Blog > CSR

5 Data security questions to ask before buying a grants management system

If you think you are safe from malicious activities because grant-making is based on altruism, well, think again. At the end of the day, for some people, grants management system and the sensitive data associated with it is just an opportunity to steal money, unconcerned by the (good) cause it originally intends. And malicious files can be just the perfect way to do that.

As with any virus, it will catch you regardless of whether you are charitable or not. And just like wearing masks, there are some precautions you can take to keep your grant management system virus free. Here are five data security questions to ask before choosing a grants management system.

1# How sensitive is the data in your grants management system, and how is it being secured?

As mentioned above, managing grants is all about managing money and sensitive information. Whether it is the private data of grantors, grantees, or data about your operations, you would not want any undesired person to have access to the data of your grants management system. This is why you need to be aware of how your data is being secured.

At Optimy, we make this matter our priority. All data transferred, whether on the public interface or the administration interface, is encrypted using HTTPS. To ascertain that non-secured channels cannot be used in transporting your data, a Strict Transport Security (HSTS) policy has also been implemented. While it is critical to have your data secured through those systems, one must know that the weakest links are most often the end-users of your grants management system. This leads us to the next question you should ask.

2# Does the grants management system train your team about cyber fraud?

While cloud platforms are getting ever more secure, the main risk most often lies within human error. Unfortunately, many statistics show that employees are the origin of security breaches. Thus, they must understand signs of cyber fraud and learn about the fallout of a security breach. Companies generally skip training for budgetary reasons, which can seem fine with a short-term vision but can be dramatic if you suffer the ramification of such fraud.

Fortunately, during Optimy’s onboarding, clients are trained to address such issues. We train back-end-users to define the period of time to store sensitive data and set it up in the tool, among other details. Having your employees trained to detect suspicious activities is a great asset to avoid having your foundation’s sensitive data “out in the wild.”

3# What data security regulations does your grants management system comply with?

Different countries have different data privacy laws. Europe has been a pioneer in putting in place data-safety rules with the General Data Protection Regulation. It is safe to say that those companies compliant with GDPR are most likely also compliant with other local legislation.  

With the GDPR, individuals own their data, not the companies that process it. Data privacy is a right for all EU citizens. In a nutshell, this means that personal data must be protected; citizens should be able to access their data and modify or erase it. European citizens can also withdraw their consent at any time if they wish to do so.

Data privacy and security are core priorities at Optimy. If you are operating in the EU, you can rest assured knowing that with Optimy, your organization will be GDPR compliant at any time, in a matter of clicks.

4# What cloud services does your grants management system use?

Being aware of which cloud applications your grants management system operates with or the type of data managed by them is fundamental.

Optimy continuously deploys great efforts to meet the highest standards to assure the safety of our services. Our cloud is provided by Amazon AWS, which, among others, meets the certifications ISO 27001, PCI DSS Level1, and SSAE 16. Additionally, all data is stored in Europe, with servers located in Germany and Switzerland. We also have a backup plan in Dublin.

5# What did the grants management system provider put in place to avoid data-breach?

Data-breach is the last thing you want to happen – ever. Companies using grants management systems should invest in penetration testing to assert potential vulnerabilities to ensure a data-breach never happens.

Among our clients using our grants management systems, which are operating in vastly different sectors, such as in the military, retail, banking, utility, etc., many undertake yearly full penetration testing (automatic and human) on our infrastructure. All of the tests have resulted in no security threat being detected.

Conclusion:

While there are no vaccines for data security breaches, treatments can be undertaken to prepare grants management systems users for potential hacking attempts. At Optimy, whether it is the encryption of your data, your grantees’ privacy, certified cloud platforms, or the training of grants managers, our team of experts deploys great efforts to ascertain the full security of your grants management platform.

“My experience has been very positive and filled with great customer service and support at every stage.” Chelsey W., Marketing & Events Manager in the Banking Industry.

If you are curious about other actions Optimy undertake and would like to know more about what we do to make your data safe, you can get in touch with our friendly sales team, and we’ll start exploring how we can help your corporation.