Complying on the Cloud for Nonprofits
The cloud provides an easy, safe way to access and manage data without having to invest in expensive software and constant updates. Traditionally cloud computing has only been available for large organizations that are able to manage their own servers; it is also now more affordable for smaller nonprofit organizations. Accessing the cloud on a subscription basis at an affordable rate without having any surprise software or IT maintenance costs makes it easy to budget for as part of your administration costs. With the amount of people in nonprofit organizations working out in the field, cloud-based solutions for nonprofit accounting software can meet the increasing need for remote access to an organization’s data, especially in times of crisis.
Cloud Compliancy Laws in the US
In the US, nonprofit organizations need to ensure that they are complying with the Payment Card Industry Data Security Standard (PCI DSS) and the Sarbanes-Oxley (SOX) Act. These are the two main laws governing data storage and compliance.
Nonprofit organizations that accept any credit card donations they will have to comply with the PCI DSS. For compliance nonprofits will be required to fill out a questionnaire and be given an authorization to use compliant payment applications.
The Sarbanes-Oxley Act came into force in 2002. The Act put the onus on the organization to comply with data storage protection, even if there has been any misconduct as a result of a third-party cloud provider. The SOX also focuses on the corporate responsibility for financial reports. Nonprofit organizations will need to comply with the SSAE 16 auditing standards, ensure that the organization has internal controls and processes for the type of information it handles. Failure to comply could see a nonprofit organization come into disrepute.
In addition to these two laws nonprofit organizations must also comply with any US state legislation protecting Personally Identifiable Information such as Social Security Numbers that has been implemented.
Cloud Compliancy Laws in the EU
If your organization operates in the EU, or stores data on EU citizens it should ensure that the organization abides by the 1995 European Data Protective Directive (EDPD). The EDPD stipulates that the transfer to the personal data on any EU citizen outside the European Economic Area is prohibited, unless certain conditions are met. American companies that have signed the Safe Harbor Agreement are able to store and transfer data EU data.
It is important to ensure that any cloud service provider you use has adequate security measures in place. This is not just to comply with legislation, but also to ensure that any sensitive financial and donor data is safe.
When looking at cloud-based non-profit accounting solutions, it is important, therefore, to take various factors into consideration. The nonprofit organization must consider the geographical location of a cloud-provider as it will be subject to that country’s data protection and privacy laws. Many cloud-based solutions will seek to comply with the IOS 27000 family of standards which deal with best practice recommendations on information security matters. It covers issues such as privacy, confidentiality and technical security.
Ultimately, the best way to ensure your nonprofit organization complies with these regulations and standards is to look for a non-profit accounting software provider who already complies. It is vital that your cloud provider enables their customers to comply with various regulations regarding the storage and usage of data. Nonprofit organizations should look for SaaS software for nonprofit organizations that provides a secure, flexible cloud-based financial management system that complies with regulations for data storage on the cloud.
Kate Kennett writes about big data, SaaS/cloud solutions, and financial/business management software.