Your intake queue is growing, staff are tired, and a funder wants a clean answer: “How are you using AI, and how do you keep it safe?” Meanwhile, a well-meaning team member has already turned on an AI feature in a tool that touches client data. That’s where ISO/IEC 42001 helps. Published in December 2023, […]
ISO 42001 Checklist for Nonprofits (Starter Governance and Oversight) Read More »
The intake queue is climbing. A funder report is due. A vendor is pushing a “must-sign-this-week” renewal. Someone asks about AI tools. Another person asks, quietly, “Are we safe if there’s a data breach involving client personal information?” In moments like that, leaders don’t need more opinions. They need a decision they can explain, defend,
The intake queue is growing. A partner sends a file the wrong way. A funder asks for numbers by Friday, and nobody trusts the spreadsheet. Meanwhile, everyone knows a security incident would land harder here than in most workplaces, because you hold sensitive client data tied to safety, immigration status, housing, family stability, and legal
Your intake queue is exploding, a partner asks if you were breached, and someone on staff can’t access the case system. In that moment, the biggest risk usually isn’t “hackers.” It’s confusion: unclear roles, slow decisions, and nobody sure what to say to clients, courts, or funders. A quarterly readiness exercise plan is a simple,
Quarterly Readiness Exercise Plan (12-Month Simulation Calendar + Topic Picker) Read More »
Your team carries stories, full of sensitive data, that can’t safely “leak.” Names. Addresses. Court filings. Immigration status. Shelter locations. Notes from an intake call that someone trusted you with, once, at their worst moment. A cyber incident in a justice nonprofit isn’t just an IT problem. It can create real-world harm, put staff at
For nonprofits dedicated to justice, a Privacy Impact Assessment (PIA) isn't just another compliance task. It's a formal process for spotting and reducing privacy risks whenever you launch a new project or adopt a new system that handles personal data. More importantly, it's a vital tool for leadership to manage risk and protect the vulnerable
A Practical Guide to Privacy Impact Assessments for Legal Nonprofits Read More »
An audit email comes in while your intake queue is already loud. A funder wants backup for payroll, a procurement note, and the “final” program report version. Someone says, “I think it’s in my email.” Someone else says, “We renamed that folder last year.” This is the part no one budgets time for, the invisible
Nonprofit Grant Audit Readiness Cut Grant Audit Failures Read More »
A vendor risk management assessment is the process of identifying, evaluating, and reducing the risks your third-party suppliers and partners introduce. For any organization, this is a critical discipline. But for justice-focused organizations serving vulnerable communities, it's a non-negotiable responsibility. You must ensure a vendor's security, operational, and compliance practices don't create vulnerabilities for your
A Practical Vendor Risk Management Assessment Framework for Justice Organizations Read More »
The intake queue is already too long. A clinic is tomorrow. A funder report is due Friday. Then someone leaves, planned or not, and your team realizes the quiet risk: they still have access to client files, shared inboxes, and partner portals. Offboarding isn’t an HR formality. In legal aid, court support, and justice-serving nonprofits,
justice nonprofit offboarding checklist: Offboarding that actually protects clients Read More »
A vendor emails: “We’re investigating a possible cybersecurity incident, potentially a supply chain attack.” It’s 4:47 pm. Your intake queue is full, a filing deadline is tomorrow, and staff are already forwarding screenshots to each other. Someone asks, “Who’s supposed to call the vendor?” Another asks, “Do we have to tell funders?” Nobody’s being careless,
How to Build a Vendor Incident Response Plan (That Works Under Pressure) Read More »
