The Faith Organization Cybersecurity Assessment & Planning Program (FOCAPP) is a
specialized initiative designed to help churches and other faith-based institutions
navigate the complex and evolving world of cybersecurity. Recognizing that many of
these organizations operate with limited IT resources and budget constraints, FOCAPP
delivers a practical, mission-aligned framework to enhance digital resilience without
compromising their values or stretching their operational capacity.
FOCAPP begins with a comprehensive Cybersecurity Risk Evaluation, which serves as the
foundation for the program. This phase includes an in-depth analysis of current technologies,
identification of known and potential vulnerabilities, staff cybersecurity awareness assessments,
and a review for any signs of past or active data breaches. The evaluation also benchmarks current
practices against industry standards to highlight gaps and opportunities for improvement, enabling
leadership to make informed decisions moving forward.
Once the risk landscape is clearly understood, FOCAPP guides organizations through setting realistic
cybersecurity goals that align with their mission and size. The program also helps prioritize budget
allocations by focusing on high-impact, cost-effective security measures. Through collaborative planning
sessions, faith organizations receive the tools and guidance to begin building a security-minded culture from the ground up.
The final deliverable is a customized Cybersecurity Risk Management Plan tailored to the specific
needs of the faith organization. This plan outlines actionable policies for data privacy, secure data
retention, system protection, ongoing staff training, and incident response readiness. By the end of the
program, participating organizations are better equipped to safeguard their digital assets, protect
congregational data, and operate with confidence in today’s threat environment.
Phase 1 provides a comprehensive assessment of the organization’s technology, security controls, staff awareness, and any past data breaches to establish a clear understanding of its current cybersecurity posture.
Phase 2 focuses on defining clear cybersecurity objectives, aligning them with the organization’s mission, and establishing a dedicated budget to effectively guide and prioritize future security efforts
Phase 3 centers on developing cybersecurity policies, asset inventories, and an incident response plan to ensure data is protected, risks are proactively managed, and the organization is prepared to respond effectively to potential threats.
Phase 4 focuses on implementing cybersecurity policies, remediating identified risks, deploying endpoint defenses, and training staff to ensure timely action and active participation in strengthening the organization’s overall security posture.
Phase 5 verifies the elimination of previously identified vulnerabilities, reassesses the organization’s security posture, and supports continuous improvement to ensure defenses remain effective against evolving threats.