Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Necessary security features for small database

  • 08-01-2019 6:44pm
    #1
    Registered Users, Registered Users 2 Posts: 1,996 ✭✭✭


    Hello,
    I'm a member of a voluntary social club that is setting-up a new members' database which includes members' bank account details - necessary for the payment of expenses.

    I've been wondering about what security precautions are being taken especially with the bank data. I want to make a constructive enquiry without offending the volunteers doing the work or adding to their work-load unnecessrily.

    My questions are:
    - What minimum security precautions should I expect be taken.
    - Should all data be encrypted or just banking account details?
    - Should the banking data a be hived-off to the Treasurer's private computer or is it safer on the hosting company server along with the website.
    I realise that setting-up user permissions and restricting port access is relevant too but don't feel entitled/competent to get into that level of detail.

    Some extra info.
    The database is for admin purposes primarily. Typically (some) committee members will need full access. The wider club population will have minimal access I think. I don't expect any user update facilities will be provided.
    I'm not involved with the development. I don't know what technologies are used.

    Thanks


Comments

  • Closed Accounts Posts: 260 ✭✭rd1izb7lvpuksx


    Basically, you'll be subject to all the security and privacy requirements that an economic enterprise is, so you'll have to encrypt everything, have privacy and retention policies, have access control and logging, all the stuff a business would have to do.

    I wonder if there's a provider who can sell you this as a service, rather than doing it yourself. I was involved in a sports club who doing this kind of thing and had to resign as they refused to take it seriously.


  • Registered Users, Registered Users 2 Posts: 1,996 ✭✭✭two wheels good


    Thanks for your response. I'm not involved myself with the developement of the dbase.
    I agree that paying a professional would be worth considering but I suspect it will be developed by another member.
    Hopefully my concerns are unfounded but I feel I'll have to ask a few questions and try to get some reassurance.


Advertisement