INFORMATION MANAGEMENT POLICY

Royal Canadian Legion

Branch 295 Chilliwack-Vedder

December 22nd, 2022

INFORMATION MANAGEMENT POLICY

Policy Statement. Branch 295 is committed to the safe handling of branch and personal information, and for ensuring that our public-facing media and communications tools conform with best practices and branch policies.

INTRODUCTION

1.     This policy provides guidance for the safe handling of branch and personal information processed and stored on branch computers. Information in other forms, such as paper files are beyond the scope of this document.

LEGION AND BRANCH BUSINESS DOCUMENTS

1.     Access control to these documents is determined by the document originator or the person who collects and stores information from other sources on a branch computer.

• Branch documents are created by staff and several members of the executive. The most critical documents are related to legion and government regulatory matters.
  
  

• Files including, but not limited to, text documents, spreadsheets, presentations, and PDF files are to be stored in a documents folder either in each user account's file structure or in a Public Folder identified by Branch Technical Services.

• Desktops are system folders designed for convenient shortcuts to files and online links. IT Services does not support document storage in Desktop folders.

• IT services supports a "common desktop" that displays shortcuts to several public folders for all user desktops. Individual users are responsible for creating desktop shortcuts to their main document folders and online sites.

• IT Services is available to assist in ensuring that only those with a need to know the information have access to it through the branch computers.

PERSONAL INFORMATION PROTECTON

1.     Federal and provincial legislation obligates all organizations to protect personal information from disclosure to anyone with no need to know. The British Columbia Personal Information Protection Act and the Canada Personal Information Protection and Electronic Documents Act refer. Article 110 of the General By-Laws states “The use of a member’s private contact information is restricted to conducting the administrative affairs of the branch or command.”

2.     Information from membership lists used as contact lists, door control, voting lists, or other purposes are not to be disclosed to outside organizations or individuals unless required for branch business purposes.

ACCESS TO LEGION BUSINESS COMPUTERS

1. Access to branch computers is controlled by the appointed Technical Services volunteers in accordance with direction from the Branch President. It should be noted that the appointed volunteers have complete access to everything on all branch computers and many online services.

2. IT services, Technical Services, and Information Management will use the built in ADMINISTRATOR account for all work on all computers.

3.. The senior member of staff (e.g. Office Supervisor) and the Branch President may be given an account with Administrator privileges to permit the installation of necessary updates and programs and access to other users files.

4. All other users will be normally be given USER accounts that do not allow the installation of programs or access to other users’ files.

5.  User account sign ins are a unique identifier enabling a user to sign in and access their own accounts and files.  User account sign in names are no indication of the position held by anyone with access to the account(s). User account names cannot be changed without introducing technical issues that we are not resourced to manage. Users are not encouraged to share their passwords; Technical Services will create unique accounts for all authorized members.

ONLINE ACCOUNT MANAGEMENT

Online accounts essential to business operations are critical branch resources. Examples include, but are not limited to, Federal and Provincial taxation, cemetery, and other essential business and financial management accounts. Sign in credentials (e.g. up-to-date site URL, user ID's & passwords shall be reported to Technical Services who maintains a list and provides a printed copy for storage in the president's file cabinet.  

BRANCH ELECTRONIC MAIL

1. Our primary official business email address is rclbr295@shaw.ca normally accessed through Shaw Webmail.  Other addresses may be used at the discretion of the president.  Access to the main branch electronic mail is restricted to a delegated member of staff, others authorized by the president, and Technical Services volunteers. Technical Services periodically backs up data from our main branch email account and periodically updates contact information for our members.  Recently we have begun using an offsite Microsoft 365 Outlook client to periodically backup our branch email account to a .PST file.

2. Electronic mail addresses shall all begin with "rclbr295" to reflect our corporate identity in all external communications.

3. All official branch email addresses shall be hosted on domains managed by Branch Technical Services. At present this is limited to the branch Shaw account, a Microsoft Outlook account as part of our Microsoft 365 subscription, and various gmail accounts used by Techncial Services for specific purposes.

4. Access to rclbr295@shaw.ca email is restricted to the office supervisor, branch president, Bookkeeper, IT and Technical Services support volunteers, and other authorized by the president.

SAGE 50 SIMPLY ACCOUNTING

1. Three separate Sage 50 company files (databases) are maintained. "Legion" is for general branch revenue and expenses; "Gaming" is for revenue and expenses related to our gaming licences; and "Poppy" is for revenue and expenses relating to the annual poppy campaign and disbursement of poppy funds.

2. Access control requirements are approved by the president. At present, the Branch bookkeeper has full access to all databases; the Finance Officer has read and report access to all three databases; and IT Services has database administrator access to all three databases.  The password to the "sysadmin" account used by IT Services to add, remove, or modify user privileges is shared with the bookkeeper out of necessity.

3.  All work performed by the bookkeeper is backed up at the end of the day and backup files automatically synced to Google account rclbr295sage@gmail.com for downloading to an offsite storage drive by IT Services.

4. IT Services provides limited support to Sage 50. Most issues other than maintaining user accounts are escalated to customer service.

POINT OF SALES SYSTEM

1. The IdealPOS (IPS) point of sales system has become an essential component of business operations. Product information is updated by the Office Administrator. The point of sales computer syncs sales data with the IPS Backoffice on the main office computer \\FINANCE.  IPS automatically backs up the database daily at 4:00 am for eventual offload to offsite storage.

USER FILE BACKUP MANAGEMENT

1. A user file backup strategy includes annual full-user document backups and daily incremental backups for periodic offload to offsite storage.

CONCLUSION

1. Branch IT Services is responsible for implementing processes and procedures that minimize damage by facilitating the recovery of essential services and data in the event of a disaster.

Branch IT Services 02 June 2024