Fellowship Admin

 

Fellowship Data Security Architecture

 

Six Levels of Information
Classification and Access Control

Passed by the Excutive Committee January 2009

 

Level 1. Public

 

            Newsletters, general mailings from the Fellowship to entire mailing list, public access website content.

 

            Provide new address or contact information -- anyone can go to the website and enter address change information or new contact information at http://urantiabook.org/addresschange.html -- This information is placed in a temporary table which is checked by the database administrator or the office administrator prior to allowing it to be integrated with the primary database.  Existing information is not displayed in this context. 

 

            Access to study group information.

 

Level 2. Councilors + Society Officers (current subscribers to SocAdmin list)

 

            Access to domestic USA reader records and contact information --  Address and contact information will be provided to Society officers upon request in the form of a compiled Excel spreadsheet.  The compilation process encapsulates the address information in a format that requires the user to agree to abide by Fellowship privacy policies in the use of the information.

 

Persons with Level 2 access may request contact information for individuals living within a specified distance from a central zip code.  This list will be generated by the database administrator or the office administrator and sent to the requesting individual.  This information will be encapsulated in a format which requires the user to agree to abide by Fellowship privacy policies in the use of the information.

 

            Access to the minutes of the General Council.

            Access to rosters of current Councilors, EC members, Fellowship officers, and Society officers.

 

            Access to zip code proximity processing; this allows the entry of a zip code, the entry of a distance from the entered zip code, and returns contact information for every entry in the readership database within the specified distance.

 

Level 3. Councilors

 

            Access to reader organizational participation records.  Level 3 security protects  records detailing organizational involvement of readers.  This portion of the database provides a detailed history of each reader's organizational participation on both Society, Council, and EC levels.  Security for this information can be reduced to Level 2 if deemed appropriate.  The Executive Committee needs to assign responsibility and codify procedures for keeping this archive current.

 

            Access to archive of General Council email correspondence.

 

Level 4. Executive Committee

 

            Access to contracts, employment agreements, any legally significant document specifying organizational commitments, legal responsibilities, investment-related obligations, or other binding agreements  -- Level 4 security.   EC needs to assign responsibility and codify procedures for keeping this archive current. 

 

            Access to minutes of Executive Committee meetings.

            Access to minutes of Officer's meetings.

            Access to corporation minutes.

            Access to archive of Executive Committee correspondence.

            Access to any information in the readership database.

 

            Special for International Fellowship Committee:  All transactions involving information about international readership records should be at the discretion of the Chair of the International Fellowship Committee.  All international readership information should be accessible and under the management of the International Fellowship Committee, including the maintenance of international mailing address records.

 

Level 5. Fellowship Officers and contract support staff

 

            Contribution/donation records, all information in readership database; Access to these records, at officer discretion, may include outside contract service personnel, such as accountants or auditors. When not provided as part of a service agreement contract, such outside personnel should be required to sign non-disclosure and/or privacy agreements, such non-disclosure or privacy agreements still in need of creation by the EC.

 

Level 6. Technical support staff, designated admin staff, and supervised volunteers

 

Conference participation records; the database tracks conference participation of all readers.  All transactions and historical records related to this conference participation should be available to the Chair of the Education Committee (relevant to the planning and development of summer study sessions), as well as the chair of any conference planning committee such as an IC planning chair. 

 

Level 6 security, rather than being a group security level, is provided on a one-at-a-time basis.  That is, when someone is assigned a task that requires access to specific information in the organizational database, that person will be assigned a username/password combination that is keyed for the specified task in terms of specific information, read only or limited write capability.

 

Examples of Level 6 security include that which is provided to Bobbie Dreier so that she can maintain the study group data, or that which is provided to Michael Challis so that he can maintain organizational email lists.