Governance for Non-Techies
The word "Policy" makes most people yawn. But a policy is just a shared agreement on how we behave. It clarifies expectations so that when mistakes happen, we know how to fix them.
You Don’t Need 40 Pages
A good policy for a small charity fits on one or two pages. It should answer:
Access: Who gets a login?
Usage: Can I let my teenager use the church laptop for homework? (Answer: No).
Data: How long do we keep donor forms?
The “Offboarding” Checklist
The biggest risk in many organisations is the "Ghost User." This is the account of a volunteer who left two years ago but still has access to the database. Create a simple checklist for when someone leaves:
Disable email account.
Change shared passwords they knew.
Collect any physical keys or devices.
Remove them from WhatsApp groups.
Your “Easy Win” for Today
Download a free "Acceptable Use Policy" template (plenty are available from sites like SANS or NCSC). Read it, adapt it (delete the complex legal jargon), and sign it yourself. Then ask your team to sign it.
