Governance & Good Practices · Policies

Policy Repository

CHRSD's core governance policies, published in full. These policies govern how we protect people who report misconduct, how we prevent corruption, how we safeguard sensitive data, and how we protect children and vulnerable adults in our programmes.

Governance framework

Our policy commitments

The four policies below represent CHRSD's core institutional commitments to ethical governance. Each is reviewed at least annually by the Advisory Board and is fully enforceable across all staff, consultants, volunteers, and partner organisations engaged in CHRSD programmes.

01

Whistleblower Protection Policy

Encourage reporting of misconduct through protected, confidential channels — with a written guarantee against retaliation.

Purpose

This policy exists to ensure that all persons associated with CHRSD — whether staff, consultants, volunteers, board members, or partner organisation representatives — can report known or suspected misconduct, fraud, corruption, or governance failures without fear of adverse consequence. CHRSD is committed to creating an environment where raising concerns is treated as an act of institutional loyalty, not disloyalty.

Scope

This policy applies to all CHRSD staff (permanent and contractual), consultants and service providers, volunteers, members of the Advisory Board and governing committees, and personnel employed by partner organisations who are engaged in CHRSD-funded or CHRSD-implemented programmes.

Reporting channels
  • Email: ethics@chrsd.org (monitored exclusively by the Ethics Committee)
  • Anonymous hotline: Available to all staff and associates — details distributed internally
  • Written submission: Sealed letter addressed directly to the Board Chair, marked "Strictly Confidential"
  • Direct disclosure: To any member of the Ethics Committee or, where the concern involves committee members, directly to the Board Chair
Protections guaranteed

No person who makes a report in good faith under this policy shall face dismissal, demotion, salary reduction, adverse performance assessment, workplace harassment, exclusion from opportunity, or any other form of victimisation. These protections apply regardless of whether the reported concern is subsequently substantiated, provided the report was made honestly and without malicious intent.

Investigation process

All reports received through any designated channel are reviewed by an independent Ethics Committee within 14 working days of receipt. The committee operates independently from line management. Investigators are required to maintain confidentiality, protect the identity of the reporter to the fullest extent possible, and document all steps taken.

Non-retaliation guarantee

On conclusion of the preliminary review, the Ethics Committee will provide written confirmation to the reporter (where identity is known) that no retaliatory action has been or will be taken as a result of their disclosure. This written confirmation is a formal institutional commitment.

02

Anti-Corruption & Anti-Bribery Policy

Zero tolerance for bribery, facilitation payments, kickbacks, and fraud — applicable across all institutional relationships.

Zero-tolerance position

CHRSD maintains an absolute zero-tolerance position on bribery, corruption, and fraud in all its forms. This includes: direct bribery (offering, giving, receiving, or soliciting anything of value to influence action), facilitation payments (unofficial payments to expedite routine functions), kickbacks (return of funds as reward for awarding contracts or grants), conflict of interest not properly declared and managed, and any form of financial fraud or misappropriation of institutional assets.

Scope of application

This policy applies to all CHRSD operations, without exception, including: government liaison and ministry-level engagement, procurement and vendor contracting, donor engagement and grant management, sub-granting to partner organisations, and all external representation of CHRSD. Third-party agents, consultants, and partner organisations are required to confirm adherence to equivalent standards as a condition of engagement.

Gift and hospitality policy

No staff member, consultant, volunteer, or board member shall accept any gift, hospitality, or benefit with a value exceeding BDT 500 equivalent from any external party with whom CHRSD has or may have a business or programme relationship. All gifts received, regardless of value, must be declared to the relevant line manager and logged in the institutional Gift Register. Gifts above the threshold must be returned, donated to an institutional purpose, or declined at the point of offer.

Training requirements

Completion of CHRSD's Anti-Corruption and Anti-Bribery training module is mandatory for all staff on joining the organisation and annually thereafter. Participation is recorded and non-completion constitutes a disciplinary matter. Programme-specific training is additionally required for all staff with procurement, financial management, or government-liaison responsibilities.

Enforcement

Any confirmed breach of this policy will result in immediate suspension of the individual pending a formal investigation. Substantiated findings of corruption, bribery, or fraud will result in termination of employment or contractual relationship, referral to law enforcement authorities where appropriate, notification to relevant donors or government bodies where required, and recovery of funds or assets where possible.

03

Data Privacy & Security Policy

Rigorous data governance for sensitive datasets including teacher biometrics, student records, and beneficiary personal data.

Legal framework

CHRSD's data processing activities are governed by: the principles of the EU General Data Protection Regulation (GDPR) as an international standard of best practice; the Bangladesh Data Protection Act (draft framework); the Information and Communication Technology (ICT) Act, 2006, Bangladesh; and applicable ministry-level data governance circulars issued by MoPME and MoEFCC. Where domestic law and GDPR principles differ, CHRSD applies the higher standard of protection.

Datasets covered by this policy
  • Teacher biometric data: Fingerprint and facial recognition data collected under the Smart Digital Attendance Management System and Monitoring Programme (SDAMSMP)
  • Student attendance records: Digital attendance data linked to individual learners across enrolled primary schools
  • RMG worker beneficiary data: Personal health and vision assessment data collected under the AI Vision Care Initiative in BGMEA-affiliated factories
  • Agricultural beneficiary data: Personal and livelihood data collected from smallholder farmers in CHRSD field programmes
  • NSADMP custodian data: Identity and location data associated with registered tree custodians under the National Smart Afforestation Programme
Data minimisation

CHRSD collects only the personal data that is strictly necessary for the stated, lawful purpose of the programme for which it is collected. Purpose limitation is enforced: data collected for teacher attendance monitoring shall not be used for any other purpose without the explicit, written consent of the data subject and the approval of the relevant ministry.

Retention periods
  • Teacher biometric data (fingerprint/facial): Retained for 3 years post-programme conclusion; then securely deleted
  • Beneficiary personal data (RMG workers, farmers, programme recipients): Retained for 5 years post-programme conclusion
  • Student attendance records: Retained for the period required by DPE/MoPME directive; default 5 years
  • Financial records linked to personal data: Retained for 7 years in accordance with Bangladesh tax and audit requirements
Access control

Access to personal data is restricted on a strict need-to-know, role-based basis. Nevronus Systems operates as a data processor for all technology-mediated data under a formal Data Processing Agreement (DPA) which specifies permitted processing activities, security obligations, breach notification duties, and sub-processor restrictions. No data is transferred to any third party outside the terms of the applicable DPA or without explicit data-subject consent.

Breach notification protocol
  • Affected data subjects notified within 72 hours of breach detection, where contact information is available
  • Relevant ministry or government authority notified within 5 working days
  • CHRSD Board notified immediately on identification of any breach involving biometric or sensitive personal data
  • Full incident report documenting cause, scope, and remediation measures completed within 30 days
Data subject rights

All individuals whose personal data CHRSD holds retain the right to: access a copy of their personal data; request correction of inaccurate or incomplete data; request deletion of data where the processing purpose has lapsed and no legal retention requirement applies; object to processing where it is not required for the performance of a programme or legal obligation. Requests are responded to within 30 calendar days.

04

Child & Vulnerable Adult Safeguarding Policy

Absolute commitment to the safety of every child and vulnerable adult who comes into contact with CHRSD programmes, field sites, or events.

Commitment

CHRSD is unconditionally committed to the safety and wellbeing of all children and vulnerable adults who come into contact with our programmes, field sites, training venues, and events. This commitment is non-negotiable and superior to all other operational considerations. The welfare of children and vulnerable adults is the first concern of every CHRSD staff member, volunteer, and associate.

Scope

This policy applies to all CHRSD activities across all locations — including but not limited to: government primary school deployments under SDAMSMP, community field sites under NSADMP, training venues, public events, media engagements, and digital platforms. It applies to all permanent staff, temporary and contractual staff, consultants, volunteers, board members, and visitors to CHRSD sites and programmes.

Prohibited conduct

The following conduct is strictly prohibited under all circumstances, and any breach will result in immediate removal from the programme and referral to law enforcement authorities:

  • Physical abuse, corporal punishment, or any form of physical coercion
  • Emotional or psychological abuse, including humiliation, threats, or intimidation
  • Sexual abuse, exploitation, or harassment in any form
  • Grooming behaviours or inappropriate personal communications
  • Photographing or filming children or vulnerable adults without explicit written consent from a parent or guardian
  • Sharing images of children or vulnerable adults on personal or institutional social media without consent
  • Accepting personal gifts from children, families, or caregivers in return for programme access or favours
  • Any commercial exploitation of children or vulnerable adults
Safer recruitment

All staff, volunteers, and consultants who will have direct contact with children or vulnerable adults undergo: criminal background checks prior to engagement; professional reference verification with specific safeguarding questions; review of any known safeguarding concerns through appropriate professional channels; and are required to sign CHRSD's Safeguarding Declaration as a condition of engagement. No individual with a substantiated safeguarding concern on record shall be permitted to hold a position involving contact with children or vulnerable adults.

Reporting and escalation

CHRSD designates a trained Designated Safeguarding Lead (DSL) who is the first point of contact for all safeguarding concerns. Any concern — however minor — must be reported to the DSL immediately. The DSL activates the escalation protocol within 24 hours of receiving any concern, which may include notifying local child protection authorities, law enforcement, or relevant government ministries. All reports are documented. A concern need not be proven to be reported — a reasonable suspicion is sufficient.

PSEA — Protection from Sexual Exploitation and Abuse

CHRSD fully aligns with the UN Inter-Agency Standing Committee (IASC) standards on Protection from Sexual Exploitation and Abuse (PSEA). All CHRSD staff and associates are trained on PSEA principles. CHRSD maintains a PSEA focal point and participates in relevant inter-agency coordination mechanisms. Allegations of SEA are treated as the most serious category of safeguarding concern and are escalated immediately to the Board.

Policy review

This policy is reviewed annually by the CHRSD Advisory Board, or immediately following any safeguarding incident, change in relevant law or regulation, or update to international standards. The most current version of this policy is published on the CHRSD website and is available in hard copy on request.