{"id":1,"date":"2025-10-06T16:57:45","date_gmt":"2025-10-06T15:57:45","guid":{"rendered":"https:\/\/actuallydata.net\/craft\/?p=1"},"modified":"2025-11-25T15:26:28","modified_gmt":"2025-11-25T15:26:28","slug":"data-security-models","status":"publish","type":"post","link":"https:\/\/actuallydata.net\/craft\/data-security-models\/","title":{"rendered":"Creating an Effective Security Model for Charities:"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><strong>How to approach it strategically before changing permissions.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Security isn\u2019t the glamorous part of a CRM implementation. But it\u2019s one of the most defining.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A well-designed security model protects sensitive supporter data, builds trust, reduces admin load, and sets your team up for scalable growth. A poorly designed one creates confusion, bottlenecks, and risky shortcuts.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Too often, security is treated as a technical setup task at the end of a project. In reality, it\u2019s a <em>strategic design choice<\/em> that shapes how your people work, how data flows, and how your charity demonstrates good governance.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Although this article was sparked by a discussion among charities implementing <strong>Microsoft Dynamics<\/strong>, the principles apply to <em>any<\/em> CRM system eg: Salesforce, Beacon, Raiser\u2019s Edge, ThankQ, or any bespoke database. Whatever platform you use, the thinking is the same: start with people, build around groups, and document your governance clearly.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">1. Start with people, not permissions<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Before you look at any security settings, take a step back and ask: <em>who are our users, and what do they need to do?<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Think in terms of <em>groups of responsibility<\/em> rather than individuals. It\u2019s easier to manage, easier to audit, and much more scalable.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Group<\/th><th>Typical Roles<\/th><th>Core Access Needs<\/th><th>Risks if Over-Granted<\/th><\/tr><\/thead><tbody><tr><td><strong>Read-Only Users<\/strong><\/td><td>Trustees, auditors, temporary contractors<\/td><td>View records and dashboards, no editing<\/td><td>Data leaks if export rights remain open<\/td><\/tr><tr><td><strong>Normal Users<\/strong><\/td><td>Fundraisers, service delivery staff, volunteers<\/td><td>Create and update records within their team<\/td><td>Cross-team edits causing errors<\/td><\/tr><tr><td><strong>Super Users<\/strong><\/td><td>Data champions, team leads<\/td><td>Wider access, bulk edits, report creation<\/td><td>Becoming accidental admins<\/td><\/tr><tr><td><strong>Administrators<\/strong><\/td><td>CRM or data managers<\/td><td>Configure system settings, users, integrations<\/td><td>Misconfiguration or data loss<\/td><\/tr><tr><td><strong>Super Administrators<\/strong><\/td><td>IT or external partners<\/td><td>Environment-level control, API keys, backups<\/td><td>Unchecked access, limited oversight<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">This five-tier model works in most systems, but it\u2019s not a rulebook. It\u2019s a framework for understanding <em>trust and responsibility<\/em>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">2. Recognise that people wear more than one hat<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">One of the most common misconceptions about CRM security is that every person fits neatly into one role. They don\u2019t.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A fundraiser might also support events. A volunteer coordinator might help process donations. The Head of Fundraising might need both campaign data and financial reports.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Good CRM platforms handle this flexibility, users can belong to <em>multiple groups or roles<\/em>, each layering permissions on top of one another.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">That layering allows for hybrid responsibilities, but it demands careful planning:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Be intentional:<\/strong> overlap roles only where it reflects real-world practice.<\/li>\n\n\n\n<li><strong>Document every exception:<\/strong> note why someone sits in more than one group.<\/li>\n\n\n\n<li><strong>Review regularly:<\/strong> as responsibilities change, so should their access.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Think of your security model like an orchestra. Each section (group) plays its part, but some musicians double on instruments when needed. The key is harmony, not chaos.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">3. Ask the right questions early<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Before building your first permission set, gather your project team and ask:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Theme<\/th><th>Strategic Questions<\/th><\/tr><\/thead><tbody><tr><td><strong>Governance<\/strong><\/td><td>Who owns data quality? Who approves access changes?<\/td><\/tr><tr><td><strong>Segmentation<\/strong><\/td><td>Should fundraising, volunteering, and service teams see the same contacts?<\/td><\/tr><tr><td><strong>Compliance<\/strong><\/td><td>How will you manage right-to-be-forgotten or access requests?<\/td><\/tr><tr><td><strong>Support<\/strong><\/td><td>Who trains new users and removes leavers?<\/td><\/tr><tr><td><strong>Auditability<\/strong><\/td><td>How will you track who changed what and when?<\/td><\/tr><tr><td><strong>Scalability<\/strong><\/td><td>What happens when the team doubles or restructures?<\/td><\/tr><tr><td><strong>External Access<\/strong><\/td><td>Will agencies or partners need temporary access, and how will you manage that safely?<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">These questions are not about software configuration they\u2019re about your <em>operating model<\/em> and <em>data culture<\/em>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">4. Use groups and teams rather than individuals<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Whatever CRM you use, permissions can usually be grouped by:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Role-based access<\/strong> (what someone can do)<\/li>\n\n\n\n<li><strong>Team or department access<\/strong> (where they can do it)<\/li>\n\n\n\n<li><strong>Record ownership<\/strong> (whose data it is)<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">It\u2019s tempting to fine-tune individuals. Resist that urge. Assign access via <strong>roles and teams<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>The benefits:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Consistency:<\/strong> people doing the same job have the same rights.<\/li>\n\n\n\n<li><strong>Efficiency:<\/strong> onboarding and offboarding are quick and reliable.<\/li>\n\n\n\n<li><strong>Audit clarity:<\/strong> reviewing five roles is easier than reviewing fifty users.<\/li>\n\n\n\n<li><strong>Future-proofing:<\/strong> structures can evolve without manual rebuilds.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Working with groups also supports your GDPR accountability, it\u2019s much easier to demonstrate that permissions are \u201cappropriate and proportionate\u201d when they\u2019re structured and documented.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<div class=\"wp-block-uagb-image uagb-block-02804f88 wp-block-uagb-image--layout-default wp-block-uagb-image--effect-static wp-block-uagb-image--align-none\"><figure class=\"wp-block-uagb-image__figure\"><img decoding=\"async\" src=\"https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/pexels-photo-7947842-7947842-1024x683.jpg\" alt=\"Close-up image of a business strategy chart on paper showing stages and feasibility.\" class=\"uag-image-1826\" width=\"1024\" height=\"683\" title=\"pexels photo 7947842 7947842\" loading=\"lazy\" role=\"img\" \/><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">5. Document, document, document<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Security design decisions need to be written down not left in emails or memory.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Document Type<\/th><th>Purpose<\/th><th>Maintained By<\/th><\/tr><\/thead><tbody><tr><td><strong>Security Model Overview<\/strong><\/td><td>Summary of groups, roles, and their hierarchy.<\/td><td>CRM Manager<\/td><\/tr><tr><td><strong>Access Matrix<\/strong><\/td><td>Which group can perform which action (create, read, update, delete).<\/td><td>Data or System Admin<\/td><\/tr><tr><td><strong>Role Assignment Log<\/strong><\/td><td>Who belongs to which group(s) and why.<\/td><td>HR or IT<\/td><\/tr><tr><td><strong>Access Request Workflow<\/strong><\/td><td>Defines how access is requested, approved, and removed.<\/td><td>Governance Lead<\/td><\/tr><tr><td><strong>Audit &amp; Review Schedule<\/strong><\/td><td>Specifies how often access is reviewed (quarterly or bi-annually).<\/td><td>DPO or Data Governance Lead<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">You don\u2019t need complex tooling. Even a shared spreadsheet or Confluence page can provide essential traceability.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">6. Decision-making and audit<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Every change in access should leave a <strong>decision trail<\/strong>:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Request<\/strong> \u2014 logged through a form or ticket.<\/li>\n\n\n\n<li><strong>Approval<\/strong> \u2014 authorised by a role owner, not the requester.<\/li>\n\n\n\n<li><strong>Implementation<\/strong> \u2014 applied by a system admin.<\/li>\n\n\n\n<li><strong>Verification<\/strong> \u2014 checked for accuracy and logged.<\/li>\n\n\n\n<li><strong>Review<\/strong> \u2014 included in your regular audit cycle.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Enable your CRM\u2019s <strong>audit logging<\/strong> or <strong>change history<\/strong> for high-risk entities (contacts, donations, consents).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Key tips:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Apply the <strong>principle of least privilege<\/strong>, grant only what\u2019s necessary.<\/li>\n\n\n\n<li>Use role rotation or multi-approval for administrator rights.<\/li>\n\n\n\n<li>Keep a quarterly \u201caccess attestation\u201d process where managers confirm team permissions.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Auditing isn\u2019t about suspicion. It\u2019s about building trust and stewardship.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">7. When staff are multifaceted just like your supporters<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Just as supporters can be donors, volunteers, and campaigners, staff also cross boundaries.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Your security model should reflect this overlap without overcomplicating it.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Use additive roles:<\/strong> a user in <em>Fundraising Member<\/em> and <em>Events Coordinator<\/em> groups inherits both sets of permissions.<\/li>\n\n\n\n<li><strong>Define ownership clearly:<\/strong> which department owns which data?<\/li>\n\n\n\n<li><strong>Communicate boundaries:<\/strong> help staff understand where their visibility ends.<\/li>\n\n\n\n<li><strong>Automate transitions:<\/strong> link HR joiner-mover-leaver processes to your CRM if possible.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Test scenarios that mirror real life:<br>\u201cWhat can Jane see if she\u2019s both Fundraising and Comms?\u201d<br>\u201cWhat happens when the CEO joins Leadership and Finance groups?\u201d<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Good systems handle these overlaps, great governance makes them intentional.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">8. Best practice and further reading<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Whether you\u2019re using Dynamics, Salesforce, Beacon, or anything else, these resources provide useful guidance:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Source<\/th><th>Focus<\/th><th>Link<\/th><\/tr><\/thead><tbody><tr><td><strong>Microsoft Learn: Security Model Overview<\/strong><\/td><td>Clear explanation of roles, teams, and layered permissions.<\/td><td><a href=\"https:\/\/learn.microsoft.com\/en-us\/dynamics365\/get-started\/security\">https:\/\/learn.microsoft.com\/en-us\/dynamics365\/get-started\/security<\/a><\/td><\/tr><tr><td><strong>Salesforce Role Hierarchies Guide<\/strong><\/td><td>Explains layered and team-based security.<\/td><td><a href=\"http:\/\/help.salesforce.com\">help.salesforce.com<\/a><\/td><\/tr><tr><td><strong>NCVO Digital Guides<\/strong><\/td><td>Practical and step-by-step guidance to make the best use of digital tools and processes to help your charity, organisation or community group<\/td><td><a href=\"https:\/\/www.ncvo.org.uk\/help-and-guidance\/digital-technology\/\">https:\/\/www.ncvo.org.uk\/help-and-guidance\/digital-technology\/<\/a><\/td><\/tr><tr><td><strong>Information Commissioner\u2019s Office (ICO)<\/strong><\/td><td>GDPR guidance on access control and data minimisation.<\/td><td><a href=\"http:\/\/ico.org.uk\">ico.org.uk<\/a><\/td><\/tr><tr><td><strong>Actually Data Analytics \u2013 Data Quality Framework<\/strong><\/td><td>Six dimensions of data quality to underpin governance and audit.<\/td><td><a href=\"https:\/\/actuallydata.net\/craft\/resource\/data-quality-audit-checklist\/\" data-type=\"resource\" data-id=\"1698\">actuallydata.net<\/a><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Each reinforces the same truth: a strong security model is as much about <em>culture and clarity<\/em> as it is about configuration.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">9. The benefits of getting this right<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">When your security model is group-based, documented, and layered, you gain:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Confidence and compliance<\/strong> \u2014 roles are auditable and easy to review.<\/li>\n\n\n\n<li><strong>Reduced admin load<\/strong> \u2014 access changes are quick and repeatable.<\/li>\n\n\n\n<li><strong>Cleaner data<\/strong> \u2014 people only edit what they\u2019re responsible for.<\/li>\n\n\n\n<li><strong>Empowered teams<\/strong> \u2014 clarity builds confidence, not constraint.<\/li>\n\n\n\n<li><strong>Scalability<\/strong> \u2014 new functions or systems can slot into the same model.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Most importantly, your CRM reflects your charity\u2019s values: trust, transparency, and good stewardship.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">10. Practical next steps<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">You don\u2019t need a huge project to get started. Begin today with:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>List your user groups<\/strong> using the five-tier model as a foundation.<\/li>\n\n\n\n<li><strong>Identify overlaps<\/strong> where staff hold more than one hat.<\/li>\n\n\n\n<li><strong>Document permissions<\/strong> in a simple matrix.<\/li>\n\n\n\n<li><strong>Create an approval workflow<\/strong> for new access requests.<\/li>\n\n\n\n<li><strong>Pilot the structure<\/strong> in a test or sandbox environment.<\/li>\n\n\n\n<li><strong>Train and communicate<\/strong> so everyone understands <em>why<\/em> as well as <em>what<\/em>.<\/li>\n\n\n\n<li><strong>Schedule reviews<\/strong>  your structure should evolve with your people.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">11. Closing reflection<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Security isn\u2019t about locking people out. It\u2019s about letting the right people in! With the right tools, to do the right work, safely.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Charities that design security as a <em>strategic enabler<\/em> build CRMs that work <em>with<\/em> people, not against them.<br>They protect supporter trust, empower staff, and make governance visible.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Whether you use Dynamics, Salesforce, Beacon, or anything else, start with people, define clear groups, and document your decisions. Your future self and your auditors will thank you.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Can we help?<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">If you\u2019re reviewing your CRM security model or planning a system change, Actually Data Analytics can help you build frameworks that balance access, governance, and agility.<br>Explore our <strong><a data-type=\"category\" data-id=\"16\" href=\"https:\/\/actuallydata.net\/craft\/category\/governance\/\">Data Quality and Governance<\/a><\/strong> posts, or sign up for <strong><a data-type=\"page\" data-id=\"1653\" href=\"https:\/\/actuallydata.net\/craft\/resources\/\">CRAFT Signals<\/a><\/strong> to gain access to templates and checklists that strengthen your data foundations for free.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>How to approach it strategically before changing permissions. Security isn\u2019t the glamorous part of a CRM implementation. But it\u2019s one [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1818,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","pmpro_default_level":"","_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[16],"tags":[19,18,17],"class_list":["post-1","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-governance","tag-crm","tag-ms-dynamcis","tag-security","pmpro-has-access"],"acf":[],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.9 - aioseo.com -->\n\t<meta name=\"description\" content=\"How to approach it strategically before changing permissions. Security isn\u2019t the glamorous part of a CRM implementation. But it\u2019s one of the most defining. A well-designed security model protects sensitive supporter data, builds trust, reduces admin load, and sets your team up for scalable growth. A poorly designed one creates confusion, bottlenecks, and risky shortcuts.\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Ant\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/actuallydata.net\/craft\/data-security-models\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.9\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_GB\" \/>\n\t\t<meta property=\"og:site_name\" content=\"CRAFT - Data. Community. Impact. - Find your people. Hone your CRAFT.\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Creating an Effective Security Model for Charities: - CRAFT - Data. Community. Impact.\" \/>\n\t\t<meta property=\"og:description\" content=\"How to approach it strategically before changing permissions. Security isn\u2019t the glamorous part of a CRM implementation. But it\u2019s one of the most defining. A well-designed security model protects sensitive supporter data, builds trust, reduces admin load, and sets your team up for scalable growth. A poorly designed one creates confusion, bottlenecks, and risky shortcuts.\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/actuallydata.net\/craft\/data-security-models\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/Craft3.png\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/Craft3.png\" \/>\n\t\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2025-10-06T15:57:45+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2025-11-25T15:26:28+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Creating an Effective Security Model for Charities: - CRAFT - Data. Community. Impact.\" \/>\n\t\t<meta name=\"twitter:description\" content=\"How to approach it strategically before changing permissions. Security isn\u2019t the glamorous part of a CRM implementation. But it\u2019s one of the most defining. A well-designed security model protects sensitive supporter data, builds trust, reduces admin load, and sets your team up for scalable growth. A poorly designed one creates confusion, bottlenecks, and risky shortcuts.\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/Craft3.png\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/data-security-models\\\/#blogposting\",\"name\":\"Creating an Effective Security Model for Charities: - CRAFT - Data. Community. Impact.\",\"headline\":\"Creating an Effective Security Model for Charities:\",\"author\":{\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/author\\\/oxnwcv\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/#organization\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/security-protection-anti-virus-software-60504-60504-scaled.jpg\",\"width\":2560,\"height\":1707,\"caption\":\"Close-up view of a mouse cursor over digital security text on display.\"},\"datePublished\":\"2025-10-06T16:57:45+01:00\",\"dateModified\":\"2025-11-25T15:26:28+00:00\",\"inLanguage\":\"en-GB\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/data-security-models\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/data-security-models\\\/#webpage\"},\"articleSection\":\"Governance, CRM, MS Dynamcis, Security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/data-security-models\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/actuallydata.net\\\/craft\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/category\\\/governance\\\/#listItem\",\"name\":\"Governance\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/category\\\/governance\\\/#listItem\",\"position\":2,\"name\":\"Governance\",\"item\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/category\\\/governance\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/data-security-models\\\/#listItem\",\"name\":\"Creating an Effective Security Model for Charities:\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/data-security-models\\\/#listItem\",\"position\":3,\"name\":\"Creating an Effective Security Model for Charities:\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/category\\\/governance\\\/#listItem\",\"name\":\"Governance\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/#organization\",\"name\":\"Actually Data Analytics Ltd\",\"description\":\"Find your people. Hone your CRAFT.\",\"url\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/\",\"telephone\":\"+447824443989\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/Craft3.png\",\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/data-security-models\\\/#organizationLogo\",\"width\":1024,\"height\":1024,\"caption\":\"craft3\"},\"image\":{\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/data-security-models\\\/#organizationLogo\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/author\\\/oxnwcv\\\/#author\",\"url\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/author\\\/oxnwcv\\\/\",\"name\":\"Ant\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/data-security-models\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/ad499713a06f2ad4eb89e2d85b48e0f34a1f1d0dfd796d280d8a67935bf9750b?s=96&d=mm&r=g\",\"width\":96,\"height\":96,\"caption\":\"Ant\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/data-security-models\\\/#webpage\",\"url\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/data-security-models\\\/\",\"name\":\"Creating an Effective Security Model for Charities: - CRAFT - Data. Community. Impact.\",\"description\":\"How to approach it strategically before changing permissions. Security isn\\u2019t the glamorous part of a CRM implementation. But it\\u2019s one of the most defining. A well-designed security model protects sensitive supporter data, builds trust, reduces admin load, and sets your team up for scalable growth. A poorly designed one creates confusion, bottlenecks, and risky shortcuts.\",\"inLanguage\":\"en-GB\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/data-security-models\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/author\\\/oxnwcv\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/author\\\/oxnwcv\\\/#author\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/security-protection-anti-virus-software-60504-60504-scaled.jpg\",\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/data-security-models\\\/#mainImage\",\"width\":2560,\"height\":1707,\"caption\":\"Close-up view of a mouse cursor over digital security text on display.\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/data-security-models\\\/#mainImage\"},\"datePublished\":\"2025-10-06T16:57:45+01:00\",\"dateModified\":\"2025-11-25T15:26:28+00:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/#website\",\"url\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/\",\"name\":\"CRAFT - Data. Community. Impact.\",\"description\":\"Find your people. Hone your CRAFT.\",\"inLanguage\":\"en-GB\",\"publisher\":{\"@id\":\"https:\\\/\\\/actuallydata.net\\\/craft\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Creating an Effective Security Model for Charities: - CRAFT - Data. Community. Impact.","description":"How to approach it strategically before changing permissions. Security isn\u2019t the glamorous part of a CRM implementation. But it\u2019s one of the most defining. A well-designed security model protects sensitive supporter data, builds trust, reduces admin load, and sets your team up for scalable growth. A poorly designed one creates confusion, bottlenecks, and risky shortcuts.","canonical_url":"https:\/\/actuallydata.net\/craft\/data-security-models\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/actuallydata.net\/craft\/data-security-models\/#blogposting","name":"Creating an Effective Security Model for Charities: - CRAFT - Data. Community. Impact.","headline":"Creating an Effective Security Model for Charities:","author":{"@id":"https:\/\/actuallydata.net\/craft\/author\/oxnwcv\/#author"},"publisher":{"@id":"https:\/\/actuallydata.net\/craft\/#organization"},"image":{"@type":"ImageObject","url":"https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/security-protection-anti-virus-software-60504-60504-scaled.jpg","width":2560,"height":1707,"caption":"Close-up view of a mouse cursor over digital security text on display."},"datePublished":"2025-10-06T16:57:45+01:00","dateModified":"2025-11-25T15:26:28+00:00","inLanguage":"en-GB","mainEntityOfPage":{"@id":"https:\/\/actuallydata.net\/craft\/data-security-models\/#webpage"},"isPartOf":{"@id":"https:\/\/actuallydata.net\/craft\/data-security-models\/#webpage"},"articleSection":"Governance, CRM, MS Dynamcis, Security"},{"@type":"BreadcrumbList","@id":"https:\/\/actuallydata.net\/craft\/data-security-models\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/actuallydata.net\/craft#listItem","position":1,"name":"Home","item":"https:\/\/actuallydata.net\/craft","nextItem":{"@type":"ListItem","@id":"https:\/\/actuallydata.net\/craft\/category\/governance\/#listItem","name":"Governance"}},{"@type":"ListItem","@id":"https:\/\/actuallydata.net\/craft\/category\/governance\/#listItem","position":2,"name":"Governance","item":"https:\/\/actuallydata.net\/craft\/category\/governance\/","nextItem":{"@type":"ListItem","@id":"https:\/\/actuallydata.net\/craft\/data-security-models\/#listItem","name":"Creating an Effective Security Model for Charities:"},"previousItem":{"@type":"ListItem","@id":"https:\/\/actuallydata.net\/craft#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/actuallydata.net\/craft\/data-security-models\/#listItem","position":3,"name":"Creating an Effective Security Model for Charities:","previousItem":{"@type":"ListItem","@id":"https:\/\/actuallydata.net\/craft\/category\/governance\/#listItem","name":"Governance"}}]},{"@type":"Organization","@id":"https:\/\/actuallydata.net\/craft\/#organization","name":"Actually Data Analytics Ltd","description":"Find your people. Hone your CRAFT.","url":"https:\/\/actuallydata.net\/craft\/","telephone":"+447824443989","logo":{"@type":"ImageObject","url":"https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/Craft3.png","@id":"https:\/\/actuallydata.net\/craft\/data-security-models\/#organizationLogo","width":1024,"height":1024,"caption":"craft3"},"image":{"@id":"https:\/\/actuallydata.net\/craft\/data-security-models\/#organizationLogo"}},{"@type":"Person","@id":"https:\/\/actuallydata.net\/craft\/author\/oxnwcv\/#author","url":"https:\/\/actuallydata.net\/craft\/author\/oxnwcv\/","name":"Ant","image":{"@type":"ImageObject","@id":"https:\/\/actuallydata.net\/craft\/data-security-models\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/ad499713a06f2ad4eb89e2d85b48e0f34a1f1d0dfd796d280d8a67935bf9750b?s=96&d=mm&r=g","width":96,"height":96,"caption":"Ant"}},{"@type":"WebPage","@id":"https:\/\/actuallydata.net\/craft\/data-security-models\/#webpage","url":"https:\/\/actuallydata.net\/craft\/data-security-models\/","name":"Creating an Effective Security Model for Charities: - CRAFT - Data. Community. Impact.","description":"How to approach it strategically before changing permissions. Security isn\u2019t the glamorous part of a CRM implementation. But it\u2019s one of the most defining. A well-designed security model protects sensitive supporter data, builds trust, reduces admin load, and sets your team up for scalable growth. A poorly designed one creates confusion, bottlenecks, and risky shortcuts.","inLanguage":"en-GB","isPartOf":{"@id":"https:\/\/actuallydata.net\/craft\/#website"},"breadcrumb":{"@id":"https:\/\/actuallydata.net\/craft\/data-security-models\/#breadcrumblist"},"author":{"@id":"https:\/\/actuallydata.net\/craft\/author\/oxnwcv\/#author"},"creator":{"@id":"https:\/\/actuallydata.net\/craft\/author\/oxnwcv\/#author"},"image":{"@type":"ImageObject","url":"https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/security-protection-anti-virus-software-60504-60504-scaled.jpg","@id":"https:\/\/actuallydata.net\/craft\/data-security-models\/#mainImage","width":2560,"height":1707,"caption":"Close-up view of a mouse cursor over digital security text on display."},"primaryImageOfPage":{"@id":"https:\/\/actuallydata.net\/craft\/data-security-models\/#mainImage"},"datePublished":"2025-10-06T16:57:45+01:00","dateModified":"2025-11-25T15:26:28+00:00"},{"@type":"WebSite","@id":"https:\/\/actuallydata.net\/craft\/#website","url":"https:\/\/actuallydata.net\/craft\/","name":"CRAFT - Data. Community. Impact.","description":"Find your people. Hone your CRAFT.","inLanguage":"en-GB","publisher":{"@id":"https:\/\/actuallydata.net\/craft\/#organization"}}]},"og:locale":"en_GB","og:site_name":"CRAFT - Data. Community. Impact. - Find your people. Hone your CRAFT.","og:type":"article","og:title":"Creating an Effective Security Model for Charities: - CRAFT - Data. Community. Impact.","og:description":"How to approach it strategically before changing permissions. Security isn\u2019t the glamorous part of a CRM implementation. But it\u2019s one of the most defining. A well-designed security model protects sensitive supporter data, builds trust, reduces admin load, and sets your team up for scalable growth. A poorly designed one creates confusion, bottlenecks, and risky shortcuts.","og:url":"https:\/\/actuallydata.net\/craft\/data-security-models\/","og:image":"https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/Craft3.png","og:image:secure_url":"https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/Craft3.png","og:image:width":1024,"og:image:height":1024,"article:published_time":"2025-10-06T15:57:45+00:00","article:modified_time":"2025-11-25T15:26:28+00:00","twitter:card":"summary_large_image","twitter:title":"Creating an Effective Security Model for Charities: - CRAFT - Data. Community. Impact.","twitter:description":"How to approach it strategically before changing permissions. Security isn\u2019t the glamorous part of a CRM implementation. But it\u2019s one of the most defining. A well-designed security model protects sensitive supporter data, builds trust, reduces admin load, and sets your team up for scalable growth. A poorly designed one creates confusion, bottlenecks, and risky shortcuts.","twitter:image":"https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/Craft3.png"},"aioseo_meta_data":{"post_id":"1","title":null,"description":null,"keywords":null,"keyphrases":{"focus":{"keyphrase":"","score":0,"analysis":{"keyphraseInTitle":{"score":0,"maxScore":9,"error":1}}},"additional":[]},"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"BlogPosting","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":{"faqs":[],"keyPoints":[],"titles":[],"descriptions":[],"socialPosts":{"email":[],"linkedin":[],"twitter":[],"facebook":[],"instagram":[]}},"created":"2025-11-02 22:43:37","updated":"2025-11-25 15:34:00","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/actuallydata.net\/craft\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/actuallydata.net\/craft\/category\/governance\/\" title=\"Governance\">Governance<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tCreating an Effective Security Model for Charities:\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/actuallydata.net\/craft"},{"label":"Governance","link":"https:\/\/actuallydata.net\/craft\/category\/governance\/"},{"label":"Creating an Effective Security Model for Charities:","link":"https:\/\/actuallydata.net\/craft\/data-security-models\/"}],"uagb_featured_image_src":{"full":["https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/security-protection-anti-virus-software-60504-60504-scaled.jpg",2560,1707,false],"thumbnail":["https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/security-protection-anti-virus-software-60504-60504-150x150.jpg",150,150,true],"medium":["https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/security-protection-anti-virus-software-60504-60504-300x200.jpg",300,200,true],"medium_large":["https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/security-protection-anti-virus-software-60504-60504-768x512.jpg",768,512,true],"large":["https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/security-protection-anti-virus-software-60504-60504-1024x683.jpg",1024,683,true],"1536x1536":["https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/security-protection-anti-virus-software-60504-60504-1536x1024.jpg",1536,1024,true],"2048x2048":["https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/security-protection-anti-virus-software-60504-60504-2048x1365.jpg",2048,1365,true]},"uagb_author_info":{"display_name":"Ant","author_link":"https:\/\/actuallydata.net\/craft\/author\/oxnwcv\/"},"uagb_comment_info":0,"uagb_excerpt":"How to approach it strategically before changing permissions. Security isn\u2019t the glamorous part of a CRM implementation. But it\u2019s one [&hellip;]","_links":{"self":[{"href":"https:\/\/actuallydata.net\/craft\/wp-json\/wp\/v2\/posts\/1","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/actuallydata.net\/craft\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/actuallydata.net\/craft\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/actuallydata.net\/craft\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/actuallydata.net\/craft\/wp-json\/wp\/v2\/comments?post=1"}],"version-history":[{"count":0,"href":"https:\/\/actuallydata.net\/craft\/wp-json\/wp\/v2\/posts\/1\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/actuallydata.net\/craft\/wp-json\/wp\/v2\/media\/1818"}],"wp:attachment":[{"href":"https:\/\/actuallydata.net\/craft\/wp-json\/wp\/v2\/media?parent=1"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/actuallydata.net\/craft\/wp-json\/wp\/v2\/categories?post=1"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/actuallydata.net\/craft\/wp-json\/wp\/v2\/tags?post=1"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}