CMT Volunteer R&D

CMTA Tech for Volunteers – R&D Site

How to Access the Platform

1

Member Portal Login

Log in to the member portal using the credentials provided in your email invitation. If you haven’t received an invitation, contact our membership team.

2

Navigate to Dashboard

Once logged in, navigate to the Dashboard section from the main menu to access all platform features and tools.

3

Explore Features

Use the navigation buttons and interactive elements to explore different views and drill down through various data levels.

How to Access the Dashboard

  1. Log in to the member portal through the invite received on your email
  2. Navigate to the Dashboard section
  3. Use the navigation buttons to explore different views
  4. Click on chart segments to drill down through geographic levels
  5. Use the “Back” button to navigate to higher levels

Platform Features

👥

CMT Committees System

Complete committee management system with board members, committees, and leadership structure. Manage governance, members, and volunteer opportunities.

  • Board of Directors and it’s Committees
  • Association Committees (CTC, Admissions, Ethics, etc.)
  • Outreach & Advocacy initiatives
  • Thought Leadership programs
  • Global Chapter Development (CDC)
  • Hierarchical committee structure with parent-child relationships
📊

Interactive Volunteer Dashboard

Visualize and understand our volunteer data with interactive charts and role-based insights. Explore geographic distribution and member statistics.

  • Dynamic sunburst chart showing volunteer distribution
  • Multi-level navigation (Global → Regional → Country → City)
  • Three viewing modes: All Locations, Eligible Chapters, PII Data
  • Real-time member statistics and role-based access
📝

Member Meeting Form

Streamlined meeting management system for organizing and tracking member meetings, events, and gatherings.

  • Meeting registration and RSVP management
  • Event scheduling and calendar integration
  • Member attendance tracking
  • Meeting minutes and documentation
  • Automated notifications and reminders
  • Integration with member database
🔒

Role-Based Access Control

Secure access to information based on your membership level and leadership role within the organization.

  • Board Members: Full access to all data and PII
  • Committee Chairs: Committee-specific access
  • Chapter Leaders: Regional member data
  • General Members: Aggregated statistics
  • Secure authentication and authorization

PII Access Policy

Data Security & Access Control

  • PII data access is restricted based on leadership level and role permissions
  • All PII access is logged and monitored for security compliance
  • Member information should be used responsibly

Tiered Access Model:

  • Global Level: No PII access – relies on anonymized reports and aggregate statistics
  • Regional Level: Access to unaffiliated individuals in region for outreach purposes
  • Chapter Level: Access to members not in communities within their chapter scope
  • Community Level: Full access to all community members for organizing events and outreach

Policy Framework Overview

Our tiered-access model implements “least privilege” principles, where leaders closer to individual members have more PII access. This approach balances operational needs with privacy protection:

Global Level (No PII Access)

Aligned with best practice. At the highest governance tiers, leaders rely on anonymized reports, aggregate stats, or dashboards. This approach is common in both corporate and nonprofit contexts for privacy and liability reasons.

Regional Level (Unaffiliated Region Access)

Provides access to individuals in the region who do not belong to an eligible chapter for outreach purposes. This supports our mission of growing awareness while maintaining appropriate boundaries for regional leadership.

Chapter Level (Non-Community Members)

Chapter leaders access members not in communities within their scope. This ensures chapter leaders can effectively serve their members while avoiding overlap with community-level access.

Community Level (Full Community Access)

Community leaders have full access to all community members for organizing events and outreach. This is the most standard tier, supporting operational necessity for community management.

Policy Strengths:
  • Respects “minimum necessary” principle by tier
  • No broad/global access – good privacy practice
  • Clear operational justification for each access level
  • Implements least privilege access model

Important: Remember that PII data access is logged and should be used responsibly. Any misuse will be reported.

Compliance Standards Comparison

Our PII access policy compared to international standards and regulations:

Feature / Principle CMT Association Guidelines GDPR (EU/UK) ISO/Standards
Scope of access by leadership tier Global = none; Regional = unaffiliated region; Chapter = chapter non-community; Community = full community GDPR doesn’t define “leadership tiers” but requires role-based access / least privilege: only those whose job requires access get it ISO/27701 requires defining processing roles, specifying access permissions, and applying privacy by default/design
Purpose Limitation / Specified Use Outreach + organizing as stated generally; not super granular Must be “specified, explicit and legitimate” and not used in other incompatible ways Standards push for clear policies, documentation of processing purposes; privacy by design includes thinking about purpose upfront
Data Minimization Implicit: only PII for those you need to contact, by region/role; but not very detailed on which fields etc. Key GDPR principle: data must be “adequate, relevant and limited to what is necessary” ISO/27701 / PbD: minimize by default, pseudonymization where possible, also restrict field-level access
Storage / Retention Limitation No explicit policy about how long leaders hold the data after using it / after role ends etc. “Storage limitation” requiring keeping data no longer than necessary ISO standards require retention schedules, lifecycle control, secure deletion, etc.
Consent / Rights of Individuals Not defined; no mention of opt-in / opt-out, individual rights Data subject rights (access, rectification, erasure, etc.), lawfulness based on consent or other legal basis ISO / privacy frameworks always include transparency & rights; “privacy by design/default” expects consent or other legal basis
Auditability / Logging / Accountability No mention of logs or tracking who accessed what and when GDPR mandates accountability: being able to demonstrate compliance, maintain records of processing ISO/27701 has controls for monitoring, audits, oversight, roles & responsibilities clearly assigned
Security / Confidentiality Implicit assumption of secure handling by leaders, but no detailed guidance (e.g. encryption, secure storage, limits on device etc.) GDPR demands integrity and confidentiality: appropriate technical and organizational measures Standards mandate technical controls (access controls, encryption, secure infrastructure) plus organizational ones (training, policy, monitoring)