Skip to Content
TS-TDT-02 Trust & Stewardship Technology & Digital Transformation CORE Excellence v2.9.7

Core Systems Management (e.g., CRM)

Assesses the effective management of core information systems (e.g., CRM, Case Management, Student Information System) including product ownership, change control, and configuration management. It focuses on securing stakeholder data through privacy-by-design, integrated governance, and strict adherence to data protection laws (lawful basis, minimisation, retention, rights). This reflects the Islamic principle of Amanah (trust), treating digital records as a sacred responsibility. Furthermore, it upholds Hifz al-Huquq (preservation of rights) by ensuring robust systems safeguard individual privacy.

KPI / Measure
MetricCore System Adoption, Quality & Compliance
TargetSee description
FrequencyQuarterly
MethodComposite score (Adoption %, Completeness %, Recertification %, DSAR SLA)
UnitVarious
Maturity Levels
Level 1: Initial/Ad-hoc

Data on beneficiaries, donors, and volunteers is managed in an ad-hoc manner using disparate, unsecured tools (e.g., individual spreadsheets). No central system exists, leading to high risk of loss, breach, or betrayal of trust (Amānah).

Level 2: Developing

A basic centralized system is in use, but adoption is inconsistent. Governance is weak: no RoPA entry, shared logins are common, and data quality is poor.

Level 3: Established

A dedicated central system is implemented with basic governance: RoPA entry exists, RBAC/MFA are enforced, and a DSAR process is tested. Manual retention and data cleaning are still required.

Level 4: Advanced

The core system is integrated and compliant: automated retention rules are active, quarterly access recertification is evidenced, and DPIAs govern changes. Data security (Ḥifẓ al-māl) is proactively managed.

Level 5: Optimizing

The system is a strategic asset with privacy-preserving analytics (pseudonymisation) and a data ethics culture. Continuous improvement is driven by metrics (Riʿāyah), ensuring data quality and dignity are paramount.

Applicability

Organisation Types

charity-relief humanitarian-aid zakat-sadaqah-body islamic-center islamic-school-madrasa educational-institution supplementary-school islamic-university-college youth-organization womens-organization student-islamic-society mosque-prayer-space advocacy-campaign-group umbrella-organization representative-body healthcare-service counselling-mental-health elderly-care

By Organisation Size

SizeApplicabilityNotes
Micro exempt Formal CRMs, ticketed change control, and DPIAs are disproportionate for micro volunteer groups who typically use basic spreadsheets.
Small partial Basic CRM use, data hygiene, and vendor DPAs apply, but formal ticketed change control and dedicated product ownership are disproportionate.
Medium partial Requires a central CRM, SOPs, staff training, and DPAs, but ticketed change control and dedicated product owners may be scaled down or managed informally.
Large full
Major full

Applicable When

  • The organization collects and manages data on beneficiaries, donors, or volunteers.
  • The organization has stakeholders whose data privacy needs to be secured.

Not Applicable When

  • The organization does not collect or manage any data on external stakeholders (highly unlikely, but theoretically possible).
  • The organization is extremely small and informal, operating solely based on personal relationships without any formal data collection.

Related Criteria

TS-TDT-01 Digital Transformation Roadmap
Version
2.9.7 2025-11-05

Discussion (1)

Administrator 2026-03-07 12:01:06.909987

📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Full import from mizan-297.json

Sign in to post a comment.

Back to Criteria