15 Donor Data Security and Privacy Questions
- Do your service providers have valid PCI DSS and PA-DSS certificates that are required today to process credit card transactions through payment applications?
- Do all of your third-party suppliers and vendors that handle credit card transactions for you have valid PCI DSS or PA-DSS certificates?
- How do you protect your donor's confidential data in your organization?
- Are your organization's databases that store, transmit or process cardholder data encrypted to PCI DSS standards?
- Who in your organization has access to sensitive donor information and cardholder data?
- Is all cardholder data locked up, or is it left out so that unauthorized staff has access?
- Do all people handling cardholder data have criminal and credit checks done as part of your hiring practices?
- Is cardholder data processed, stored or transmitted on or between computers in your office or from call-center staff without proper encryption?
- If cardholder data is stored, does it need to be?
- How is cardholder data handled when collected by phone or in the field?
- In times of disaster-relief campaigns, how is cardholder data transported between offices or collection offices?
- How long do you store cardholder data?
- Are your website and other applications coded to the security standards of the Open Web Application Security Project?
- Do you have written security policies outlining procedures and processes?
- Do you provide security education for all staff and volunteers?
« Previous 1 2 3 All
- Companies:
- Association of Fundraising Professionals
Related Content
Comments
