Skip to Content
TS-RDC-08 Trust & Stewardship Risk, Data & Compliance CORE Compliance v2.9.7

Digital-safety & online-reputation mgmt.

Assesses the management of the organization's digital presence for safety and reputation. Scope includes all official channels (website, email newsletters, social media, messaging apps like WhatsApp/Telegram, and fundraising platforms). It covers digital safety (account security, impersonation, safeguarding disclosures, data protection) and reputation management (content verification, sentiment monitoring, complaints handling), ensuring ethical online conduct and timely response to issues.

Assessment Questions
  1. How do you secure official accounts (MFA, shared access, removal on leavers) and prevent impersonation?
  2. What policies are in place to ensure online communications are truthful (Qawlan Sadīdan) and verified (Q49:6)?
  3. Describe the process for monitoring, escalating, and responding to feedback/complaints. Is there a log with timestamps?
  4. How does the organization handle safeguarding disclosures received via DMs/comments?
  5. What is the consent process for posting images/videos of children or beneficiaries, ensuring protection of privacy ('ird)?
  6. How does the organization measure the effectiveness of its digital safety efforts (KPIs, drills, sentiment)?
Evidence Requirements
  • Social account register + named owners + MFA proof.
  • Board-approved Digital Communications & Safety Policy.
  • Moderation/takedown log and Complaint log with timestamps.
  • Training records (induction/refresh) on digital safety and adab.
  • Crisis comms playbook + record of annual simulation drill.
  • DPIA for monitoring tools (if used) and supplier DPAs.
  • Safeguarding referral records (redacted) for online disclosures.
Scoring Guidelines
LevelRatingDescription
5 5/5 Excellent: Board dashboard quarterly, independent audit/review, documented learning cycles, and culture of 'Iḥsān'.
4 4/5 Advanced: Monitoring reports, tested crisis plan (annual drill), >90% SLA met, and MFA on all accounts.
3 3/5 Compliant: Policy approved, training records up to date, complaint log shows >80% SLA met, account register exists with named owners.
2 2/5 Basic: Policy exists but monitoring is ad-hoc; response times inconsistent; lack of MFA or formal account control.
1 1/5 Non-Compliant: No policy, significant unresolved negative online issues, or no account security controls.

Related Criteria

TS-RDC-01 Multi‑scenario financial stress‑testing documented TS-RDC-02 Complaints & whistle-blowing mechanism TS-RDC-03 Due-diligence on delivery partners TS-RDC-04 Serious-incident reporting & escalation TS-RDC-05 Cyber-security baseline (NCSC Cyber Essentials – UK)
Version
2.9.7 2025-11-05

Discussion (1)

Administrator 2026-03-07 12:01:03.763917

📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Full import from mizan-297.json

Sign in to post a comment.

Back to Criteria