5 Key Software Compliance Questions to Strengthen Your Approach

Every organization, no matter your mission, function, or size, is subject to a variety of laws and standards intended to protect the individuals you engage with. Software compliance is critical guide to ensuring that you are following these laws and standards in a digitally driven world.

Of course, as you already know if you’re actively working to keep your organization compliant, this can be more complex than it sounds.

Legislation grows increasingly rigorous each year. You have a patchwork of national, state or provincial, and international standards to follow. Your stakeholders’ expectations around privacy, accessibility, and more are rapidly evolving.

Keeping up with and ensuring adherence to these standards is far from a small task. But there are big things at stake.

What’s at Stake? Trust, Money, Future

Compliance helps you protect “the big three:” trust, money, and your organizational future.   

• Money: Noncompliance can result in regulatory audits and fines, which cost you both time and money.  Understanding your regulatory landscape can also help ensure you’re making the most of revenue opportunities. For example, UK charities miss out on nearly £600 million in unclaimed Gift Aid every year.  
• Trust: Damaging publicity or negative stakeholder experiences that result from noncompliance can undermine relationships you’ve spent years building. Compliance will steadily build your reputation as a trustworthy organization.
• Future: You don’t need a blog post to tell you that lost trust and lost revenue both create big risks for your organization.

With such high stakes and near-constant evolution, decision makers need to be confident on compliance basics to ensure you’re asking the right questions of your vendors and counting on them to deliver the partnership that today’s complex compliance environment requires of you. In the end, asking the right questions with a firm understanding of the fundamentals will help guide your organization’s path forward, with you at the reigns.

Not sure how to have a conversation with your colleagues or vendors to assess how you’re doing on compliance? Here are 5 key questions to get you started.   

1. How does this software help protect our users from fraud?

Consumers globally are making more online payments than ever before. This opens great opportunities for social impact organizations to raise or grant more funds and advance their missions.

At the same time, the payments industry has seen a rise in online credit card fraud, which has led to multiple new requirements for validating online payments, such as Strong Customer Authentication, Mastercard recurring billing requirements, and California Assembly Bill 488. Fintech is a key area where continuous innovation and compliance must go hand in hand.

Any software you’re using to transact payments should be PCI-compliant and offer robust fraud management and prevention settings, such as 3DS and reCAPTCHA. Even better if it is integrated with your system of record to expand the benefit of these protections and make it easier to manage their sustainer giving over time.

2. How does this software help us stay in line with privacy regulations?

Privacy regulations have evolved rapidly in many geographies over the past several years. 

In the UK, many organizations are well-positioned on areas like data privacy, cybersecurity, and payments security, partly a result of stringent – arguably globally-leading – EU and UK laws. The US Federal Trade Commission has long recommended four Fair Information Practice Principles and US data privacy laws this year are, in many ways, catching up with the GDPR.

At their heart, these principles require organizations to:

• Be transparent about how you use and disclose data, what rights people have, and how to exercise them.
• Give individuals choices as to how they want or don’t want their data to be used.
• Allow individuals to have their data deleted or corrected.
• Be prepared to give individuals access to a copy of their data if they ask for it.
• Take reasonable and appropriate steps to secure personal data.

Of course, this is how any organization wants to treat its stakeholders – but these requirements are nearly impossible to manage at scale without software designed to support these needs. So, make sure you understand how your software is designed to help you meet these requirements. 

Your compliance with privacy laws brings with it a second benefit: you can position your constituent care as a differentiator. More structured consent and preference management data helps you engage your constituents in line with their own preferences. Good customer care strengthens your relationships, helping you to retain existing donors and advocates while attracting new ones.

Information you can gather from constituent interactions regarding their communication preferences is not just significant from a compliance perspective; it is also valuable for your front-line teams. For example, an advancement office which tracks that a given alum does not want to hear from their undergraduate faculty but is interested in university sport has valuable new fundraising insight.

Effective privacy management equips you with a powerful tool to gauge what messaging is most effective and what is failing to hit the mark, including identifying cross-fundraising and gift upgrade opportunities at scale.

3. How does this software help us comply with accessibility standards?

Accessibility compliance ensures that your organization is supporting the rights of people with disabilities to have full use of your content.  It’s another area where European organizations are the standard-bearers, following directives set forth in the European Accessibility Act of 2019. Broader global standards exist in the Web Content Accessibility Guidelines, covering websites, applications, and other digital content: Level A is the minimum, but many organizations strive to meet at least Level AA to ensure they inclusively support – and retain – all their stakeholders, across employees, donors, grantees, and beneficiaries.

4. How does this software ensure we are secure and compliant to keep pace with cyber risks?

The cyber threat landscape is large and serious; adversaries continue to be relentless in their attacks as they become faster and more sophisticated. No organization is immune to this risk, and combatting it comes down to committed partnership between your employees, your suppliers, and your constituents – with each playing their role to stay secure together.

This means ensuring your suppliers work daily to ensure the safety of your data, and that they adhere to industry standard practices such as the CIA Triad Model (Confidentiality, Integrity, Availability) in conjunction with various industry control frameworks, such as the NIST CSF, PCI DSS, ISO27001, SOC 1, SOC 1 type 2, and others.  

Ask your suppliers to share their approach to cybersecurity best practices, including:

• Multi-Factor Authentication
• Testing
• Encryption
• Environment Hardening
• Infrastructure Security
• Security Partnerships and Memberships
• Employee and User Awareness/Training

At the same time, it also comes down to your organization. The cloud offers tremendous potential benefits in security, agility, resiliency, and economy, but only if you understand and adopt cloud-native models and adjust your practices to align with the features and capabilities of cloud platforms – like staying current on the latest version available.

5. How will you help us navigate future change?

In a cloud-first world, your software suppliers can and should play a key role in proactively helping your organization keep pace with compliance changes. Discover what industry control frameworks your supplier leverages to protect your solutions; find out what their software roadmap is for compliance; and discuss how best to adopt innovation and security improvements.

Looking ahead, the sector’s rapid-growing focus on analytics and artificial intelligence will inevitably also require more regulatory compliance over time. As generative AI like ChatGPT becomes ingrained in workflows, it will be important to protect against new forms of potential consumer harm. Increasingly, we must establish an ethical framework for data intelligence, so we can consider the merit that comes from solving the problem and determine whether it delivers value to all concerned parties – the individuals who generated the data as well as the organization that collects and analyzes it.

Concluding thoughts

As software evolves at an ever-faster pace, so too must compliance to ensure it is being leveraged for good. The right technology helps you to stay apace of these requirements and adhere to your consumers’ evolving preferences. With homegrown or heavily-customized software you can rapidly fall behind expectations of your donors and other constituents – and of global compliance regulations.

Purpose-built social impact software propels your ability to meet changing compliance needs as you focus to raise resources, deliver programs, manage operations, and measure impact.  Embrace cloud software and compliance as strong partners – and take the lead through clear and transparent adoption.

Learn more at Blackbaud’s continuous commitment to Data Privacy, Cybersecurity, Payments Security, Accessibility, and Public Cloud.