Security at Planning Center Online
Security here at Planning Center Online is not taken lightly. Please review the Security Practices and Procedures here:
In that document we address the following topics:
- Technical Security and Encryption
- Security Through Coding Practices
- Local Equipment Security
- Personnel Security
- Server Security
- PCI Compliance
- Security Response
- Security Culture
Extra Measures for PCO Giving
In addition to our Security Practices and Procedures at PCO, we take some extra precautions for Planning Center Giving specifically.
Separate Admin System for Giving
In PCO Accounts, there's an idea of an "Organization Administrator." When you add someone to this list, they have access to all the applications you subscribe to as an organization... but not Giving. For this application, access is more tightly controlled. For someone to have access to Giving, they need to be specifically added by another Giving Admin from within the application itself. When a new Giving Admin is added, all other Giving Admins are notified of the change. When someone's Giving access is revoked, they have to be specifically added back (even if they're the one that originally created the account).
Some of the first lines of code we wrote for PCO Giving had to do with logging. When something changes in your Giving database, the change is logged. Each log entry shows when something was edited, created, or deleted. It also shows when and who made the change. When possible, it also shows the previous values for a given change. These logs stem from the database itself, so there's no going around it.
Donation-Specific Adjustment Logs
The system-wide log is there for deep diving into some specific activity. On a practical level, when you're looking at the details of a donation, log activity that is specific to that donation will appear right on the donation itself.