Why Churches Should Use Organizational Accounts for Digital Platforms: Part 3
December 18th, 2024
The last two weeks we’ve discussed the reason churches should have their own accounts and practical steps in setting up those accounts.This week, we are looking at Digital Asset Management Policies and how to recover accounts if you lose access.
A Policy
A Digital Asset Management (DAM) Policy is important for churches because it helps keep their digital files, like pictures, videos, and documents, organized and safe. It makes sure everyone uses these files the right way, protects privacy, and avoids breaking copyright rules. With a good system in place, staff and volunteers can easily find and share what they need to work together. It also helps save important church history and use resources wisely, allowing the church to connect with more people and share its message better.
Digital Asset Management Policy for Churches
This template provides a framework for creating a policy to manage a church’s digital assets securely and effectively. Customize it based on your church’s specific needs.
[Church Name] Digital Asset Management Policy Effective Date: [Insert Date] Review Date: [Insert Date for Review] Approved By: [Church Leadership or Board Name]
1. Purpose
This policy establishes guidelines for the creation, management, and protection of [Church Name]’s digital assets to ensure continuity, security, and accessibility. Digital assets include, but are not limited to, email accounts, social media profiles, websites, donation platforms, domain names, and any other online accounts or tools used by the church.
2. Scope
This policy applies to all church staff, volunteers, and third-party vendors who manage or have access to [Church Name]’s digital accounts and assets.
3. Roles and Responsibilities
Account Administrator(s):
Individuals designated to oversee the creation, management, and security of digital accounts.
Ensure access credentials are stored securely.
Regularly update passwords and manage account permissions.
Perform routine audits of digital assets.
Leadership Access:
Church leadership (e.g., senior pastor, administrator, or session/council/vestry members) must maintain access to all master credentials for continuity.
Designated Backup:
At least one backup individual must have access to all accounts in case the primary administrator is unavailable.
4. Account Creation and Ownership
All digital accounts must be created using an official church email address (e.g., admin@yourchurch.org).
Accounts must clearly identify the church as the owner in their registration details (e.g., “Organization Name: [Church Name]”).
5. Credential Management
Password Security:
Use strong, unique passwords for all accounts.
Store passwords in a secure, church-approved password manager (e.g., LastPass, 1Password, Bitwarden).
Update passwords every [Insert Frequency, e.g., 6 months].
Access Control:
Limit access to only those who need it for their roles.
Remove access immediately when a staff member or volunteer leaves their position.
6. Account Recovery
Recovery Information:
All accounts must include a church-controlled recovery email address and, where applicable, a recovery phone number.
Example: Use admin@yourchurch.org or recovery@yourchurch.org for recovery options.
Documentation:
Maintain a record of recovery methods for all accounts in the password manager.
7. Domain and Website Management
Ownership:
Church domain names (e.g., yourchurch.org) must be registered in the church’s name using a church-controlled email.
Renewals:
Domain registrations and hosting accounts must be set to auto-renew, with payment methods managed by the church’s finance team.
Access:
Maintain credentials for domain registrar accounts in the password manager and ensure leadership has access.
8. Social Media Management
All social media accounts should be created under a church-controlled email address.
For Facebook and other social media accounts that are assigned roles, make sure more than one person has access to the account.
Assign a designated team to manage accounts, but retain administrator-level access for the church leadership.
9. Regular Audits
Conduct an annual audit of all digital assets to:
Verify ownership details.
Confirm that credentials are up-to-date.
Ensure only authorized users have access.
10. Incident Response
In the event of a security breach or loss of access:
Notify leadership immediately.
Follow recovery procedures documented for the affected account(s).
Reset affected passwords and update security settings.
11. Policy Review and Updates
This policy will be reviewed and updated annually, or as needed, to reflect changes in technology or church operations.
Resources and Tools
Here are links to account recovery guides for commonly used platforms, which can help churches regain access to accounts when necessary:
1. PayPal
Account Recovery Guide: How to Recover a PayPal Account This guide provides steps for resetting your password, verifying identity, and recovering access to a locked account.
2. Gmail (Google Accounts)
Account Recovery Guide: Google Account Recovery This article explains how to reset your Gmail password, recover accounts without access to the recovery email, and address two-factor authentication challenges.
3. Domain Registrars (GoDaddy, Namecheap, etc.)
General Tips for Domain Recovery: Recover Your Domain Name This ICANN guide explains how to retrieve control of your domain name, especially if ownership information is out of date.
YouTube Recovery: Recover a YouTube Account A step-by-step guide for recovering access to a YouTube channel tied to a Google account.
5. Facebook Pages
Facebook Page Recovery: Recover Admin Access to a Facebook Page Instructions on regaining access to a Facebook Page if the original administrator is unavailable or if ownership disputes arise.
What is a privacy policy and cookie policy? You may have heard these terms, read them, or clicked to permit a website to track cookies, but what does it all…
Practical Steps for Setting Up Church-Owned Accounts To set up church-owned accounts effectively, start by using a dedicated email address. Create an official church email, such as admin@yourchurch.org or accounts@yourchurch.org,…
We were recently contacted by a church struggling to access essential accounts due to an individual’s health issues. The member that set up the church’s PayPal account was diagnosed with…
When creating or managing your online presence, understanding the roles of website hosting, email hosting, and domain parking is essential. Each serves a unique purpose and together they form the…
What is Cloudflare and Why We Use It Cloudflare is a service that provides DNS management and additional layers of security for websites. We started using Cloudflare as early adopters…
PDFs PDFs are a great way to house documents and resources on your ministry website, providing a versatile and universally accessible format for sharing information online. Whether it’s for downloadable…