEO/Fundraising Manager | |
| Audit implementation | Identify remedial actions following audit and put in place for completion within one month | August | Fundraising Manager/Office Manager | |
| Report Audit implementation | Updated briefing to all staff and trustees of any changes made and additional policy amendments not identified in annual review | September | Fundraising Manager | |
| Data retention review and archive deletion | Review ares of data storage and processing and archive and delete in line with agreed policy | September | CEO/All staff | |
| Volunteer reminder for data deletion | Remind current and former Trustees and Volunteers about data retention policy and deletion | September | Fundraising Manager/Volunteer Support Organiser/All volunteers | |
| Review Access control document | Check up to date reflecting all users and services | November | Office and Development Manager | |
| Review processes on Data Governance | Recommend amended policy and process wording to the Board as required | November | GovComm/Fundraising Manager | |
| Update risk register | Review known and planned practice and update Risk register | November | Fundraising Manager |