U3A Tauranga

Digital Information Systems Policy

U3A TAURANGA INC.
Adopted 13 July 2018

Background

  • This document sets out the policies and procedures for handling digital information in U3A Tauranga
  • Refer to the U3A Tauranga Privacy Policy regarding data privacy issues and the Informed consent policy for the individuals concerned.
  • All matters relating to this policy are made at the direction of the Executive of U3A Tauranga (hereafter referred to as the “Executive”).
  • This policy document may be changed at any time for any reason at the direction of the Executive.

ICT Governance

The processes are to ensure the effective and efficient use of ICT in enabling an organization to achieve its goals.
Governance is ultimately the responsibility of the executive.
The objectives of this policy are to:

  • Prioritise investment of time, money and applications and make recommendations to executive
  • Review and monitor project status, alignment with U3A strategy, and any customer feedback
  • Review IT risks and advise the executive through the president
  • Internet Usage Policy
  • The Internet Usage policy provides information on the appropriate use of the Internet by members of U3A who are fulfilling executive functions for the most part and procedures for tracking usage

The objectives of this policy are to:
Ensure users

  • Apply antiviral and other software including firewalls to protect information of members that they are authorised to hold
  • To delete any unauthorised information from all storage devices
  • To password protect information as necessary
  • Not to represent personal views as U3A views such as in blogs, Facebook communications etc

Change Management

This policy looks at the authorization procedure for changes to IT systems and applications hosted by U3A.

The objectives of this policy are to:

  • Mitigate IT risks associated with changes to technology
  • Make people aware of the procedure to be followed when making changes to IT systems and applications
  • Ensure that all changes have been authorised
  • Ensure minimal disruption of IT services to the business
  • Reduce the need to back-out changes

Testing :

Changes shall be tested in a test environment (not the ‘Live” system) to minimise the effect on the relevant business process, to assess its impact on operations and to verify that only intended and approved changes are implemented.

Version control:

  • Any software change and/or updates shall be controlled with version control.
  • All changes shall be approved prior to implementation
  • Fall back procedures will be in place to ensure systems can revert back to what they were.

Specific Systems

Email

All matters related to Emails is subject to the “Informed consent and Privacy policies”, of U3A Tauranga.

Formal Email address for U3A Tauranga

  • The email address president@u3atauranga.org.nz is to be used by the Secretary and President
  • The email address may be changed by direction of the Executive.
  • The password will be changed no less than annually.

The password may be changed by the Secretary at any time with the approval of the president. The password will be changed whenever there is a change of these office holders.

Generic Email addresses

These are subject to the privacy policy and Informed consent.
The preferred generic email address is secretary@u3atauranga.org.nz

The secretary will forward any emails so received to the correct person for action. This means that the organisation has a record of all activity

For other generic email addresses there will be a second forwardee namely
webmanager@u3atauranga.org.nz

The executive may ask the “manager’ of these addresses to change / delete the email addresses as required. This is particularly important when people are absent in unplanned situations.

The executive will review the list of generic emails and forwardee’s as required.

If deemed necessary the Executive may require emails to contain a footer outlining privacy expectations

Storage of digital Data for the administrative functions of U3A

In addition to data held on approved computers by office holder’s; membership information held in the U3A Membership database and any other electronic information (master copies of documents, Excel spreadsheets, reports), as required by the Executive will be stored on a cloud based account.

  • Access to the Cloud-based account will be limited “by invitation only”, to such members as the Executive deems necessary. The Database administrator will maintain a list of members who have been granted access. Such access may be removed at any time at the direction of the Executive. The Database administrator and / or Data Manager will have the password to maintain the U3A administration Cloud-based account.
  • After EACH Annual General Meeting the list of people who have access will be reviewed and all departing executive members will have their access to the Cloud-based account deleted.
  • Wherever possible, the Cloud-based account usage will be limited to such storage as may be provided by a free account.
  • Periodic cleanups / updating of documents, spreadsheets and reports will be undertaken.

Website

  • The website at http://www.u3atauranga.org.nz is the official website of U3A Tauranga.
  • A member will be appointed each year by the Executive as WebManager who will:
  • Be granted Super User rights for the website.
  • Allow other members appropriate access to the website appropriate to their needs or as required by the Exec

The WebManager shall ensure that no personal email addresses are accessible
through the website unless there has been informed consent to do so.

  • The WebManager will generally control layout, appearance and content subject to the requirements of the Executive, who may exercise editorial control.
  • Maintain a good working relationship with the web host.
  • Maintain monthly off-site backups of the files held on the web host in the assigned Cloud based folder. The control of access to this folder is delegated to the WebManager.
  • Provide a summary of monthly usage for monthly Executive meetings.
  • A group known as the Web Team preferably but not necessarily convened by the WebManager shall provide such assistance as may be required by the WebManager.

The group will operate as a regular group within the rules and guidelines for groups as well as providing a mutual learning environment for its members.

Xero Financial system

  • The financial systems operation and management is the responsibility of the treasurer
  • The treasurer will train a deputy in the operation of the system and the processes involved in subscription management
  • The treasurer will ensure data is consistent with members data held in the membership database
  • The treasurer will provide reports to the monthly executive meetings and other statutory reporting
  • The treasurer will manage access to Xero and keep the executive informed regarding access privileges assigned

Definitions

Database Administrator

The person assigned to maintain the U3A membership database including forms, queries, reports and the security by way of access rights assigned to authorised individuals.
They shall implement approved design changes .
They will ensure all changes are version controlled and tested before “go live”.

Datamanager

  • Person assigned a coordinating role across business systems, processes and workflow for U3A Tauranga
  • They will advise on reporting to meet the needs of U3A Tauranga

Informed Consent Policy

  • Informed consent will be available to all members of U3A Tauranga
  • Informed consent is achieved when the member concerned has all the factors including risks explained to them; is understood by them and they agree to the proposition / subject matter.

Note:
This policy has been modified in March 2026 with the following changes.
1. Webmaster changed to WebManager.
2. Website section: URL changed from http://u3atauranga.kiwi.nz to https://u3atauranga.org.nz
3. Website & Data Storage sections: ‘Dropbox’ changed to ‘Cloud based’.
4. All references to Email changed to @u3atauranga.org.nz