NNIP Information Security Policy: Guidelines to Protect Sensitive Information

The National Neighborhood Indicators Partnership (NNIP) is coordinated by a small team at Urban in Washington, D.C. and governed by the NNIP Executive Committee, an elected board of six members from Partner organizations.

Urban and NNIP’s Executive Committee are dedicated to maintaining a strong peer-network as well as supporting NNIP Partner organizations fully by ensuring that they thrive in their local communities to carry out important work. Urban staff are frequently in communication with staff at NNIP Partner organizations through email exchanges, regular update calls, technical assistance efforts, and in-person meetings. These interactions include discussions about project work, as well as the health and functioning of the organization. In most cases, information shared with an Urban staff member is documented in notes and available to other members of the Urban-NNIP team for purposes of managing the network. On rare occasions, Urban-NNIP leadership will also share select sensitive information about Partners with Executive Committee members when deemed essential by NNIP leadership for developing policies and network planning. Urban staff also may share sensitive information about network spending and fundraising strategy with the Executive Committee.

Sensitive information related to the NNIP network and NNIP Partner organizations, includes but is not limited to:

• ·         Sources and levels of funding
• ·         Financial status of the organization or network
• ·         Management and staff of the organization
• ·         Recruiting and hiring
• ·         Organizational strategic plans
• ·         Potential new sources of work or funding

Benefits and Risks

Access to this information can improve the quality of the technical assistance provided to Partner organizations by Urban and the Executive Committee, suggest needs for written guidance or meeting sessions on specific topics, and reveal opportunities for collaboration across the network. Urban shares information about network strategy with the Executive Committee to solicit their advice and inform the direction of the network.

Improper disclosure of sensitive information could lead to reputational damage and reductions in competitiveness for projects or funding.

Procedures

Urban-NNIP staff and Executive Committee members will make all efforts to ensure any sensitive information is protected and kept in confidence. They will accomplish this by:

• Reviewing this policy.
• Signing a pledge of confidentiality that will be returned to and maintained by the Director of NNIP.
• Only discussing or sharing sensitive information about Partner organizations within the Urban-NNIP team or the Executive Committee, unless given explicit permission to share with others, including other Urban staff not involved with NNIP.
• Following NNIP’s document storage procedures:
  • Documents shared with Urban or notes taken during Partner updates or meetings will be stored in a folder as part of Urban’s Box.com account, a cloud-based content platform. The folder is password protected and access is restricted to Urban-NNIP staff. Executive Committee members are only given access to documents on a need-to-know basis.
  • Content stored on Box are stored on enterprise-grade servers that undergo regular audits and are monitored 24/7. Files are encrypted at rest using 256-bit AES encryption, and in-transit using RC4-128 encryption. Additional details are available upon request.
• Alerting affected Partner organization(s) and the Director of NNIP immediately in the event of a data breach or unauthorized release of sensitive information.