Information and Technology (IT) Policy
This policy covers information held by First Parish and the technology systems by which we manage and use this information, including communication networks.
SENSITIVE PERSONAL INFORMATION is information that must be protected in certain ways. This includes personal financial information, including payroll and records of contributions, and other confidential information.
STAFF refers to people doing the work of First Parish either as employees or as volunteers.
The Senior Minister has authority regarding implementation of this policy, including authority to define procedures consistent with this policy.
Non-First-Parish Use of Computers
Persons associated with First Parish may use First Parish IT resources for activities related to First Parish. Persons associated with First Parish may further use First Parish IT resources for purposes not related to First Parish, provided that each user takes appropriate care to avoid circumstances that interfere with First Parish operations or conflict with First Parish policies or that damage First Parish in any way, including financial damage, damage to the First Parish reputation, or damage to information or IT resources. All users should respect the personal nature of this personal use to the extent that this does not interfere with First Parish operations.
First Parish makes no commitment regarding any information or software that is placed on First Parish IT resources for non-First Parish use, including confidentiality, control, back-up, protection, archiving, maintenance, or accessibility. Any information or software of personal use that, in the judgment of First Parish staff may interfere with any aspect of First Parish's operations, may be removed at their discretion.
Confidentiality of Information
First Parish's policy is to treat all sensitive personal information in an appropriately confidential fashion. Access to information should be limited to those staff who need access to the information to carry out operations of First Parish. All staff and members should also follow legal requirements for confidentiality of which they are aware.
Sensitive personal information should be collected and retained only when there is a valid church need for the information.
Archiving and Storage of Electronic Data
No information, e-mails, or other records are required, as a matter of policy, to be archived or backed up for any specific period of time.
Access to Information
First Parish's policy is to maintain appropriate security for access to electronic information and other records. Staff should ensure that access to electronic information is controlled either by appropriate physical and/or by electronic measures to provide an appropriate level of protection against improper or unauthorized access.
IT Administrative access (passwords, etc., for maintenance and support ) should be granted only to those staff who need access to support First Parish operations; administrative access should not be given across the board.
—Adopted by the Parish Committee June 14, 2010