The ACNC has provided guidance that defines cyber security, which outlines your charity's legal obligations, and explains how to manage the risks of cyber attacks.
Creating an information asset register can help your charity identify the information assets it has, and assess its importance to your charity’s operation.
Identify
An information asset register can help you identify:
· the types of information assets your charity has
· valuable information assets that need to be prioritised
· where the information assets are stored or held
· assets that pose significant risk
· who has access to assets, and which people and positions are responsible for particular information assets.
Assess
An information asset register can also focus your charity’s attention on:
· the relative value or importance of each of the assets to your charity’s operation
· the impact of a cyber incident on the assets, and business continuity.
You can use the information asset register to focus your charity’s attention and resources on protecting its information assets.
A register can help clarify how your charity protects assets, as well as help you conduct a risk assessment for your charity that:
· identifies risks
· considers potential incidents
· analyses the likelihood and effect of an incident
· explores ways to manage risks or respond to incidents.
Prevent
There are many practical things your charity can do to mitigate risks and prevent incidents.
Engage
It is a good idea for your charity’s staff and volunteers to have at least basic training in cyber security and data privacy.
The training, at a minimum, should cover common cyber security risks and their mitigations, and outline the ways to collect and handle personal information securely.
Take Action
Your charity should have a plan for responding to cyber security issues and data breaches.
For more information refer: https://www.acnc.gov.au/for-charities/manage-your-charity/governance-hub/governance-toolkit/governance-toolkit-cyber-security
All Rights Reserved | JG Audit & Assurance
Liability limited by a scheme approved under Professional Standards Legislation.
Designed by Round Square Marketing