System Access and Information Management Policy

SYSTEM ACCESS AND INFORMATION

MANAGEMENT POLICY

Sierra Gold Soccer Club Board of Directors

Prepared by: Competitive Committee

Date: February 2026

PURPOSE

This policy establishes guidelines for access to Sierra Gold Soccer Club’s electronic systems,

accounts, and data to ensure operational continuity, appropriate oversight, and protection of

club information.

I. GENERAL PRINCIPLES

A. B. C. D. All club systems, accounts, data, and passwords are the property of Sierra Gold Soccer

Club, not individual board members, contractors, or volunteers.

Multiple authorized individuals shall have administrative access to all critical club systems to

ensure continuity of operations.

Access rights are tied to positions/roles, not individuals. When someone leaves a position,

their access shall be promptly removed.

All individuals with system access shall maintain confidentiality of sensitive information

including player data, family contact information, and financial records.

II. REQUIRED SYSTEM ACCESS

The following individuals shall have administrative access to the designated systems:

A. GotSport (Player/Coach Registration System)

- President (full admin access)

- Treasurer (full admin access)

- Director of Coaching - Competitive (access to all competitive teams)

- Director of Coaching - Recreational (access to all recreational teams)

- Registrar/Administrator (if position exists - full admin access)

B. Financial Systems (QuickBooks or equivalent)

- President (full admin access)

- Treasurer (full admin access)- Any paid bookkeeper/administrator (as needed, full admin access)

C. Google Workspace (Email & Document Management)

- President (super admin access)

- Treasurer (admin access)

- Secretary (admin access to shared drives/documents)

D. Banking and Financial Accounts

- President (online access, authorized signer)

- Treasurer (online access, authorized signer)

E. Club Email Accounts

- President (access to all club email accounts)

- Treasurer (access to financial email accounts)

- Secretary (access to general club email accounts)

- Relevant coordinators (access to their program-specific email accounts)

F. Website and Social Media

- President (full admin access)

- Communications Coordinator (full admin access)

- One additional board member as backup (full admin access)

G. League/Association Portals

- President (admin access)

- Relevant DOC or Comp Coordinator (access to their divisions)

- Registrar/Administrator (if position exists - admin access)

H. Field Scheduling/Permit Systems

- President (admin access)

- Fields Coordinator (admin access)

- One additional board member as backup (admin access)

I. Physical Assets and Storage

- President (keys/codes to all facilities)

- Equipment Coordinator (keys/codes to equipment storage)

- At least one additional board member as backup

J. Document Repository

- President (access to all official documents)

- Treasurer (access to all financial documents)

- Secretary (access to all meeting minutes and correspondence)

III. PASSWORD MANAGEMENT

A. All system passwords shall be stored in a secure, shared location accessible to the President

and Treasurer at minimum (recommended: password manager such as LastPass for

Organizations, 1Password Teams, or similar).

B. Passwords shall be changed:

- Annually at minimum

- Immediately when someone with access leaves their position

- Immediately if a security breach is suspectedC. Passwords shall not be shared outside the authorized individuals listed in this policy without

D. Board approval.

Individual user accounts should be created where possible rather than sharing a single

login.

IV. ONBOARDING AND OFFBOARDING

A. When a new board member or authorized individual assumes a position:

- They shall be granted appropriate system access within 5 business days

- They shall be provided with all relevant passwords and login information

- They shall be briefed on confidentiality requirements

B. When a board member or authorized individual leaves a position:

- Their individual access shall be removed within 3 business days

- Shared passwords for systems they accessed shall be changed within 7 days

- They shall return any club equipment, files, or materials

- They shall confirm in writing that they have not retained copies of confidential information

V. CONTRACTORS AND PAID STAFF

A. Any contractors or paid staff who require system access to perform their duties shall:

- Be granted only the minimum access necessary to perform their specific responsibilities

- Acknowledge in writing that all systems, data, and passwords are club property

- Provide the President and Treasurer with full administrative access to any systems they

manage

- Not restrict or prevent board members from accessing club systems

B. Contractor or employee agreements shall include provisions requiring:

- Sharing of all login credentials with designated board members

- Immediate transfer of access upon termination

- Cooperation with transition and knowledge transfer

VI. DATA ACCESS AND REPORTING

A. Board members shall have the right to access operational data relevant to their oversight

responsibilities, including:

- Registration numbers and trends

- Financial reports and transaction details- Program enrollment and participation data

- Communication records (emails, announcements, etc.)

B. Real-time data access is preferred over periodic reports where feasible.

C. Sensitive personal information (player addresses, medical information, etc.) shall be

accessed only as necessary for legitimate club business.

VII. SECURITY AND CONFIDENTIALITY

A. All individuals with system access shall:

- Keep login credentials confidential

- Not share access with unauthorized individuals

- Log out of systems when not in use

- Report suspected security breaches immediately to the President

B. Confidential information includes but is not limited to:

- Player and family personal information

- Financial account information

- Personnel matters and internal board discussions

- Proprietary club documents

C. Confidential information shall not be shared outside the club except as required by law or

with explicit Board authorization.

VIII. COMPLIANCE AND ENFORCEMENT

A. The President shall conduct an annual review to ensure:

- All designated individuals have appropriate access

- Former board members/contractors no longer have access

- Passwords have been updated

- The access list reflects current positions

B. Failure to comply with this policy may result in:

- Removal of system access

- Removal from board position

- Termination of contractor agreement

- Legal action if warrantedIX. EXCEPTIONS

Any exceptions to this policy require approval by majority vote of the Board of Directors and

shall be documented in meeting minutes.

X. POLICY REVIEW

This policy shall be reviewed annually and updated as needed to reflect changes in club

structure, systems, or best practices.

------------------------------------------------------------------------------------------------------------------

ACKNOWLEDGMENT

All board members, contractors, and volunteers with system access shall sign an

acknowledgment that they have read, understood, and agree to comply with this policy.

-----

I, _________________________________, acknowledge that I have read and understand the

Sierra Gold Soccer Club System Access and Information Management Policy and agree to

comply with all provisions.

Position: _________________________________

Signature: _________________________________

Date: ____________