Standards for child and youth development programs

2020 Edition

Child and Youth Development Program Administration (CYD-AM) 9: Information Management and Security

The program appropriately maintains and protects information related to program planning, operations, and evaluation.
2020 Edition




Sound administration and management increase program quality and sustainability; promote financial accountability and viability; support transparency and openness; and reduce risk, loss, and liability exposure.
The program’s practices fully meet the standard, as indicated by full implementation of the practices outlined in the Practice Standards.
Practices are basically sound but there is room for improvement, as noted in the ratings for the Practice Standards.
Practice requires significant improvement, as noted in the ratings for the Practice Standards.
Implementation of the standard is minimal or there is no evidence of implementation at all, as noted in the ratings for the Practice Standards.
Self-Study EvidenceOn-Site EvidenceOn-Site Activities
  • Procedures/guidelines for information management and security (CYD-AM 9.01, 9.02)
No On-Site Evidence
  • Interview:
    1. Program Administrator and/or Director
    2. Program Personnel
  • Observe system for maintaining and storing files, records, and other information

CYD-AM 9.01

The program has an information management system that supports and facilitates program planning, operations, and evaluation.


The information management system should enable the program to collect, maintain, and access all types of information, from the rate of personnel turnover, to financial statistics, to data about program participants (e.g., attendance records, grades, test scores, or ongoing assessments of progress). COA does not require programs to use computer-based systems, but the use of appropriate technology may help to promote efficiency.

CYD-AM 9.02

The program protects confidential and other sensitive information from theft, unauthorized use, damage, or destruction by:
  1. limiting access to authorized personnel on a need-to-know basis;
  2. maintaining paper records in a secure location;  
  3. using firewalls, anti-virus and related software, and other appropriate safeguards; and
  4. backing up electronic data, with copies maintained off premises when possible. 


This standard addresses the security of all types of applicable records, including files of children and youth and administrative, financial, and personnel records.  The program should develop a system for storing files and records that best fits its needs and circumstances, and should implement the elements of the standard as appropriate to those needs and circumstances.  For example, a program that does not maintain electronic data will not implement element (d) of the standard.
Regarding element (b) of the standard, relevant ways to ensure that paper records are stored in a secure location may include, but are not limited to: locking file cabinets; using a locked file room with limited access or a gatekeeper system whereby one person or a few people can unlock the file storage area or access the files themselves; or establishing a system with a keypad or keys where only authorized individuals are given the keypad code or copies of the keys.  Programs may also consider storing files above the ground floor if the program is located in an area prone to flooding, and using fireproof file cabinets, metal file cabinets, or sprinkler systems to protect against fire.