For charities and not-for-profits, compliance and security are critical. Not only do you need to adhere to strict data protection and GDPR regulations, but in many cases charities hold special category data. It’s important that the solutions that you choose, along with the suppliers that you work with, have the necessary accreditations to avoid data breaches that can cause serious reputational damage.
By selecting the Microsoft technology stack for your digital transformation program, you will benefit from Microsoft’s significant investment in their data security controls for Dynamics solutions and Azure cloud hosting. The Microsoft Azure platform is also compliant with PCI DSS, providing the biggest PCI coverage in the industry, ensuring our customers can have complete confidence and assurance that they are protected against payment fraud. Within the TES solution, the Braintree payment platform has been integrated and is fully PCI compliant.
Inherent respect for privacy
GDPR and privacy management go hand in hand together. Privacy is not something that is added to an existing application, but is within the ‘fabric’ of the core architecture and functionality.
For Microsoft, Privacy by Design means an inherent respect for privacy, backed by mature and comprehensive privacy policies and protections. It means Microsoft builds products and operates their services with privacy in mind, running their business as an accountable technology leader.
Building on the core technology, TES is committed to replicating GDPR compliance controls across its own capability, such as building in privacy at the initial design stages and throughout the complete development process of any new products, processes or services that involve processing personal data.
Working in line with GDPR
GDPR comprises of eight basic rights. These rights are given to individuals to protect their private lives and control the digital footprints they leave behind when using internet-based applications and services. These rights are meant to create openness, control, and trust between the parties. The GDPR functionality in the TES solution supports the fulfilment of each of the eight rights.
Customer data, which goes into a CRM, is by default, also personal data. Different types of data have different rules for how it should be processed. For example, basic data such as names, addresses, phone numbers are more general data and can be open to all employees within your charity or not-for-profit. On the other hand, highly sensitive data could require more security and relevant user access.
Trust in our accreditations
In addition to the solution that you are choosing, it’s important for you to be confident that your data will be safe with your chosen supplier. TES achieved Cyber Essentials (CE) accreditation in 2018, and in February 2022 achieved accreditation to Cyber Essentials Plus (CE+).
CE+ demonstrates that TES is taking preventative action to reduce the threat of cyber-attacks, ensuring the company’s firewalls, secure configuration, control user access, anti-malware, and phishing prevention have been implemented correctly. CE+ strengthens already robust security measures built over many years, with a licensed auditor confirming that all the controls TES had declared in its CE+ self-assessment certification, are in place and are sufficient in protecting cyber threats to TES and our customers.
Robust cyber security requires an ISMS (Information Security Management System) built on three pillars: people, processes and technology. TES successfully achieved ISO 27001 compliance in 2017. The ISMS ensures that at TES, we will keep our customer’s information secure and have increased resilience from cyber-attacks, reducing the potential for loss of service or data.
Whether you’d like to arrange an informal chat, a free demo or discuss a potential project, our team of charity and not-for-profit digital transformation experts are always on hand. Call us on 0345 257 1173, email enquiries@totalenterprisesolutions.co.uk, or fill in our form to get in touch.
