Anti-Corruption & Bribery Policy

1. Why This Policy Matters

Modern slavery rarely looks like chains or locked rooms. It hides in contracts people do not understand, in wages that trap workers in survival mode, or in power dynamics that silence vulnerability.

For virtual assistants, gig workers, and disabled or neurodivergent talent, exploitation can appear as unpaid trials, coercive contracts, or emotional manipulation. INVA was created to dismantle these invisible harms.

This policy protects every person in our ecosystem and ensures that every partnership, contract, and supply chain reflects dignity, fairness, and choice.

2. Purpose & Scope

This policy outlines how INVA prevents, identifies, responds to, and eliminates any form of modern slavery, forced labour, human trafficking, or exploitative conditions across all operations.

Applies to:

• All employees, virtual assistants, consultants, and interns
• All implementing partners, suppliers, and contractors
• Any organization or individual representing INVA
• All geographic regions where INVA operates or sources labour

3. Guiding Principles

• Dignity: Every person deserves autonomy and safe working conditions.
• Transparency: No hidden clauses, coercion, or deceptive recruitment practices.
• Equity: Special protections for marginalized and neurodivergent talent.
• Accountability: Rapid action when risks are identified.
• Compliance: Alignment with:
– UK Modern Slavery Act (2015)
– ILO Conventions on Forced Labour
– Kenyan Employment Act (Cap 226)
– UN Guiding Principles on Business & Human Rights

4. Definitions

• Modern Slavery: Situations where individuals cannot refuse or leave work due to threats, exploitation, or deception.
• Forced Labour:Work performed involuntarily under coercion or intimidation.
• Human Trafficking:Recruiting or transporting individuals through force, fraud, or coercion for exploitation.
• Debt Bondage: Work exchanged for repayment under unfair or impossible terms.
• Exploitation:Unfair treatment that takes advantage of a person’s vulnerability.

5. Policy Statements

INVA commits to a zero-tolerance approach to all forms of modern slavery.

INVA prohibits:

• Unpaid trials longer than 1 hour
• Retention of passports or personal documents
• Deceptive or unclear contract terms
• Recruitment fees charged to candidates
• Wage deductions without written consent
• Pressure, threats, intimidation, or retaliation
• Any form of coerced overtime
• Exploitation of neurodivergent or disabled workers through misinformation or isolation,

INVA requires:

• Transparent pay structures
• Clear communication of rights and responsibilities
• Contracts available in plain language
• Accessibility and accommodation options
• Fair and safe recruitment pathways
• Supplier due-diligence screening and annual audits
• Ethical partnership agreements
• Immediate investigation of any reported risk

6. Procedures

If you suspect modern slavery or exploitation:

1. Record factual details — what you observed, dates, individuals involved, and any available evidence.
2. Report immediately via the Whistleblowing Portal or directly to the Governance Team.
3. If someone is unsafe, request emergency safeguarding measures.
4. Do not confront the suspected perpetrator or expose the victim to risk.
5. A Governance & Legal case team will initiate an investigation within 72 hours.
6. INVA will provide protection, support, and referral services to affected individuals.

7. Roles & Responsibilities

All Staff:

• Know your rights
• Report concerns immediately
• Ensure ethical behavior in all activities

Supervisors & HR:

• Guarantee transparent, fair hiring practices
• Ensure accommodations for disability and neurodivergence

Legal & Governance:

• Lead investigations
• Maintain supplier compliance records
• Update policy annually

Partnerships Team:

• Ensure partners sign the Ethical Partnership Model
• Conduct annual due-diligence screenings

Suppliers:

• Must fully comply with this policy
• Any violation results in immediate contract termination

8. Escalation & Reporting Channels

• Primary: Whistleblowing Channel (anonymous allowed)
• Secondary: Head of Legal & Governance
• For Immediate harm: Safeguarding Focal Point
• External referral (if required): Labour authorities, social protection agencies

Retaliation against anyone who raises a concern is strictly prohibited.

9. Review & Version Control

• Annual legal review aligned with UK, Kenyan, and ILO standards
• Annual accessibility and DEIB audit
• Versioning displayed on every page
• All outdated versions archived but accessible for accountability

10. How INVA Lives This Policy

We design every recruitment pathway — internal and external — to eliminate exploitation.

We involve neurodivergent and disabled consultants in reviewing all staffing protocols.

We run annual Ethical Labour Labs where staff learn how modern slavery appears in virtual work.

We publish transparent reports on partner compliance and actions taken on violations.

Modern slavery thrives in silence.

INVA thrives in transparency.

1. Why This Policy Matters

Unsafe behavior grows strongest in silence. Many people remain quiet when they witness wrongdoing because they fear retaliation, job loss, embarrassment, or not being believed.

For neurodivergent, disabled, and marginalized workers, speaking up can feel even riskier power dynamics, past discrimination, and communication barriers all shape how safe someone feels.

INVA’s purpose is to make the invisible visible. This policy ensures every person, regardless of position or identity has a safe, confidential, and accessible way to report wrongdoing without fear.

A healthy organization is one where truth has room to breathe. This policy protects that space.

2. Purpose & Scope

This policy establishes the procedures for reporting, investigating, and addressing any form of misconduct within INVA.

Applies to:

• All employees, virtual assistants, consultants, contractors, and interns
• Board members
• Partners and suppliers (for INVA-related misconduct)

Covers reports related to:

• Corruption, fraud, bribery
• Harassment, discrimination, abuse, bullying
• Risks to health, safety, or safeguarding
• Data breaches or privacy violations
• Violations of INVA policies
• Unethical or illegal activities
• Modern slavery or exploitation
• Conflicts of interest
• Any behavior that undermines INVA’s mission

3. Guiding Principles

• Safety: No one should fear consequences for raising concerns.
• Confidentiality: Reports are protected and disclosed only on a need-to-know basis.
• Accessibility: Multiple reporting options, including anonymous submissions and neurodivergent-friendly forms.
• Fairness: Investigations are objective, timely, and based on evidence.
• Protection: Strict anti-retaliation commitments.
• Transparency: Processes and outcomes summarized in the annual governance dashboard.

4. Definitions

Whistleblowing: The act of reporting misconduct, risks, or violations within the organization.

Reporter/Whistleblower: The person raising the concern, whether identified or anonymous.

Retaliation: Any negative action taken against a whistleblower for reporting (e.g., demotion, exclusion, harassment, threats).

Misconduct: Actions or omissions that violate INVA policies, ethical guidelines, or the law.

5. Policy Statements

INVA commits that:

• Everyone has the right to report concerns safely and confidentially.
• Anonymous whistleblowing is supported and protected.
• Retaliation in any form is strictly prohibited and punishable.
• All reports will be acknowledged within 48 hours and investigated promptly.
• Investigations will follow trauma-informed, DEIB-aligned standards.
• Reporters will be updated throughout the process (unless anonymous).
• Findings will result in corrective action—no matter who is involved.
• All investigations must respect disability, neurodivergence, and cultural considerations.

You should whistleblow if you witness:

• Financial misconduct
• Corruption or bribery
• Harassment or abuse
• Illegal activities
• Data protection violations
• Safety or safeguarding threats
• Modern slavery or exploitation
• Toxic leadership behavior
• Any breach of INVA’s values

6. Procedures

Step 1: Submit a Report

Choose any of INVA’s reporting channels:

• Whistleblowing Portal (anonymous allowed)
• Direct email to governance@invasolutionsltd.com
• Call or SMS to the designated Whistleblowing Hotline
• In-person report to the Governance Officer
• Accessibility route: Voice note, alternative communication method, or trusted mediator for neurodivergent staff

Step 2: Confirmation

• Reporter receives confirmation within 48 hours (unless anonymous).

Step 3: Preliminary Assessment

• Governance Team performs an initial review within 5 days.
• Determine if issue requires full investigation, referral, or immediate action.

Step 4: Formal Investigation

• Led by Governance + Legal.
• May include interviews, documentation review, and safeguarding assessments.
• Trauma-informed and culturally respectful methods are used.

Step 5: Findings & Action

• Investigation concludes within 14–30 days depending on complexity.
• Disciplinary action, mediation, training, policy updates, or partner termination may follow.

Step 6: Close-out & Feedback

• Reporter (if known) receives a summary of the outcome.
• Case file archived securely for 7 years.

7. Roles & Responsibilities

All Staff

• Report concerns promptly
• Maintain confidentiality
• Support colleagues who speak up

Managers & Team Leads

• Create psychologically safe spaces
• Encourage honest communication
• Ensure no retaliation occurs

Governance Team

• Maintain whistleblowing systems
• Lead investigations
• Ensure transparency and compliance

Legal Department

• Advise on legal risks
• Ensure policies align with national and international standards

Human Resources

• Support whistleblowers
• Provide accommodations
• Handle misconduct-related disciplinary processes

Board of Directors

• Oversee high-risk investigations
• Ensure accountability at leadership level

8. Escalation & Reporting Channels

• Primary Channel: Whistleblowing Portal
• Secondary Channel: governance@invasolutionsltd.com
• Emergency Safeguarding: safeguarding@invasolutionsltd.com
• External Authorities (if required):
  • Labour offices
  • Law enforcement
  • Data Protection Commissioner

INVA protects whistleblowers accessing external channels when internal routes are compromised.

9. Review & Version Control

• Annual governance review
• Annual accessibility & DEIB audit
• Legal review in line with Kenyan and international law
• Version number updated after each revision
• Archived versions kept for compliance

10. How INVA Lives This Policy

We hold quarterly “Policy Listening Circles,” where staff share experiences safely.

We publish an annual Whistleblowing Transparency Summary, showing number of reports and actions taken—without revealing identities.

Neurodivergent-friendly communication options are available for every report.

Whistleblowing is woven into orientation, training, and leadership accountability.

Speaking up is not an act of disloyalty.

It is an act of courage that strengthens INVA’s integrity.

1. Why This Policy Matters

Gender inequality often hides in small, everyday experiences: who gets listened to, who gets interrupted, whose work is credited, who feels safe speaking in a meeting, or who gets the “invisible labour” of emotional support, note-taking, or mentoring.

Across the world, gender-based discrimination disproportionately affects women, gender-diverse people, and individuals whose identities do not fit traditional binary expectations. For neurodivergent and disabled staff, these inequities multiply—intersecting in ways that shape access, voice, confidence, and opportunity.

INVA exists to confront invisibility. This policy ensures every person, regardless of gender identity or expression has equal access to opportunity, respect, pay, protection, and representation.

Gender equality is not a women’s issue or a compliance requirement. It is a leadership commitment to fairness.

2. Purpose & Scope

This policy establishes INVA’s commitment to eliminating gender discrimination and promoting fairness across all operations, decisions, and relationships.

Applies to:

• All employees, virtual assistants, interns, and consultants
• All managers and leaders
• All partners, suppliers, and collaborators
• All INVA platforms, digital spaces, and community engagements

Covers:

• Recruitment and hiring
• Pay and promotion
• Training and leadership opportunities
• Workplace culture
• Leave and accommodation
• Safety, harassment, and safeguarding
• Gender identity, gender expression, and pronoun respect

3. Guiding Principles

• Equity: Customize support so everyone has what they need to succeed.
• Representation: Promote gender diversity at all levels.
• Safety: Zero tolerance for harassment or gender-based harm.
• Respect: Honor each person’s identity, pronouns, and lived experience.
• Transparency: Open processes for hiring, pay, and promotion.
• Intersectionality: Recognize how gender overlaps with disability, neurodivergence, culture, age, and sexuality.
• Compliance: Align with Kenyan Employment Act, ILO Gender Equality Standards, and UN SDGs (5, 8, 10).

4. Definitions

Gender: A social and cultural identity beyond biological sex.

Gender Identity: A person’s internal sense of their gender.

Gender Expression: How someone outwardly presents their gender.

Gender-Based Discrimination: Unequal treatment based on gender or gender identity.

Intersectionality: The overlapping experience of multiple identities that shape inequality.

5. Policy Statements

INVA prohibits:

• Gender-based discrimination in any form
• Unequal pay for equal work
• Bias in recruitment or promotion decisions
• Misgendering or disrespect of pronouns
• Harassment, sexual harassment, or gender-based violence
• Penalizing employees for pregnancy, parental responsibilities, or caregiving
• Stereotyping roles based on gender
• Assigning emotional labour or “office housework” disproportionately

INVA requires:

• Transparent salary structures and promotion criteria
• Gender-balanced interview panels where possible
• Job descriptions written in gender-neutral language
• Support for employees transitioning or affirming their gender
• Paid parental leave that is inclusive for all genders
• Safe channels for reporting gender-based misconduct
• Gender-sensitive accommodations for disabled and neurodivergent staff
• Leadership accountability for gender-related risks and outcomes

6. Procedures

Recruitment & Hiring

All job descriptions must go through a gender neutrality check.

Interview panels must reflect gender diversity where feasible.

Candidates must have access to accommodations upon request.

Equal Pay & Promotion

Annual gender pay gap analysis conducted by HR.

Transparent promotion criteria shared organization-wide.

Corrective measures implemented when pay inequities are found.

Workplace Culture & Safety

All employees must complete gender equality and harassment-prevention training annually.

Any gender-based bullying, harassment, or discrimination should be reported via:

• Whistleblowing Portal
• HR
• Safeguarding focal points

All reports investigated within 10 days.

Survivors are offered confidential support, referrals, and accommodations.

Pronouns & Identity Respect

Staff may choose their pronouns; these must be respected.

INVA email signatures and profiles include pronoun fields (optional, never forced).

Misgendering must be corrected respectfully.

Pregnancy, Parenthood & Caregiving

Inclusive paid parental leave for all genders.

Flexible working options for caregivers.

No discrimination based on pregnancy status or fertility journey.

7. Roles & Responsibilities

All Employees

• Treat all genders with respect
• Use correct pronouns
• Report discrimination promptly
• Engage in training and learning

Managers & Supervisors

• Foster gender-safe teams
• Ensure equitable workloads
• Support employees with accommodations
• Prevent retaliation against reporters

Human Resources (People & Culture)

• Lead annual gender pay gap audit
• Provide support for affected staff
• Oversee fairness in hiring and promotion
• Maintain gender-related data safely and confidentially

DEIB Team

• Review policies for gender bias
• Facilitate awareness training
• Guide intersectional approaches

Executive Leadership

• Model equitable behavior
• Allocate resources for gender inclusion
• Review gender metrics quarterly

8. Escalation & Reporting Channels

Primary Channels:

• HR (gender-related misconduct)
• Whistleblowing Portal (anonymous option)
• Safeguarding focal point (violence or harassment)

External Reporting (if necessary):

• Labour authorities
• Law enforcement
• Gender violence response centers

Retaliation is strictly prohibited.

9. Review & Version Control

• Annual review of gender equality outcomes
• Annual DEIB audit
• Annual policy accessibility audit
• Versioning displayed on every page
• Past versions archived securely

10. How INVA Lives This Policy

We run quarterly gender inclusion trainings and policy listening circles.

We publish anonymized gender equality data in our transparency dashboard.

We highlight gender-diverse leaders and voices across INVA campaigns.

We co-create solutions with women, non-binary, and gender-diverse staff.

We commit to continuously learning, adapting, and dismantling invisible gender biases.

Gender equality is not a checkbox.

It is a daily practice of fairness and awareness.

1. Why This Policy Matters

People often think of “inclusion” as a workshop or an HR trend, but belonging is built (or broken) in everyday interactions. It’s shaped by who gets interrupted, whose ideas are credited, who gets the accessible version of a document, who feels safe asking a question, and who is quietly left out of group chats or opportunities.

Many talented people—especially neurodivergent individuals, disabled people, women, LGBTQ+ staff, and marginalized communities—have been taught to mask, shrink, or hide parts of themselves just to survive workplaces that were never designed with them in mind.

INVA exists to flip that script.

Our mission is to make invisible talent visible—and valued.

This DEIB Policy acts as the backbone of our culture, guiding how we treat one another, make decisions, build services, and shape partnerships. It ensures every person feels seen, supported, safe, respected, and empowered.

Belonging is not created by chance.

It is created by commitment.

2. Purpose & Scope

This policy establishes INVA’s organizational standard for diversity, equity, inclusion, and belonging across all operations.

Applies to:

• All employees, VAs, interns, consultants
• Leadership and board members
• Partners, vendors, and suppliers
• All virtual workspaces, community interactions, and training spaces

Covers:

• Inclusive culture
• Recruitment and hiring
• Accessibility and accommodations
• Learning and development
• Conflict resolution and reporting
• Performance, promotions, and leadership development
• Communications and content creation
• Partner screening and external engagement

This policy is INVA’s promise to treat people with dignity—and to design with difference, not around it.

3. Guiding Principles

• Diversity: Differences in identity, experience, and thinking drive innovation.
• Equity: Fairness requires adjusting systems, not people.
• Inclusion: Every voice matters; structural barriers must be actively removed.
• Belonging: People thrive where they can show up as themselves.
• Intersectionality: Experiences are shaped by overlapping identities (gender, disability, race, class, neurotype).
• Accessibility: Every process, event, and output must be accessible.
• Accountability: Leaders must model inclusion and address exclusion.
• Learning Culture: DEIB lives through continuous learning, not perfection.

4. Definitions

Diversity: The full range of human differences—seen and unseen.

Equity: Ensuring fairness by addressing systemic barriers.

Inclusion: Creating environments where everyone is valued and able to contribute.

Belonging: A feeling of safety, acceptance, and empowerment to be one’s true self.

Accessibility: Design that ensures everyone can engage without disadvantage.

Reasonable Accommodation: Adjustments enabling equal participation for disabled or neurodivergent individuals.

Psychological Safety: A culture where people can speak honestly without fear.

5. Policy Statements

INVA prohibits:

• Discrimination based on gender, disability, neurotype, age, nationality, ethnicity, religion, sexuality, or any identity
• Exclusion, harassment, or microaggressions
• Gatekeeping in recruitment or promotions
• Punitive responses to accommodation requests
• Pay inequities or biased performance evaluations
• Cultural, ableist, or gendered assumptions in decision-making
• Tokenism or performative inclusion

INVA commits to:

Inclusive Culture

• Facilitate safe, respectful interactions at all levels.
• Encourage multiple communication styles and processing speeds.
• Center lived experience—especially from marginalized identities.

Fair Recruitment & Equal Opportunity

• Gender-neutral and bias-reviewed job descriptions.
• Accessible interview processes and screening tasks.
• Accommodations for neurodivergent candidates.

Equity in Pay, Promotion & Leadership

• Annual pay equity audits.
• Transparent promotion pathways.
• Leadership diversity targets.

Accessibility & Accommodation

• Proactive accessibility in documents, meetings, and systems.
• Personalized accommodations—flexible communication, sensory adjustments, assistive tools.
• Neurodiversity-friendly workflows and expectations.

Inclusive Learning & Development

• Mandatory DEIB, accessibility, and anti-bias training.
• Optional deep-dive learning circles for staff.
• Leadership coaching on psychological safety.

Safe Reporting & Protection

• Confidential reporting channels.
• Zero retaliation.
• Trauma-informed investigation procedures.

6. Procedures

Recruitment & Hiring Procedures

All job descriptions pass through a DEIB bias review.

Hiring panels must reflect diversity where possible.

Candidates may request accommodations anytime—no documentation required for most adjustments.

Interview questions standardized to reduce bias.

Final decisions documented with clear justification.

Workplace Behavior Procedures

Microaggressions should be addressed constructively, not ignored.

Staff may request mediation through People & Culture.

Serious incidents must be reported to HR or via the Whistleblowing Portal.

Accommodation Procedures

Staff complete an Accommodation Needs Form (optional).

HR responds within 5 working days.

Solutions co-created with the employee; reviewed every 6 months.

Learning & Compliance Procedures

Mandatory annual DEIB and accessibility training.

Managers receive specialized training on inclusive leadership.

Quarterly DEIB reports shared with leadership.

7. Roles & Responsibilities

All Employees

• Demonstrate inclusive behavior
• Respect pronouns, identities, and communication styles
• Engage in DEIB learning
• Report harmful behavior

Managers & Supervisors

• Model inclusive leadership
• Ensure team equity in workload and opportunities
• Provide accommodations
• Address conflict respectfully
• Prevent retaliation

DEIB Team

• Develop DEIB strategies and training
• Review policies for bias
• Conduct quarterly culture assessments
• Support inclusive communications

Human Resources (People & Culture)

• Manage accommodations
• Oversee equitable recruitment and promotion
• Respond to DEIB-related complaints
• Track and report DEIB metrics

Executive Leadership

• Allocate resources for DEIB
• Hold managers accountable
• Uphold representation goals
• Review DEIB dashboard quarterly

8. Escalation & Reporting Channels

Primary Channels:

• HR – interpersonal or cultural concerns
• DEIB Team – bias or inclusion concerns
• Whistleblowing Portal – discrimination, harassment, or misconduct
• Safeguarding focal point – safety risks, violence, or abuse

External Reporting:

• Labour authorities
• Human rights bodies (if required)

Anti-retaliation policy applies to all complaints.

9. Review & Version Control

• Annual DEIB audit
• Annual accessibility review
• Legal compliance review
• Version control visible on each page
• Past versions archived for accountability and transparency

10. How INVA Lives This Policy

We co-create culture with our team, not for them.

We host DEIB Listening Circles where staff can safely raise concerns or suggest improvements.

We uphold transparency through public-facing DEIB metrics and annual reports.

We design every system—from hiring to meetings—with the assumption that people process the world differently.

At INVA, belonging is not symbolic.

It is systemic.

1. Why This Policy Matters

Many workplaces were built on assumptions about how people should think, communicate, focus, and socialize. These assumptions often exclude neurodivergent individuals—those with autism, ADHD, dyslexia, dyspraxia, Tourette’s, OCD traits, and other cognitive variations.

Yet neurodivergent people bring unique strengths: hyperfocus, pattern recognition, creative problem solving, deep empathy, systems thinking, honesty, and innovation.

The real barrier is not the person—it is the environment.

INVA was founded to challenge these barriers.

We believe neuroinclusion is not a “nice to have”; it is a core element of equity and innovation.

This policy ensures that neurodivergent staff, VAs, consultants, and partners can contribute fully, safely, and authentically—without pressure to mask or “fit in” at the cost of their wellbeing.

Neuroinclusion begins with acceptance.

It becomes sustainable through design.

2. Purpose & Scope

This policy establishes INVA’s commitment to creating an environment where neurodivergent individuals can thrive with dignity, support, and choice.

Applies to:

• All employees, virtual assistants, interns, and consultants
• Managers, supervisors, and team leads
• Recruitment and training teams
• All partners engaging with INVA talent
• All physical, hybrid, and virtual work environments

Covers:

• Inclusive communication
• Accommodations and accessibility
• Sensory and cognitive considerations
• Workload, pacing, and task design
• Recruitment and onboarding
• Leadership responsibilities
• Culture and team dynamics

3. Guiding Principles

• Respect for Difference: Neurological diversity is part of human diversity.
• Design for Inclusion: Environments must adapt to people—not the other way around.
• Choice: Individuals decide how they work best.
• Flexibility: Work processes must accommodate different cognitive styles.
• Safety: No retaliation, dismissal, or stigma for being neurodivergent.
• Intersectionality: Neurodivergence intersects with disability, gender, trauma, and culture.
• Confidentiality: Disclosure is always optional; privacy is protected.
• Strength-Based Lens: Recognize and leverage unique abilities and thinking styles.

4. Definitions

Neurodivergent: A person whose brain processes or experiences differ from typical societal expectations.

Neuroinclusion: Practices, systems, and environments intentionally designed to support and empower neurodivergent people.

Masking: Suppressing natural behaviors to appear “typical,” often causing burnout.

Cognitive Load: The mental effort required to process information or complete tasks.

Accommodations: Adjustments enabling equitable participation.

5. Policy Statements

INVA prohibits:

• Discrimination based on neurotype
• Penalizing individuals for communication differences
• Bias in recruitment, evaluation, or promotion
• Forcing disclosure of neurodivergence
• Shaming, minimizing, or dismissing neurodivergent traits
• Forcing staff to use communication modes that harm them
• Ableist assumptions about intelligence, professionalism, or behavior

INVA commits to:

Accessible Communication

• Offering alternative modes: voice note, written text, live captions, diagrams
• Providing agendas and materials in advance
• Allowing extra processing time
• Encouraging clarity over speed

Flexible Working

• Adjustable deadlines when possible
• Task breakdown on request
• Work pacing that avoids overload
• Optional camera-off meetings
• Intentional reduction of unnecessary meetings

Sensory Inclusion

• Respect for camera preferences
• Options for low-stimulation meeting formats
• Allowing tools like noise-cancelling headphones
• Minimizing sudden changes or disruptions

Inclusive Onboarding & Training

• Autistic- and ADHD-friendly onboarding guides
• Detailed expectations and role clarity
• Slower ramp-up options
• Step-by-step workflows

Psychological Safety

• Clear, compassionate feedback
• Accommodations for emotional regulation
• No penalty for asking for repetition, clarification, or written instructions

Confidentiality & Consent

• Disclosure is always voluntary
• Personal information handled with privacy
• No sharing of neurodivergent status without consent

6. Procedures

Accommodation Request Process

Employee completes an optional Accommodation Request Form (no diagnosis required).

HR reviews request within 5 working days.

HR, employee, and supervisor co-create solutions.

Accommodations implemented and reviewed every 6 months.

Meeting & Communication Procedures

Always share agendas beforehand.

Provide written summaries after major discussions.

Use plain language, short paragraphs, and clear expectations.

Allow multiple communication formats: text, audio, screen-sharing, visuals.

Task & Workload Procedures

Tasks broken down upon request.

Deadlines discussed collaboratively.

Avoid “urgency culture” unless necessary.

Assign work based on strengths wherever possible.

Recruitment Procedures

Bias-reviewed job descriptions.

Options for written or asynchronous interview responses.

No surprise tasks or timed assessments unless essential.

Interviewers trained in neuroinclusion.

7. Roles & Responsibilities

All Staff

• Respect neurodivergent communication styles
• Use inclusive communication practices
• Create psychologically safe interactions

Managers & Team Leads

• Provide accommodations
• Give clear, structured instructions
• Avoid overloading team members
• Model acceptance and openness
• Escalate concerns appropriately

DEIB Team

• Conduct neuroinclusion training
• Review processes for barriers
• Support accommodation design
• Facilitate neurodivergent advisory input

People & Culture (HR)

• Maintain confidential accommodation records
• Support employees requesting adjustments
• Lead onboarding and inclusion programs

Executive Leadership

• Champion neuroinclusion across operations
• Allocate resources for accessibility
• Review neuroinclusion metrics quarterly

8. Escalation & Reporting Channels

Concerns related to neuroinclusion, discrimination, or accessibility may be reported to:

• People & Culture (HR)
• DEIB Team
• Whistleblowing Portal (anonymous allowed)
• Safeguarding Focal Point (if safety risk exists)

Retaliation is prohibited and will be addressed swiftly.

9. Review & Version Control

• Annual accessibility review
• Annual DEIB audit
• Annual update based on staff feedback
• Version control displayed on every page
• Previous versions archived

10. How INVA Lives This Policy

Neurodivergent consultants co-create our processes and trainings.

We prioritize accessibility in every meeting, tool, and system.

We celebrate neurodivergent leadership stories internally and externally.

We design work around humans—not around outdated corporate expectations.

Neuroinclusion is not simply allowed at INVA.

It is expected, championed, and embedded in our identity.

1. Why This Policy Matters

Harassment often hides behind jokes, “misunderstandings,” cultural norms, blurred professional boundaries, or power dynamics that make people feel unsafe to speak up.

For many individuals—especially women, neurodivergent staff, LGBTQ+ people, disabled employees, junior staff, and individuals from marginalized communities—harassment can be more frequent, more subtle, and harder to report.

The emotional and psychological impact is real: anxiety, hypervigilance, shame, withdrawal, reduced performance, and burnout.

INVA exists to make invisible experiences visible.

This policy protects every person from harm, whether physical, emotional, verbal, digital, or psychological.

A safe workplace is not the absence of complaints.

It is the presence of trust.

2. Purpose & Scope

This policy establishes INVA’s commitment to a harassment-free workplace and outlines prevention, reporting, and response procedures.

Applies to:

• All employees, virtual assistants, contractors, interns, and consultants
• Leadership and board members
• Partners, suppliers, and clients in INVA-related activities
• All virtual communication channels, events, training spaces, and digital platforms

Covers:

• Sexual harassment
• Bullying and psychological harassment
• Discrimination or humiliation
• Cyber-harassment or digital misconduct
• Stalking or intimidation
• Microaggressions and repeated harmful behavior
• Abuse of power

3. Guiding Principles

• Dignity: Every person deserves respect and safety.
• Zero Tolerance: Harassment in any form is unacceptable.
• Trauma-Informed Approach: Investigations and responses prioritize emotional safety.
• Intersectionality: Experiences differ based on gender, disability, neurodivergence, sexuality, and culture.
• Confidentiality: Reports handled discreetly and securely.
• Accountability: Leaders must act swiftly and consistently.
• Protection: Retaliation is prohibited and punishable.

4. Definitions

Harassment: Unwanted conduct that demeans, humiliates, intimidates, or violates personal dignity.

Sexual Harassment: Unwanted sexual attention, requests, comments, gestures, or coercive acts.

Bullying: Repeated hostile or demeaning behavior.

Microaggression: Subtle words or actions that express bias or disrespect.

Retaliation: Negative consequences directed at someone for reporting harm.

Power-Based Harassment: Harassment perpetrated by someone with authority or perceived authority.

5. Policy Statements

INVA prohibits:

• Sexual harassment—verbal, physical, written, or digital
• Bullying, intimidation, coercion
• Derogatory jokes or comments about gender, disability, neurotype, race, appearance, or identity
• Sharing inappropriate images, messages, or videos
• Unwelcome touching or personal space violations
• Yelling, insults, or demeaning language
• Threats or subtle intimidation tactics
• Misuse of supervisory authority
• Shaming or punishing people for reporting
• Repeated microaggressions after feedback is given

INVA commits to:

• Maintaining a zero-tolerance environment
• Protecting survivors and affected individuals
• Providing safe, confidential reporting channels
• Responding within 72 hours to formal reports
• Conducting fair, trauma-informed investigations
• Offering accommodations, support, and referrals
• Holding perpetrators accountable
• Educating all staff on harassment prevention

6. Procedures

If You Experience or Witness Harassment:

Ensure personal safety first.

Document the incident (date, time, people involved, evidence).

Report through any of these channels:

• HR
• Safeguarding focal point
• Whistleblowing Portal (anonymous)
• Trusted manager

You may bring a support person during the reporting process.

You will not be asked to confront the perpetrator.

Investigation Procedures:

Report acknowledged within 72 hours (unless anonymous).

Safeguarding + HR conduct an initial risk assessment.

Full investigation completed within 10–21 days, depending on complexity.

Interviews conducted with consent and sensitivity.

Findings reviewed by Governance + Legal for accuracy.

Corrective action enforced—up to and including termination or contract suspension.

Survivor receives referrals (counseling, support networks, or medical assistance).

Support Procedures:

• Flexible working arrangements granted during investigations.
• No-contact directives issued if necessary.
• Mental health support referrals provided.
• Accommodations for neurodivergent or disabled survivors created immediately.

7. Roles & Responsibilities

All Employees

• Treat all colleagues with dignity
• Avoid harmful comments, behaviors, or assumptions
• Intervene safely when witnessing harassment (if able)
• Report incidents promptly

Managers & Team Leads

• Create psychologically safe teams
• Stop harassment immediately when witnessed
• Support affected individuals
• Ensure no retaliation occurs
• Participate in investigation processes when required

People & Culture (HR)

• Receive and document complaints
• Ensure confidentiality
• Support survivors
• Facilitate investigations and disciplinary processes

Safeguarding Focal Point

• Conduct risk assessments
• Provide trauma-informed support
• Activate emergency protocols
• Refer survivors to external resources if needed

Governance & Legal

• Ensure fairness and compliance
• Review investigation findings
• Protect anonymity and data
• Ensure consistent accountability

Executive Leadership

• Uphold zero-tolerance standards
• Ensure resources for training and support
• Review harassment metrics quarterly

8. Escalation & Reporting Channels

Primary Channels:

• HR (harassment complaints)
• Safeguarding focal point (immediate risk or sexual harassment)
• Whistleblowing Portal (anonymous)

Secondary Channels:

• Supervisor or trusted manager
• DEIB Team (for bias-related harassment)

External Reporting Options (if necessary):

• Kenya Police or GBV hotlines
• National gender and human rights bodies
• Labour authorities

Retaliation: Strictly prohibited. Any retaliation triggers disciplinary action.

9. Review & Version Control

• Annual safeguarding and HR policy audit
• Annual DEIB & accessibility review
• Survivor feedback integration
• Versioning visible on each page
• Older versions archived securely

10. How INVA Lives This Policy

We train every staff member annually on harassment prevention and trauma-informed communication.

We host safer-space workshops with external experts.

We maintain multiple reporting options—anonymous, confidential, verbal, written, or through a trusted intermediary.

We design interactions with empathy and awareness of diverse processing styles, trauma histories, and cultural backgrounds.

Safety is not created by policies alone.

It is created by culture—and we commit to building it every day.

1. Why This Policy Matters

Procurement is more than purchasing—it is a reflection of INVA’s values. Every vendor, consultant, tool, or service we select has ethical, financial, and reputational implications.

Poor procurement processes can lead to fraud, favoritism, bribery, inflated pricing, unethical suppliers, or human rights compromises.

For an organization rooted in equity and integrity, responsible procurement protects both people and resources. It ensures accountability in how we spend, transparency in how we decide, and fairness in who we partner with.

Procurement should uplift communities, not exploit them.

This policy ensures that every transaction reflects INVA’s commitment to ethics, inclusion, and responsible stewardship.

2. Purpose & Scope

This policy guides INVA’s procurement activities to ensure they are ethical, transparent, inclusive, and compliant with laws and international best practices.

Applies to:

• All employees, VAs, consultants, and managers involved in planning, selecting, or approving purchases
• All departments that request goods or services
• All vendors, suppliers, contractors, and partners

Covers:

• Vendor selection & approval
• Tendering and bidding processes
• Conflict of interest declaration
• Ethical partner screening
• Inclusive procurement practices
• Documentation, accountability, and transparency
• Payment and contract standards

3. Guiding Principles

• Transparency: Procurement decisions must be clear, documented, and accessible.
• Fairness: All vendors must compete equally and honestly.
• Integrity: Zero tolerance for bribery, favoritism, or personal gain.
• Inclusivity: Suppliers owned by women, youth, neurodivergent individuals, disabled people, or marginalized groups should be prioritized where quality is equal.
• Value for Money: Balance quality, cost, sustainability, and long-term impact.
• Compliance: Align with Public Procurement & Disposal Act (Kenya), Anti-Corruption Policy, and INVA’s Ethical Guidelines.
• Sustainability: Preference for vendors who prioritize ethical labor and environmental responsibility.

4. Definitions

• Procurement: Purchasing goods, services, or works from external sources.
• Vendor/Supplier: A person or organization providing goods or services.
• Tendering: A formal bidding process for selecting suppliers.
• Conflict of Interest: When personal interest interferes with objective decision-making.
• Value for Money: Optimal combination of quality, cost, and sustainability.

5. Policy Statements

INVA prohibits:

• Bribes, kickbacks, or personal favors from suppliers
• Unapproved single-sourcing unless justified and documented
• Conflicts of interest in procurement decisions
• Inflated quotations, collusion, or fraudulent procurement
• Awarding contracts to suppliers engaged in forced labour, modern slavery, or unethical practices
• Gender, disability, or identity-based discrimination in supplier selection
• Sharing confidential bidding information

INVA commits to:

Fair & Transparent Procurement

• Documented evaluation criteria
• Multiple quotations for purchases above set thresholds
• Clearly defined approval workflows
• Transparent communication with all bidders

Inclusive & Ethical Supplier Selection

• Encouraging minority-owned and marginalized-owned suppliers
• Screening vendors for labor rights violations
• Conducting due diligence for high-risk partnerships
• Ensuring accessibility in procurement processes

Accountability & Compliance

• Maintaining secure procurement records
• Internal audits annually
• Clear documentation of decisions and contracts
• Alignment with anti-corruption and financial policies

6. Procedures

A. Procurement Planning

• Requesting department defines need, timeline, and specifications.
• Finance team approves budget availability.
• Procurement request logged in the Procurement Register.

B. Vendor Identification & Pre-Qualification

• Minimum of three quotations for purchases above KES 20,000.
• Supplier must complete Ethical Supplier Declaration Form.
• Due diligence checks conducted for high-value contracts.

• Labour practices
• Environmental sustainability
• Anti-corruption compliance
• Gender & disability inclusion

C. Tendering & Bidding (for major contracts)

• Tender notice shared publicly or with prequalified vendors.
• Evaluation panel formed (diverse gender and neurotype representation encouraged).
• Bids evaluated using weighted scoring matrix.
• Conflict of Interest Declaration signed by all panel members before evaluations.

D. Contracting

• Contracts reviewed by Legal before signing.
• Contracts must include scope of work, deliverables, payment terms, confidentiality clause, ethical conduct clause, termination clauses.
• Digital copies stored securely.

E. Receiving & Payment

• Goods/services verified by requestor.
• Delivery note signed and uploaded.
• Finance processes payment within agreed timelines.
• Improper charges or discrepancies flagged immediately.

F. Supplier Performance Review

• Major suppliers evaluated annually.
• Poor performance results in probation or removal.
• Breach of ethics = immediate termination.

7. Roles & Responsibilities

Requesting Department

• Define needs clearly
• Verify received goods/services
• Avoid unnecessary spending

Procurement Team / Finance

• Manage procurement process
• Maintain all records
• Ensure compliance with procedures
• Verify accuracy of quotations and invoices

Legal Department

• Review contracts
• Support negotiations
• Advise on risks

Governance & Audit Team

• Conduct annual procurement audits
• Investigate irregularities
• Ensure transparency & accountability

Executive Leadership

• Approve high-value contracts
• Uphold ethical procurement standards

8. Escalation & Reporting Channels

• Governance Team
• Head of Finance
• Whistleblowing Portal (anonymous allowed)
• External auditors (during formal reviews)

Retaliation against anyone raising procurement concerns is prohibited.

9. Review & Version Control

• Annual policy review
• Annual internal audit
• Annual accessibility audit
• Versioning displayed on every page
• Older versions archived for accountability

10. How INVA Lives This Policy

We prioritize inclusive and ethical suppliers.

We use diverse evaluation panels to reduce bias.

We publish procurement summaries in our transparency dashboard.

We conduct supplier sensitization on DEIB and ethical labour practices.

We ensure procurement is not only compliant—but aligned with INVA’s values.

Ethical procurement is not just efficient.
It is transformational.

1. Why This Policy Matters

Financial management is not just about numbers—it is about trust.

People trust INVA to use resources responsibly, pay fairly, avoid corruption, and make decisions that reflect our values. Every invoice processed, every allowance approved, and every contract signed contributes to the credibility of the organization.

Financial mismanagement—intentional or accidental—can damage INVA’s mission, expose us to legal risk, undermine donor confidence, and hurt the communities we serve.

For neurodivergent and disabled staff, transparency and clarity in financial processes also reduce anxiety, misunderstandings, and gatekeeping.

This manual ensures that our financial systems protect INVA’s sustainability, uphold global compliance, and reinforce our commitment to integrity.

Responsible finances are not only good accounting—they are good governance.

2. Purpose & Scope

This manual establishes INVA’s financial standards, procedures, controls, and reporting mechanisms. It ensures transparency, accountability, and consistency across all financial activities.

Applies to:

• All staff handling finances
• Finance team members
• Project managers and department heads
• Leadership and the Board
• External vendors, partners, and auditors
• Anyone who approves, requests, or uses INVA funds

Covers:

• Budgeting & planning
• Cash and bank management
• Payments & disbursements
• Procurement-related financial procedures
• Payroll management
• Financial controls & segregation of duties
• Reporting, accounting, and audit requirements
• Fraud prevention & risk management

3. Guiding Principles

• Integrity: All financial decisions must be honest, ethical, and compliant.
• Accountability: Every expenditure must be traceable, necessary, and documented.
• Transparency: Financial information should be accessible to authorized stakeholders.
• Compliance: Align with:
  • Kenyan Financial Regulations
  • International Accounting Standards (IAS/IFRS)
  • Anti-Corruption & Procurement Policies
  • Donor requirements
• Value for Money: Optimize cost, quality, and long-term benefit.
• Equity: Ensure fair compensation, reimbursements, and access to resources.
• Inclusion: Financial processes must be accessible to neurodivergent and disabled staff.

4. Definitions

• Budget: A financial plan outlining expected income and expenditure.
• Segregation of Duties: Dividing financial responsibilities to prevent fraud.
• Requisition: Formal request for goods, services, or payments.
• Payroll: Salaries, benefits, and statutory deductions.
• Petty Cash: Small amounts used for minor, immediate expenses.
• Financial Controls: Mechanisms to prevent errors, fraud, and misuse of funds.

5. Policy Statements

INVA commits to:

• Maintaining accurate, complete, and timely financial records
• Ensuring all financial decisions follow documented procedures
• Separating financial responsibilities to reduce risk
• Conducting annual internal and external audits
• Ensuring equity in financial compensation and benefits
• Providing accommodations for staff who require financial communication support
• Ensuring donor and partner funds are used only for intended purposes
• Immediate investigation of suspected financial misconduct

INVA prohibits:

• Unauthorized spending or budget overruns
• Fraudulent transactions or misrepresentation
• Personal use of organizational funds
• Unapproved cash advances
• Kickbacks, bribes, or conflicts of interest in financial decisions
• Destruction or concealment of financial records
• Inflated quotations or falsified receipts

6. Procedures

A. Budgeting & Planning

Annual Budget Development

• Finance leads the budgeting process each November.
• Departments submit budget proposals with justification.
• Leadership reviews for alignment with strategy.
• Final budget approved by the Board.

Budget Adjustments

• Must be documented and approved by Finance + relevant managers.
• Major adjustments require executive approval.

B. Cash & Bank Management

Bank Accounts

• All bank accounts must be authorized by the Board.
• Two signatories required per payment (segregated by role).

Cash Handling

• Cash minimized where possible.
• Petty cash capped at a set limit and reconciled monthly.
• Cash receipts must be logged immediately.

C. Procurement & Payments

Payment Requests

• Completed Payment Request Form
• Approved Procurement documentation
• Vendor invoice
• Budget availability confirmation

Payment Approval Structure

• < KES 20,000 → Department Head + Finance
• 20,000–100,000 → Finance Manager + Executive
• > 100,000 → Executive + Board signatory

Payment Processing Timeline

• Local vendors paid within 14 days
• Staff reimbursements processed within 7 days

D. Payroll Management

• Salaries
• Benefits
• Allowances
• Statutory deductions (NSSF, SHA, PAYE)

E. Reimbursements & Allowances

• Receipts required
• Submitted within 30 days
• No reimbursements for alcohol, tobacco, or personal items

10. How INVA Lives This Policy

We practice transparent, accountable stewardship of every resource.

We publish financial summaries in our transparency dashboard.

We design financial communication to be accessible, especially for neurodivergent and disabled staff.

We ensure suppliers and partners meet ethical financial standards.

Financial integrity is the foundation of trust. Trust is the foundation of INVA.

1. Why This Policy Matters

Partnerships define how INVA grows.

Every collaborator—whether a client, employer, community organization, donor, VA agency, or training partner—becomes part of our ecosystem. That means their ethics, behavior, labour practices, and cultural values shape our reputation and the safety of our team.

A partnership can be empowering… or exploitative.

It can create opportunities… or reinforce inequality.

It can amplify inclusion… or undermine it.

For neurodivergent, disabled, marginalized, or early-career professionals, the wrong partner can create harm: unrealistic expectations, discriminatory environments, underpayment, or unsafe conditions.

This policy ensures that INVA only partners with organizations who share our standards—protecting people, promoting fairness, and strengthening our mission.

Partnership is not just collaboration. It is shared responsibility.

2. Purpose & Scope

This policy outlines INVA’s approach to establishing, evaluating, managing, and concluding partnerships that reflect our values.

Applies to:

• Partnership Department
• Executive leadership
• Legal and Governance teams
• Any staff engaging external partners
• All organizations collaborating with INVA in any capacity

Covers:

• Partner screening and due diligence
• Ethical and DEIB alignment requirements
• Roles and responsibilities
• Ongoing monitoring and evaluation
• Partner offboarding and contract termination
• Conflict resolution and accountability
• Safeguarding and risk assessments

3. Guiding Principles

• Mutual Value: Partnerships must benefit both parties ethically and sustainably.
• Inclusion: Partners must respect neurodiversity, disability, gender equality, and DEIB principles.
• Integrity: Transparency, anti-corruption, and ethical standards are non-negotiable.
• Protection: Safeguard our team from harmful or abusive collaborators.
• Accountability: Partners must adhere to INVA’s policies and expectations.
• Equity: Prioritize partnerships that uplift marginalized communities.
• Human-Centered Design: Collaboration should protect dignity, accessibility, and wellbeing.

4. Definitions

• Partnership: A formal or informal collaboration where parties work toward shared goals.
• Due Diligence: A structured process for evaluating partner suitability and risk.
• Partner Screening: Ethical and operational checks conducted before engagement.
• Conflict of Interest: A situation where personal or financial interests affect impartial decision-making.
• Safeguarding: Measures ensuring people’s safety, wellbeing, and protection from harm.

5. Policy Statements

INVA prohibits partnerships with organizations that:

• Engage in discrimination, exploitation, forced labour, or unethical conduct
• Have unresolved records of harassment, abuse, or rights violations
• Demonstrate hostile attitudes toward neurodivergent or disabled individuals
• Fail to meet basic financial, legal, or operational transparency requirements
• Expect unpaid labour, misaligned practices, or underpayment of INVA talent
• Reject the DEIB and Safeguarding standards outlined in INVA policies

INVA commits to:

Ethical Partnerships

• Conduct thorough due diligence on all new partners
• Establish clear agreements outlining roles, expectations, and behaviour standards
• Ensure that partners respect human rights, inclusion, safety, and equity

DEIB-Aligned Collaborations

• Prioritize partners who demonstrate inclusive work cultures
• Offer DEIB training to partners interacting with INVA talent
• Require accessible communication and workplace adjustments

Transparent Processes

• Maintain complete partnership records
• Communicate decision-making clearly with all internal teams
• Conduct annual partnership evaluations

Protection & Safeguarding

• Suspend or terminate partnerships that pose risks to INVA staff
• Enforce safeguarding requirements in all contracts
• Respond immediately to reports of harm

6. Procedures

A. Partner Identification

Partnership request initiated by staff, partner, or leadership.

Partnership Department logs the request in the Partnership Register.

Initial screening done to assess alignment with INVA’s mission.

B. Due Diligence Process

The due diligence process includes:

• Legal compliance check
• Ethical conduct review
• DEIB alignment assessment
• Safeguarding history check
• Modern slavery and labour rights review
• Financial and operational capacity check
• Conflict of interest declaration

Partners must complete the INVA Ethical Partner Questionnaire.

High-risk partners undergo deeper screening and require Executive approval.

C. Partnership Approval

• Partnerships < 1 year → Approved by Partnership Lead + Legal
• Partnerships > 1 year → Approved by Leadership
• Revenue or donor partnerships → Executive + Finance sign-off
• High-risk partnerships → Board notified before approval

D. Contracting & Onboarding

Contracts must include:

• Clear roles and responsibilities
• DEIB and safeguarding clauses
• Data protection requirements
• Payment terms and timelines
• Conditions for termination
• Confidentiality agreements
• Dispute resolution procedures

Partners receive:

• INVA code of conduct
• DEIB orientation
• Neuroinclusion guidelines if working with INVA talent

E. Ongoing Relationship Management

• Quarterly check-ins
• Performance monitoring
• Review of safety, wellbeing, and DEIB compliance
• Documentation of concerns or incidents
• Updates to partnership database

For employer or client partners using INVA talent:

• Feedback from the VA collected regularly
• Issues escalated immediately
• Partners offered DEIB coaching when gaps arise

F. Conflict Resolution

Issues raised → logged by Partnership Department

Mediation facilitated by Partnerships + HR

Violations of INVA values → Corrective Action Plan

Severe misconduct → Suspension or termination

G. Partnership Termination

Termination occurs if partner:

• Violates INVA policies
• Engages in discrimination or harm
• Fails to address risks or complaints
• Is found to be financially or legally noncompliant
• No longer aligns with INVA’s mission

Termination procedures:

• Formal notice
• Exit meeting
• Transfer or close-out of ongoing work
• Documentation archived

7. Roles & Responsibilities

• Partnership Department: Lead partner identification & engagement, conduct due diligence, monitor performance, manage conflicts
• Governance Team: Audit processes, review risk, support enforcement
• Legal Department: Review contracts, advise on risk, ensure compliance
• People & Culture (HR): Support DEIB training and neuroinclusion standards
• Executive Leadership: Approve strategic or high-risk partnerships
• All Staff: Uphold INVA values and report partner concerns

8. Escalation & Reporting Channels

• Partnership Department
• Human Resources
• Governance Team
• Whistleblowing Portal (anonymous allowed)

Safeguarding or harassment concerns go directly to:

• Safeguarding focal points
• HR
• Legal (in high-risk cases)

9. Review & Version Control

• Annual full partnership review cycle
• DEIB and safeguarding audits
• Versioning visible on every page
• All previous versions archived

10. How INVA Lives This Policy

We partner with organizations who respect people as much as we do.

We prioritize inclusive, ethical, DEIB-aligned partners.

We train partners to work with neurodivergent and disabled talent intentionally.

We refuse partnerships that compromise dignity, wellbeing, or mission integrity.

We embrace collaboration as a space for shared learning—not hierarchy.

True partnership honors humanity, accountability, and inclusion.

1. Why This Policy Matters

Risk is not only about disasters, fraud, or financial loss.

Risk is anything that can disrupt INVA’s mission, harm people, compromise safety, or weaken trust. Risks can be subtle: burnout in a key team, a partner whose values drift away from ours, inaccessible technology, data vulnerabilities, or a communication gap that turns into conflict.

For neurodivergent and disabled staff, unmanaged risk can mean confusion, overwhelm, exclusion, or unaccommodated needs. For clients and communities, unmanaged risk can impact safety, quality, and service delivery.

A mature organization does not fear risk— it understands it, prepares for it, and adapts to it.

This policy ensures INVA anticipates, documents, mitigates, and monitors risks in ways that are inclusive, transparent, and aligned with global standards.

Resilience is not built during crisis. It is built long before.

2. Purpose & Scope

This policy establishes INVA’s framework for identifying, assessing, monitoring, mitigating, and reporting risks across all operations.

Applies to:

• All departments and teams
• Leadership and Board
• Project managers, VAs, and consultants
• Partners providing critical services
• Governance, Finance, HR, and IT units

Covers:

• Strategic risks
• Operational risks
• Financial risks
• Reputational risks
• Compliance risks
• Safeguarding and people risks
• Cybersecurity and data protection risks
• Technology, accessibility, and infrastructure risks
• Partnership and vendor risks
• Inclusion and culture-related risks

3. Guiding Principles

• Proactivity: Identify risks early before they escalate.
• Transparency: Share information with relevant teams to enable informed decisions.
• Inclusivity: Recognize risks affecting marginalized, neurodivergent, or disabled staff.
• Accountability: Clear owners for each risk and mitigation step.
• Evidence-Based: Use data and feedback to guide risk decisions.
• Balance: Manage risks realistically without stifling innovation.
• Adaptability: Update risks as context, laws, or operations evolve.

4. Definitions

• Risk: A potential event that could harm people, operations, finances, reputation, or mission.
• Mitigation: Action taken to reduce the likelihood or impact of a risk.
• Risk Register: A central document tracking all identified risks.
• Safeguarding Risk: Any threat to the physical, emotional, or psychological safety of people.
• Residual Risk: Remaining risk after mitigation measures.
• Risk Appetite: The level of risk the organization is willing to accept.

5. Policy Statements

INVA commits to:

• Maintaining a centralized Risk Management System
• Conducting quarterly risk assessments
• Keeping an updated Risk Register
• Training staff on risk awareness and reporting
• Integrating DEIB and accessibility into risk mitigation
• Protecting staff and clients through safeguarding protocols
• Aligning with international risk standards (ISO 31000)
• Reviewing risks during major organizational decisions
• Ensuring immediate escalation of high-risk incidents

INVA prohibits:

• Concealing or failing to report known risks
• Ignoring early warning signs or staff feedback
• Retaliation against staff who raise concerns
• Engaging in high-risk partnerships without due diligence
• Using unsafe technologies that compromise data, privacy, or accessibility
• Delayed response to safeguarding risks

6. Procedures

A. Risk Identification

Risks can be identified through:

• Staff reports
• Project reviews
• Partner feedback
• Financial analysis
• Safeguarding data
• DEIB or accessibility assessments
• Technology audits
• Incident reports
• Strategic planning sessions

Each department must review risks monthly.

B. Risk Assessment

All identified risks are assessed using a scoring matrix:

• Likelihood (1–5)
• Impact (1–5)
• Score = Likelihood × Impact

Scoring interpretation:

• 1–5: Low
• 6–12: Medium
• 13–25: High

High risks require immediate escalation.

C. Risk Register Management

The Risk Register must include:

• Risk description
• Category (strategic, financial, safeguarding, etc.)
• Likelihood & impact score
• Owner responsible
• Mitigation plan
• Timeline
• Residual risk
• Status (Open, Monitoring, Mitigated, Escalated)
• Notes and updates

Updated quarterly by Governance Team.

D. Risk Mitigation Procedures

Mitigation may include:

• Process redesign
• Introducing accessibility adjustments
• Additional training
• Safeguarding or people-protection measures
• Updating contracts or partner screening
• Strengthening financial controls
• Implementing cybersecurity measures
• Contingency planning
• Removing or replacing high-risk partners/vendors

Each mitigation action must have:

• A clear owner
• A timeline
• A measurable outcome

E. Monitoring & Reporting

• Governance Team produces quarterly Risk Reports.
• Executive Leadership reviews Red Risks monthly.
• Board receives a summary during each board meeting.
• Department heads must monitor risks related to their teams.
• Trend analysis used for continuous learning.

F. Incident Escalation

• Immediate escalation required when there is:
• Safeguarding breach (violence, harassment, exploitation)
• Cybersecurity attack or data breach
• Financial fraud or theft
• Partner misconduct harming staff
• Any situation threatening life, health, or wellbeing
• High-risk incidents must be reported within 24 hours to:
• Governance Team
• Executive Leadership
• Safeguarding focal points (if people are at risk)

G. Crisis Response Integration

• Crisis response teams activated
• Roles assigned (Communications, HR, Legal, Safeguarding, IT)
• Impact assessment conducted
• External authorities engaged if necessary
• Debrief conducted after resolution
• Lessons integrated into future planning

7. Roles & Responsibilities

• All Employees: Report risks early; follow safety and compliance guidelines; raise concerns related to wellbeing, discrimination, or accessibility; participate in training
• Managers & Supervisors: Identify emerging risks; support mitigation actions; encourage staff to speak up; escalate high-risk cases immediately
• Governance Team: Maintain Risk Register; lead risk assessments; produce risk reports; activate crisis response; train staff on risk awareness
• People & Culture (HR): Address risks related to burnout, wellbeing, conflict, or culture; implement accommodations to reduce inclusion-related risks
• Finance Team: Monitor financial risks; strengthen internal controls; ensure compliance with Financial Management Manual
• IT & Data Team: Protect data and technology systems; conduct cybersecurity audits; respond to breaches
• Executive Leadership: Oversee high-risk decisions; allocate resources for mitigation; sign off on risk appetite and thresholds
• Board of Directors: Provide independent oversight; review organizational risk exposure

8. Escalation & Reporting Channels

• Primary channels:
• Governance Team
• HR
• IT & Data Team (for technical risks)
• Safeguarding focal points (for people risks)
• Anonymous reporting:
• Whistleblowing Portal
• Emergency escalation:
• Executive Leadership (within 24 hours)

9. Review & Version Control

• Annual comprehensive risk audit
• Internal audit for adherence to procedures
• Quarterly reviews for major risks
• Versioning displayed on every page
• Previous versions archived

10. How INVA Lives This Policy

We embed risk awareness into everyday operations—not only crisis situations.

We create psychologically safe spaces for staff to raise concerns early.

We design systems with accessibility and inclusion so risks affecting marginalized groups are visible, not overlooked.

We integrate lived-experience insight into identifying and mitigating people-based risks.

We treat risk management not as fear—but as responsibility.

Resilience is not reactive. Resilience is designed.

1. Why This Policy Matters

Data without purpose is noise. Stories without evidence are guesses. Results management (Monitoring, Evaluation, Accountability & Learning — MEAL) is how INVA ensures our work actually improves people’s lives, respects dignity, and learns from mistakes.

For neurodivergent and disabled participants, conventional MEAL approaches can be inaccessible or retraumatizing. We must design measurement systems that are ethical, inclusive, and that centre lived experience. Good MEAL turns evidence into improved practices, better services, and stronger accountability — while protecting people’s privacy and agency.

This policy ensures INVA measures what matters, learns responsibly, and shares results transparently so we can continuously adapt and improve.

2. Purpose & Scope

This policy sets standards for monitoring, evaluation, accountability to stakeholders, learning processes, and results use across INVA activities.

Applies to:

• All programmes, projects, pilots, and campaigns
• MEAL Unit, Programme Managers, Project Leads, Partnerships, and Communications
• All staff collecting, analysing, or disseminating data
• Contractors and partners engaged in MEAL activities

Covers:

• Indicator selection and data collection
• Inclusive and accessible methods for participation
• Ethics, consent, and data protection in MEAL
• Evaluation design and timing (baseline, midline, endline)
• Feedback, complaints, and accountability mechanisms
• Learning processes and knowledge management
• Use of evidence for decision-making and reporting

3. Guiding Principles

• People-Centred: Respect participant dignity, voice, and choice.
• Inclusivity: Accessible MEAL methods that include neurodivergent, disabled, and marginalized voices.
• Ethics & Consent: Informed, voluntary participation and strict privacy protections.
• Reliability & Validity: Use robust methods to ensure credible findings.
• Transparency & Accountability: Share findings appropriately with stakeholders.
• Learning Orientation: Use results to adapt, not to punish.
• Do No Harm: Avoid retraumatization and minimise respondent burden.
• Adaptability: Methods and indicators can evolve with context and learning.

4. Definitions

• MEAL: Monitoring, Evaluation, Accountability & Learning.
• Indicator: A specific, measurable sign of progress or performance.
• Baseline: Initial measurement prior to programme implementation.
• Midline / Endline: Measurements taken during and at the end of an intervention.
• Accountability Mechanism: Processes for stakeholders to provide feedback or complaints.
• Triangulation: Using multiple methods/data sources to validate findings.
• Participatory Evaluation: Evaluation approach where stakeholders are meaningfully involved.

5. Policy Statements

INVA commits to:

• Designing MEAL processes that centre participant voice and lived experience.
• Using accessible, mixed-method approaches (qualitative + quantitative).
• Ensuring all MEAL activities follow ethical and data-protection protocols.
• Making MEAL outputs understandable and available to stakeholders in accessible formats.
• Resourcing MEAL adequately in budgets and staffing.
• Ensuring findings inform program adaptation, strategy, and policy.
• Protecting confidentiality and providing safe spaces for feedback.
• Prioritising participatory and co-created evaluations where possible.

INVA prohibits:

• Collecting unnecessary personal data.
• Using coerced or non-consensual participation.
• Sharing identifiable sensitive data without explicit consent.
• Using MEAL to punish staff or communities unfairly.
• Excluding neurodivergent or disabled people from MEAL processes through inaccessible methods.

6. Procedures

A. Indicator Design & Selection

• Ensure indicators align with project objectives and INVA Pillars.
• Use a mix of input, output, outcome, and impact indicators.
• Co-create key indicators with participants and partners where feasible.
• Include disaggregation by gender, age, disability status, and other relevant characteristics.
• Keep the indicator set lean — measure what matters.

B. Data Collection Methods

• Use mixed methods: surveys, interviews, focus groups, observations, digital analytics, case studies.
• Ensure accessibility: offer alternative formats (easy-read, audio, visual, sign language, extended time).
• Offer multiple engagement modes: in-person, remote, asynchronous (voice notes, text responses).
• Pilot tools to ensure clarity and accessibility.
• Train data collectors on trauma-informed, anti-bias, and neuroinclusive techniques.

C. Ethics, Consent & Data Protection

• Obtain informed consent using clear, accessible language. Consent is voluntary and revocable.
• Minimise personal data collection; use anonymisation/pseudonymisation where possible.
• Store data securely; restrict access on a need-to-know basis.
• Follow Data Protection Policy (DPA & GDPR alignment) for retention and breach handling.
• Provide participants with information about how results will be used and shared.
• Special protections for vulnerable groups — do not expose them to harm through MEAL activities.

D. Monitoring & Reporting Cadence

• Baseline: before program rollout.
• Routine monitoring: monthly/quarterly as appropriate.
• Midline: midpoint for longer projects.
• Endline: upon project completion.
• Learning reviews: after major milestones and annually.
• Publish accessible summaries of findings for participants and stakeholders.

E. Evaluation Design

• Choose evaluation type that fits learning questions (process, outcome, impact, formative).
• Use mixed-methods and triangulation to increase credibility.
• Consider counterfactuals or comparison groups where possible and ethical.
• Use participatory approaches to involve stakeholders in analysis and interpretation.
• Ensure external evaluations for high-stakes, high-value programs when feasible.

F. Accountability Mechanisms

• Maintain multiple feedback channels: anonymous forms, phone/voice, SMS, in-person meetings, and trusted intermediaries.
• Ensure feedback channels are accessible and confidential.
• Acknowledge feedback within 5 working days.
• Track feedback using the Complaints & Feedback Log with clear status updates.
• Use feedback to adapt programming and close the loop with participants.

G. Learning & Knowledge Management

• Document lessons learned and good practices in accessible formats (briefs, visual summaries, toolkits).
• Host reflection workshops with staff, partners, and participants.
• Maintain a knowledge repository with version control and access controls.
• Encourage cross-team learning and dissemination of MEAL findings to decision-makers.
• Translate findings into actionable recommendations and update program designs accordingly.

H. Accessibility & Inclusion in MEAL

• Budget for accessibility needs (interpreters, assistive tech, accessible design).
• Use plain language and multiple media when sharing findings.
• Provide accommodations for participants (longer interviews, breaks, quiet spaces).
• Ensure data collection instruments are tested with neurodivergent and disabled participants.

7. Roles & Responsibilities

• MEAL Unit: Lead MEAL design, data collection, analysis, and reporting; ensure ethical standards and data protection compliance; train staff and partners on MEAL tools and inclusive methods; maintain MEAL systems and the learning repository.
• Project Managers / Programme Leads: Integrate MEAL into project planning and budgets; support timely data collection and ensure staff cooperation; use findings to adapt project implementation.
• Data Collectors / Field Staff: Follow ethical, neuroinclusive, and trauma-informed practices; ensure consent and privacy; provide accurate, timely data.
• People & Culture (HR): Support staff wellbeing during MEAL activities; provide training opportunities.
• Communications & Partnerships: Translate MEAL findings into accessible outputs for stakeholders; support dissemination and closing the feedback loop.
• Governance Team: Oversee compliance with MEAL policy; ensure findings inform strategy and governance.
• Executive Leadership & Board: Review key MEAL findings and approve major adaptations or strategic shifts; ensure resources are available for MEAL and learning.

8. Escalation & Reporting Channels

• Any ethical concerns or data breaches reported immediately to: MEAL Lead + Data Protection Officer.
• Participant safety concerns escalated to Safeguarding Focal Point.
• Significant findings that require strategic response escalated to Executive Leadership.
• Anonymous complaints or feedback can be submitted via the Accountability Mechanisms; major complaints routed to Governance.

9. Review & Version Control

• Annual MEAL policy review and methodology audit.
• Regular tool and indicator reviews based on lessons learned.
• Versioning visible on all MEAL products.
• Archived data and reports kept according to Data Protection Policy.

10. How INVA Lives This Policy

We listen before we measure. We value depth over vanity metrics. We design MEAL processes that include and protect the most marginalised voices. We publish findings in accessible formats and use evidence to improve programming, refine policy, and inform leadership decisions. We resource MEAL fairly and treat learning as a funded, essential activity—not optional.

Good evidence strengthens compassion with clarity. At INVA, results serve people—not the other way around.

1. Why This Charter Matters

Ethical conduct is not only about compliance; it is about how we treat one another when no one is watching. It is the difference between a workplace where people feel trusted and empowered—and one where they feel unsafe, excluded, or unseen.

At INVA, where many staff and partners are neurodivergent, disabled, marginalized, or operating remotely, professional behaviour must be grounded in empathy, respect, accessibility, and accountability. Ethical conduct protects dignity, strengthens relationships, and builds credibility with clients and communities.

This Charter sets the standard for how we show up for each other, for our partners, and for the mission. It reflects who we are—and who we choose to be.

2. Purpose & Scope

This Charter outlines INVA’s expectations for ethical and professional behaviour across all roles, relationships, and modes of work.

Applies to:

• All employees, VAs, interns, consultants, and volunteers
• Leadership and Board members
• Partners and contractors acting on behalf of INVA
• All physical, hybrid, and virtual spaces

Covers:

• Respectful communication
• Workplace behaviour
• Ethical decision-making
• Boundaries and conduct
• Conflict resolution
• Confidentiality and privacy
• Digital behaviour and cybersecurity
• Anti-corruption, anti-harassment, and anti-discrimination expectations
• Representation of INVA in public or online

3. Guiding Principles

• Integrity: Act honestly and consistently with INVA’s values.
• Respect: Treat others with dignity, regardless of identity, neurotype, or position.
• Equity: Recognize systemic barriers and avoid biased or exclusionary behavior.
• Accountability: Take responsibility for your actions and decisions.
• Accessibility: Communicate and behave in ways that are inclusive for all.
• Confidentiality: Protect information entrusted to you.
• Safety: Prioritize physical, emotional, and psychological safety.
• Professionalism: Demonstrate consistency, reliability, and ethical judgment.

4. Definitions

• Professional Behaviour: Actions and communication that reflect respect, clarity, and responsibility.
• Ethical Conduct: Making decisions based on transparency, fairness, integrity, and INVA values.
• Boundaries: Healthy limits around communication, personal interactions, and power dynamics.
• Conflict of Interest: When personal interest could influence objective decision-making.
• Digital Misconduct: Harmful, unsafe, or unethical behaviour online.

5. Policy Statements

A. Respectful Communication

• Use clear, accessible, plain language whenever possible
• Respect pronouns, identities, and communication preferences
• Listen actively without interrupting or dismissing others
• Avoid sarcasm, belittling, discriminatory remarks, or microaggressions
• Consider cultural and neurodivergent communication differences
• Provide space for processing time and clarification

INVA prohibits:

• Shouting, insults, verbal abuse
• Discriminatory jokes or comments
• Ignoring or silencing colleagues
• Mocking neurodivergent traits or communication styles

B. Professional Behaviour & Conduct

• Honour commitments, deadlines, and work quality
• Acknowledge delays transparently
• Avoid gossip, rumor-spreading, or toxic behavior
• Maintain healthy boundaries; avoid favoritism
• Respect working hours, communication norms, and others’ time
• Dress appropriately for context
• Participate in trainings and policy refreshers

INVA prohibits:

• Bullying, intimidation, coercion
• Emotional manipulation
• Abusive supervision
• Boundary-crossing that harms wellbeing

C. Ethical Decision-Making

• Does this align with INVA’s values?
• Is it fair and transparent?
• Would I be comfortable if this was public?
• Does this protect people, especially vulnerable groups?
• Is this free from conflict of interest?
• All staff must declare conflicts of interest annually—or immediately if they arise.

D. Digital Conduct

• Use secure passwords and avoid sharing credentials
• Protect confidential data and follow cybersecurity protocols
• Keep conversations respectful in digital channels
• Avoid sending harmful, explicit, or inappropriate content
• Maintain professionalism in messages, emails, and virtual meetings

INVA prohibits:

• Cyberbullying
• Sharing confidential information externally
• Unapproved downloads or risky websites
• Recording colleagues without consent

E. Representation of INVA

• Uphold INVA’s mission and values
• Communicate professionally with partners or clients
• Avoid misrepresenting INVA
• Seek approvals for public communications when required

INVA prohibits:

• Public statements that contradict organizational values
• Using INVA’s name for personal gain
• Accepting gifts or incentives outside approved thresholds

F. Confidentiality & Privacy

• Keep sensitive information secure
• Share confidential data only on a need-to-know basis
• Follow data protection requirements (see Policy 14)
• Avoid discussing internal matters in public or unsafe channels

G. Anti-Discrimination & Anti-Harassment Linkage

• Follow DEIB Policy
• Follow Harassment Prevention Policy
• Follow Anti-Corruption Policy
• Follow Neuroinclusion Policy
• Follow Safeguarding protocols
• Breaches of these linked policies are breaches of this Charter

6. Procedures

A. Raising Concerns

• Document the incident
• Report to HR, Governance, or a trusted manager
• If unsafe, use the Whistleblowing Portal (anonymous option)
• For urgent risks → escalate to Safeguarding or Executive Leadership
• Zero retaliation is allowed

B. Investigation Process

• Concerns acknowledged within 72 hours
• Governance + HR review the report
• If investigation needed, a case team is assigned
• Interviews, evidence review, and findings conducted confidentially
• Recommended actions implemented (training, mediation, discipline, termination)
• Records stored securely for 7 years

C. Conflict Resolution & Mediation

• Staff may request mediation facilitated by HR or DEIB
• Neurodivergent-friendly adjustments must be provided (extra time, written summaries, support person)
• Outcomes documented and shared with involved parties

7. Roles & Responsibilities

• All Employees: Demonstrate ethical, respectful behavior; protect confidentiality; report misconduct; participate in trainings.
• Supervisors & Managers: Model ethical conduct; address issues promptly; ensure team culture is inclusive and safe; support accommodations and accessible communication.
• HR (People & Culture): Provide training and guidance; receive and document concerns; support staff wellbeing; protect confidentiality.
• Governance Team: Oversee compliance with this Charter; lead investigations when required; maintain professional standards across INVA.
• Executive Leadership: Uphold accountability at all levels; ensure resource allocation; respond to high-risk or high-impact breaches.
• Board of Directors: Provide oversight and ensure INVA’s ethical integrity.

8. Escalation & Reporting Channels

• HR (primary behavioural concerns)
• Governance Team (ethical or conflict of interest concerns)
• Safeguarding focal point (people safety concerns)
• Whistleblowing Portal (anonymous)
• Executive Leadership (high-risk cases)
• Retaliation for reporting is strictly prohibited

9. Review & Version Control

• Annual Charter review
• DEIB and accessibility checks
• Legal compliance verification
• Version number shown on each page
• Past versions archived

10. How INVA Lives This Charter

We choose kindness as culture, not as courtesy. We practice communication that is accessible, clear, and inclusive. We honour differences in thinking, background, and lived experience. We hold one another accountable with compassion and respect. We treat ethical behaviour not as a checkbox, but as a daily commitment to dignity and humanity.

Ethics make trust possible. Trust makes impact possible.

1. Why This Policy Matters

Data is deeply personal. It reveals our identities, our communication patterns, our vulnerabilities, and sometimes our health, neurotype, or lived experiences.

For many people—particularly disabled, neurodivergent, or marginalized individuals—mismanaged data can lead to discrimination, profiling, harassment, or emotional harm.

At INVA, safeguarding data is part of safeguarding people. This policy ensures every piece of information entrusted to us is handled with care, clarity, and respect. Privacy is not a technical requirement; it is a human right.

2. Purpose & Scope

This policy establishes how INVA collects, stores, processes, secures, shares, and deletes personal data.

Applies to:

• All employees, VAs, consultants, and interns
• All departments handling personal or sensitive data
• All clients, partners, suppliers, and users interacting with INVA systems
• All digital platforms, tools, databases, and communication channels

Covers:

• Data collection, storage, and minimization
• Consent and lawful processing
• Data subject rights
• Cybersecurity and access control
• Data sharing with partners
• Breach response procedures
• Accessibility and DEIB considerations
• GDPR, Kenyan Data Protection Act (2019), and global compliance

3. Guiding Principles

• Transparency: People have the right to know what data is collected and why.
• Minimalism: Collect only what is necessary—nothing more.
• Security: Apply strict cybersecurity measures to all data.
• Fairness: Ensure processing is non-discriminatory and inclusive.
• Consent: Participation is voluntary and informed.
• Accessibility: Provide information in formats that everyone can understand.
• Equity: Protect sensitive data about disability, neurotype, gender, etc., with heightened care.
• Accountability: Every staff member is responsible for data integrity.

4. Definitions

• Personal Data: Any information that identifies a person (name, email, ID, etc.).
• Sensitive Data: Highly protected data such as disability, neurotype, gender identity, financial details, health, or safeguarding information.
• Data Subject: The person whose data is being collected.
• Processing: Any activity involving data—collecting, storing, sharing, analyzing, or deleting.
• DPO: Data Protection Officer responsible for compliance oversight.
• Data Breach: Unauthorized access, loss, or disclosure of personal data.

5. Policy Statements

A. Lawful & Ethical Data Collection

• Collect only data with a clear, explicit purpose
• Use plain-language consent forms
• Provide accommodations for understanding consent (easy-read, audio, visual summaries)
• Avoid collecting sensitive data unless essential and consented

INVA prohibits:

• Hidden data collection
• Using data for purposes not shared with the data subject
• Collecting disability or neurotype information without permission
• Storing unnecessary or outdated data

B. Data Storage & Security

• Encrypt sensitive data
• Restrict data access to authorized personnel only
• Use secure cloud systems with two-factor authentication
• Apply cybersecurity best practices
• Back up systems regularly

INVA prohibits:

• Storing personal data on personal devices
• Sharing passwords
• Using unapproved external storage
• Leaving data accessible without encryption

C. Data Minimization & Retention

• Only collect what is necessary for operational or legal purposes
• Define retention timelines for every data type
• Destroy or anonymize data once no longer needed
• Maintain a Retention Schedule aligned with the Data Protection Act

D. Access & Correction Rights

• See what data INVA holds about them
• Correct inaccurate information
• Request deletion of data (except where legally required to retain)
• Withdraw consent at any time
• Request a copy of their data
• Understand how their data is used
• Access information in accessible formats

Requests must be acknowledged within 7 days and resolved within 21 days.

E. Data Sharing & Third Parties

• Share data only with partners who meet our ethical and security standards
• Use Data Processing Agreements (DPAs) with all vendors
• Ensure all partners follow GDPR + Kenyan DPA standards
• Notify data subjects when their data is shared, unless prohibited by law

INVA prohibits:

• Selling personal data
• Sharing data with partners who fail compliance checks
• Data transfers without encryption or legal safeguards

F. Special Protection for Sensitive Data

• Disability and neurotype
• Gender identity and sexual orientation
• Health details
• Financial information
• Safeguarding or whistleblowing records
• Biometric or facial data

These require: explicit consent, limited access, heightened security, stricter retention rules, and trauma-informed handling.

6. Procedures

A. Consent Procedure

• Explain what data is being collected and why
• Offer information in accessible formats
• Obtain explicit consent (written, digital, or voice-form where appropriate)
• Store consent records securely
• Allow withdrawal at any time

B. Data Handling Procedure

• Collect data in secure systems
• Label sensitive data clearly
• Assign access rights based on roles
• Report irregularities immediately to the DPO
• Delete or anonymize data when no longer required

C. Data Breach Procedure

• Notify DPO immediately
• Secure systems and prevent further loss
• Identify affected individuals and evaluate risk
• Notify affected individuals within 72 hours (if required by law)
• Document incident and corrective actions
• Update security protocols

D. Data Sharing Procedure

• Vet third parties using Partner Data Compliance Checklist
• Sign Data Processing Agreement
• Share only encrypted, minimum necessary data
• Monitor compliance annually
• Revoke access if vendor becomes non-compliant

7. Roles & Responsibilities

• All Employees: Protect data entrusted to you; report data concerns early; follow secure communication protocols; participate in yearly data protection training.
• Data Protection Officer (DPO): Oversee compliance with DPA/GDPR; investigate breaches; maintain data processing records; provide training and policy guidance; approve new systems involving data.
• IT & Systems Team: Implement cybersecurity measures; maintain secure access controls; monitor systems for threats; support encryption, backups, and technical compliance.
• HR & People Operations: Protect staff personal and sensitive data; ensure accessible consent and communication; handle data subject requests.
• Governance Team: Audit data processes; ensure high-risk data categories meet stricter requirements.
• Executive Leadership & Board: Ensure adequate resources for data security; oversee compliance and risk reporting.

8. Escalation & Reporting Channels

• Primary: Data Protection Officer
• Technical issues: IT Team
• Sensitive disclosures: Governance + Safeguarding
• Anonymous concerns: Whistleblowing Portal
• Legal matters: Legal Department

Data breaches must be reported immediately — no delays.

9. Review & Version Control

• Annual policy review
• Quarterly audit of high-risk data categories
• Accessibility and DEIB checks
• Version number visible on each page
• Past versions archived securely

10. How INVA Lives This Policy

We treat data as an extension of the person it represents. We design privacy practices that protect the most marginalized individuals, not the most convenient processes. We uphold clarity and humanity in all data interactions. We ensure all systems—from HR to training to client engagement—are built with privacy, accessibility, and dignity at the center.

Protecting data is protecting people. And protecting people is INVA’s mission.

1. Why This Policy Matters

Crises are unpredictable. They can emerge from technology failures, cyberattacks, illness outbreaks, natural disasters, partner misconduct, reputational threats, or safeguarding incidents.

For neurodivergent and disabled staff, crises can be especially destabilizing if communication is unclear, environments change suddenly, or support systems collapse.

A resilient organization protects both its people and its mission. This policy ensures that INVA can prevent, prepare for, respond to, and recover from crises while prioritizing safety, dignity, accessibility, and continuity.

A crisis does not define an organization—its response does.

2. Purpose & Scope

This policy outlines INVA’s framework for crisis preparedness, response, communication, and continuity planning.

Applies to:

• All staff, VAs, consultants, managers, and leadership
• All INVA offices, virtual systems, infrastructure, tools, and programs
• All partners supporting essential operations
• All incident categories, from low-risk disruptions to high-impact emergencies

Covers:

• Crisis preparedness and risk reduction
• Crisis classification and escalation
• Emergency communication
• Safety and safeguarding of staff
• Continuity of critical operations
• IT, cybersecurity, and data continuity
• Post-crisis recovery
• Support for affected staff
• Accessibility during crises

3. Guiding Principles

• Safety First: Protect people physically, emotionally, and psychologically.
• Continuity: Keep essential services running where safely possible.
• Transparency: Share accurate, timely information internally.
• Accessibility: Provide crisis communication in multiple, clear formats.
• Inclusion: Consider unique needs of neurodivergent, disabled, or vulnerable staff.
• Coordination: Ensure cross-team cooperation during response.
• Accountability: Review and learn from crises to improve resilience.
• Compliance: Follow legal, safeguarding, and data-protection requirements.

4. Definitions

• Crisis: A high-impact event that threatens people, operations, reputation, or infrastructure.
• Business Continuity: Processes that ensure essential operations continue during disruptions.
• Incident: A low-level event that may escalate into a crisis.
• Crisis Team: Cross-functional group activated to manage emergencies.
• Red Risk: A severe threat requiring immediate escalation.
• Continuity Plan: Document outlining essential systems and recovery strategies.

5. Policy Statements

INVA commits to:

• Establishing and maintaining a Crisis Management Team (CMT).
• Having a Business Continuity Plan (BCP) that all staff can access.
• Running annual crisis simulations and preparedness training.
• Prioritizing safety, communication, and inclusion during crises.
• Protecting confidential data during disruptions.
• Supporting staff mental health and wellbeing.
• Ensuring service continuity wherever safe and feasible.
• Engaging external emergency services when required.

INVA prohibits:

• Withholding critical safety information
• Discriminatory or inaccessible crisis communication
• Ignoring early warning signs or minor incidents
• Retaliation against those reporting risks or emergencies
• Allowing unsafe work conditions to continue
• Using crises to justify unethical shortcuts

6. Procedures

A. Crisis Identification & Classification

Crises are classified into three levels:

Level 1 – Minor Incident

• Limited disruption
• Managed by departmental leads
• Examples: short-term system downtime, minor errors

Level 2 – Significant Disruption

• Moderate operational impact
• CMT partially activated
• Examples: extended outage, partner misconduct, data compromise (low-risk), staff conflict

Level 3 – Major Crisis

• High risk to people, data, finances, or reputation
• Full CMT activation
• Immediate escalation required
• Examples:
  • Data breach
  • Safeguarding or harassment crisis
  • Reputational attack
  • Natural disaster
  • Major cyberattack
  • Loss of key infrastructure
  • Incident involving harm to personnel

B. Crisis Management Team (CMT)

Core Members:

• Executive Director (CMT Lead)
• Governance Lead (CMT Deputy)
• Head of HR / Safeguarding
• Head of IT & Cybersecurity
• Communications Lead
• Finance Lead
• Department leads (as needed)

Responsibilities:

• Assess crisis situation
• Coordinate response actions
• Ensure clear, accessible communication
• Protect staff and clients
• Liaise with external authorities
• Approve continuity decisions
• Manage recovery and documentation

C. Crisis Response Protocol

Step 1: Detection

Any staff member who notices a crisis must report immediately to:

• Supervisor
• Governance
• HR (if people-related)
• IT (if system-related)
• Safeguarding Focal Point (if safety-related)

Step 2: Activation

Governance team evaluates the severity and activates CMT for Level 2 or 3 crises.

Step 3: Stabilization

Actions may include:

• Evacuation or relocation
• Restricting system access
• Containing cyberattacks
• Suspending affected operations
• Implementing no-contact orders
• Alerting external emergency services

Step 4: Communication

• One internal update within the first 2 hours
• Clear, accessible messaging (plain language, text + audio options)
• External communication handled ONLY by Communications Lead
• Sensitive crises require confidentiality and privacy safeguards

Step 5: Continuity Activation

Business Continuity Plan (BCP) outlines:

• Essential services and their recovery order
• Backup systems and temporary arrangements
• Roles responsible for each function
• Accessibility and neuroinclusion adjustments

Critical functions include:

• Payroll
• Data protection
• Client servicing
• Communication channels
• Safeguarding response
• IT system integrity
• Finance operations

D. Business Continuity Measures

1. Digital Continuity

• Cloud backups with redundancy
• Regular cybersecurity audits
• Backup communication channels (WhatsApp, SMS, alt-email)
• Offline access to essential documents

2. Operational Continuity

• Cross-trained staff for key roles
• Alternative workflows during outages
• Decentralized file storage (secure)
• Rotating responsibility assignments

3. Staff Continuity & Wellbeing

• Flexible work arrangements
• Stress and trauma support referrals
• Adjusted workloads for affected teams
• Accommodations for neurodivergent and disabled staff

E. Crisis Recovery & Post-Incident Review

1. Recovery Phase

• Restore operations safely
• Validate data integrity
• Communicate return-to-normal timelines
• Support affected individuals

2. After-Action Review (AAR)

Conducted within 14 days, including:

• What happened?
• What worked?
• What failed?
• What needs to change?
• Neurodiversity and accessibility considerations
• Recommendations and accountability steps

3. Documentation & Learning

• Incident reports stored securely
• Lessons integrated into Risk Register
• Updated BCP and Crisis Policy
• Shared learning summarized in accessible format

7. Roles & Responsibilities

All Employees

• Report crises immediately
• Follow safety instructions
• Protect data and equipment
• Participate in training and drills
• Communicate calmly and respectfully

Supervisors & Managers

• Ensure team preparedness
• Identify early warning signs
• Provide accessible communication to team members
• Support recovery efforts

HR & Safeguarding

• Protect staff wellbeing
• Manage sensitive or harm-related incidents
• Provide trauma support referrals
• Monitor vulnerable staff needs

IT & Cybersecurity

• Lead digital crisis response
• Secure systems and backups
• Manage cyberattacks and breaches
• Restore digital infrastructure

Governance Team

• Lead crisis classification
• Maintain emergency protocols
• Ensure accountability and documentation

Communications Lead

• Control external messaging
• Issue clear internal updates
• Prevent misinformation

Executive Leadership

• Make high-level decisions
• Authorize major operational shifts
• Ensure resource allocation
• Oversee continuity and recovery

8. Escalation & Reporting Channels

Primary Escalation:

• Governance Team
• Safeguarding (if harm to people)
• IT Team (if cyber or system-related)
• Executive Leadership (Level 3 crises)

Anonymous Escalation:

• Whistleblowing Portal

External Escalation (if required):

• Police / emergency services
• Data Protection Commissioner
• Cybersecurity authorities
• Legal or regulatory bodies
• Mental health crisis support services

Retaliation for reporting a crisis is strictly prohibited.

9. Review & Version Control

• Annual crisis simulation and policy review
• Quarterly BCP updates
• Annual accessibility and DEIB crisis communication audit
• Version control displayed on every page
• Previous versions archived

10. How INVA Lives This Policy

We prepare before crisis strikes.
We protect people above productivity.
We communicate with clarity and compassion.
We build systems that work for everyone—including disabled and neurodivergent staff.
We learn, adapt, and continuously strengthen our resilience.

Resilience is not luck. It is leadership, preparation, and humanity.