Cybersecurity for Not-for-profits (NFPs)

Building a secure and resilient Australia

At PwC, we are committed to using our community of solvers to make a positive impact to challenges facing Australia today.

Our Cybersecurity & Privacy team work alongside Infoxchange and their Digital Transformation Hub to build skills, resources and knowledge across the NFP sector to enable organisations to manage information security and cyber risks.

There are a number of resources below to assist you on your digital and cybersecurity journey.

Download our AI Policy & Watch our Webinar

Download our AI Policy Guidelines for Not-For-Profits (NFPs)

Explore these AI policy guidelines for insights on responsibly integrating AI into your organisation's operations.

Navigating AI implementation can be challenging for many not-for-profits, who often face resource constraints. Our team has developed an invaluable resource to assist in crafting effective AI policies and processes for your organisation. It offers guidance on:

Understanding AI capabilities and limitations

Ensuring data privacy and security

Addressing ethical considerations and potential biases

Reviewing and validating AI outputs

Establishing clear policies and procedures for AI use

Promoting transparency and accountability in AI operations

When you're ready to start developing your organisation's AI policy, watch our Webinar and download the AI Policy Template.

Webinar: Cybersecurity Risks and Incident Response

A recording of this webinar delivered by our Cybersecurity & Privacy team can be accessed via this link.

Understanding Cybersecurity Risks

Conducting Risk Assessment and Management

Developing an Incident Response Plan

Implementing Best Practices and Tools

Download our Privacy Guidelines for Not-For-Profits (NFPs)

Download these privacy guidelines for detailed advice on how to protect your organisation's data.

Compliance with privacy legislation can be complex for many Not-for-profits who are often time poor. Our Cyber team developed an excellent resource to guide the development of policies and processes for your organisation. It provides detailed guidance about:

What is personal information?
Your organisation's legal obligations
An overview of Australian Privacy Principles (APPs)
The Notifiable Data Breaches Scheme
Examples of breaches of Australian not-for-profit organisations
Best practices to manage privacy
Having a data breach response plan.

When you're ready to commence formulating your organisation's privacy policy, download the Privacy Policy Template.

Download our end-user Security Policy Template

We recommend every Not-for-profit develop an end user security policy so staff understand their responsibilities and how to keep information safe. You can simply download the template here and adapt for your organisation.

The main benefits to having this policy are:

It ensures all end users are aware of obligations in relation to selection, use and safety when utilising information technology within the business
It is a proven way to help your managers and supervisors make consistent and reliable decisions
It helps give each end user a clear understanding as to what you expect and allow.

It takes a little effort to complete, but brings definite long-term benefits, reduces disputes, and adds to the professionalism of your business.

Download our Privacy Policy Template

When you're ready to commence formulating your organisation's privacy policy, download this Privacy Policy Template which you can then customise to meet your needs.

Download our Information Security Policy Template

We highly recommend that every Not-for-profit develop an Information Security Policy. This important document will outline what the organisation must have in place to protect its information from cyber security-related threats.

The Information Security Policy template is a great resource tailored for Not-for-profits of different sizes and risk profiles. To define and formally document your cyber security practices and processes, you can download and customise this template for your organisation.

An accompanying IT security register template is also available for download – this register will assist your organisation in the implementation of some of the security measures outlined in the policy.