Alzheimer’s adopt proactive approach to Policy Management and Data Protection.
Like most companies that deal with financial data belonging to the general public, Charities run significant risk of reputational damage in the event of a compliance failure. Charities are also increasingly coming under pressure from regulators such as the ICO to demonstrate how they have taken a proactive approach to tackling their data protection responsibilities.
Alzheimer's Society is a membership organisation, which works to improve the quality of life of people affected by dementia in England, Wales and Northern Ireland. In order to mitigate the risk of a data protection incident, Alzheimer’s Society decided to invest in the MetaCompliance Policy Management Software, solution as the method of introducing information assurance best practice and to increase user awareness of data protection.
Speaking about their decision to purchase Metacompliance's Policy Management Software, Information Security Manager Rowenna Fielding explained:
"At Alzheimer's Society, we take our compliance requirements very seriously as this is a key aspect of our mission to support people affected by dementia. We were looking for a way to engage with our staff and volunteers in a way that allowed effective communication of their compliance responsibilities.
In such a geographically diverse organisation where there are many different roles being performed, we needed a way of efficiently developing and communicating policies at all levels of the organisation and being sure that the information has reached the people who need it."
Rowenna continued to outline the reasons why Alzheimer's Society chose MetaCompliance over other automation software solutions on the market:
Engagement with employees and volunteers is very important to us as we value our workforce highly. The ability to easily obtain feedback using the survey and reporting facility will enable us to monitor whether our policies are being effectively communicated, highlight where revision or clarifications may be required and inform people of new versions that need to be brought to their attention.
One particular aspect of MetaCompliance that attracted our attention was the capability to detect and react to particular events. For example, our policy prohibits the use of unencrypted USB flash drives and one proposed use of MetaCompliance is to detect when an unencrypted USB flash drive is attached to a computer and display a message reminding the user that this is not allowed, with a link to the policy document.
Another aspect of MetaCompliance which we felt would be useful was the collaborative approach to policy development that it allows. Many of our policies require input from experts in fields such as data protection, safeguarding, legal considerations or social care and it can be difficult to co-ordinate the development process when these people are not all based in the same office or working the same hours. MetaCompliance will allow us to formalise and automate our policy development procedures.
Looking to the future and tangible benefits the organisation were hoping to achieve from implementing Metacompliance, Rowenna forecasted:
"With the implementation of MetaCompliance, Alzheimer's Society expects to reduce the amount of time it takes from drafting a policy to publishing the final version, which will make us more efficient. Allowing collaboration to be done online rather than requiring meetings will reduce our time and travel costs for policy development.
As lack of awareness can often be at the root of data protection breaches, our focal use of MetaCompliance will initially be on ensuring that IT security and data protection policies are communicated to all corners of the organisation. Once we have developed internal procedures for our utilisation of MetaCompliance, we intend to monitor policy compliance on an ongoing basis with the ultimate goal of reducing our organisational risks and preventing breaches which arise from a lack of awareness."
Speaking on behalf of Metacompliance, Managing Director Robert O'Brien applauded Alzheimer's Society's proactive approach to data protection and policy compliance:
"Charities are becoming increasingly aware of the huge responsibility which comes with holding sensitive customer information. This is a sector which relies heavily on the good will and trust of its donors and a data breach can have disastrous consequences for a charity's reputation. User awareness is at the core of all information security strategies and Alzheimer's should be congratulated for adopting a best practice approach to policy compliance and user awareness."