Update on Chapter Information Security

The protection of customer information and data is under increasing scrutiny worldwide, and we consider the protection of member and stakeholder information and data to be paramount. With that, we began the development of a Chapter Information Security Program in 2019. We are evolving the program to include a documented set of information security policies, procedures, and guidelines relevant to chapters. We will continually partner with chapters to ensure the confidentiality, integrity, and availability of member and stakeholder data and information. 

We have updated the chapter policy manual to include the chapter information security policy. You can access the latest version of the Volunteer Resource Center (VRC). Updates to this policy were informed by:

  1. Our commitment to securing member and stakeholder data

  2. Responses to the Chapter Information Security Questionnaire launched in 2019

  3. The ever-evolving nature of information security best practices

To aid chapters in ensuring member and stakeholder data, we have developed a high-level orientation regarding information security best practices for chapters that can be accessed here. If you have any questions regarding the update to the policy, please contact your chapter partner or chapter administrator and review the following FAQs.

Thank you to the following chapters for their feedback provided on the policy update:

Andreas Madjari (Austria Chapter)                    
Aravin Rangarajan (Washington D.C. Chapter) 
Daniel Fernandes (Recife Pernabumco, Brazil Chapter) 
John Doran (Augusta-Aiken Chapter) 
Kelli Bachelet (Sydney, Australia Chapter)       
Ramesh Pathak (Bangalore Chapter) 
Srinivas Maram (Ottawa-Valley Outaouais Chapter)

Frequently Asked Questions

The protection of customer data and information is under ever-increasing scrutiny and it’s paramount that we protect the privacy of our members. Protecting customer’s data is not just an obligation, in many nations, it’s a legal requirement.

The policy is effective immediately and is included in the chapter policy manual, available on the Volunteer Resource Center.

Chapters will not be asked about their data security practices within the charter renewal document. Each year, The chapter development department in partnership with the IT security team will determine whether all chapters will be required to complete a risk assessment in which case chapters will be asked to attest to their security posture. Chapters will not be required to complete a risk assessment in 2020.

As PMI and chapters own a shared risk relative to the security of our customers’ information, we will partner with the chapter to identify opportunities to mitigate risks. In addition, we will continue to explore how to support chapters that may need support in mitigating risks and addressing gaps in inappropriate controls.

We will develop training resources and guidelines for chapter leaders based on needs.  As data security is impacted by evolving risks and the emergence of new technologies, We will remain committed to providing chapters with training resources to protect customer information.

The availability of resources will be announced to chapter leaders via PMInsight and they will be located on the Volunteer Resource Center.

We strongly recommend that chapters develop and adopt their own information security policies. If your chapter already has policies in place and you have questions about inconsistencies with our policy, please reach out to your chapter partner or chapter administrator.

Our updated policy states that each chapter appoints someone to be the chapter’s point of contact on data security matters. Amongst other responsibilities, the point of contact will be responsible for the completion of the Information Security Risk Assessment or assisting in its completion. Chapters have the capacity to combine the security role with suitable existing chapter leadership roles such as Chapter President or VP of Information Technology.

If the chapter believes it has experienced a suspected security incident, the chapter should immediately contact its chapter partner. The chapter partner will notify the PMI IT security team, who will remain available to assist the chapter in the resolution of the incident.