It’s 4:45 p.m. Intake is backed up. A partner asks for a file “right now.” Finance needs numbers for a funder update. Then someone forwards a strange email that looks like it came from a court address, underscoring the operational security challenges nonprofit organizations face every day. This is the real context for a cybersecurity […]
The intake queue is climbing, a filing deadline is hours away, and the tool you depend on won’t load. In legal aid and justice-support work, Software as a Service (SaaS) failures happen. The bigger risk is what comes next: silence, mixed messages, and workarounds that scatter client data. A SaaS outage communication plan for nonprofits
Your intake queue is growing, staff are tired, and a funder wants a clean answer: “How are you using AI, and how do you keep it safe?” Meanwhile, a well-meaning team member has already turned on an AI feature in a tool that touches client data. That’s where ISO/IEC 42001 helps. Published in December 2023,
ISO 42001 Checklist for Nonprofits (Starter Governance and Oversight) Read More »
The intake queue is climbing. A funder report is due. A vendor is pushing a “must-sign-this-week” renewal. Someone asks about AI tools. Another person asks, quietly, “Are we safe if there’s a data breach involving client personal information?” In moments like that, leaders don’t need more opinions. They need a decision they can explain, defend,
The intake queue is growing. A partner sends a file the wrong way. A funder asks for numbers by Friday, and nobody trusts the spreadsheet. Meanwhile, everyone knows a security incident would land harder here than in most workplaces, because you hold sensitive client data tied to safety, immigration status, housing, family stability, and legal
Your intake queue is exploding, a partner asks if you were breached, and someone on staff can’t access the case system. In that moment, the biggest risk usually isn’t “hackers.” It’s confusion: unclear roles, slow decisions, and nobody sure what to say to clients, courts, or funders. A quarterly readiness exercise plan is a simple,
Quarterly Readiness Exercise Plan (12-Month Simulation Calendar + Topic Picker) Read More »
Your team carries stories, full of sensitive data, that can’t safely “leak.” Names. Addresses. Court filings. Immigration status. Shelter locations. Notes from an intake call that someone trusted you with, once, at their worst moment. A cyber incident in a justice nonprofit isn’t just an IT problem. It can create real-world harm, put staff at
For nonprofits dedicated to justice, a Privacy Impact Assessment (PIA) isn't just another compliance task. It's a formal process for spotting and reducing privacy risks whenever you launch a new project or adopt a new system that handles personal data. More importantly, it's a vital tool for leadership to manage risk and protect the vulnerable
A Practical Guide to Privacy Impact Assessments for Legal Nonprofits Read More »
An audit email comes in while your intake queue is already loud. A funder wants backup for payroll, a procurement note, and the “final” program report version. Someone says, “I think it’s in my email.” Someone else says, “We renamed that folder last year.” This is the part no one budgets time for, the invisible
Nonprofit Grant Audit Readiness Cut Grant Audit Failures Read More »
A vendor risk management assessment is the process of identifying, evaluating, and reducing the risks your third-party suppliers and partners introduce. For any organization, this is a critical discipline. But for justice-focused organizations serving vulnerable communities, it's a non-negotiable responsibility. You must ensure a vendor's security, operational, and compliance practices don't create vulnerabilities for your
A Practical Vendor Risk Management Assessment Framework for Justice Organizations Read More »
