Ihsan Standard
Nonprofit standards · Website signals

What our website scan looks for.

These are the signals our automated public-website scan looks for on a nonprofit’s own site. Each one maps to a standard in the nonprofit methodology — they’re how an org’s public site surfaces what it already does. This isn’t a gotcha, and it isn’t a separate rubric.

Many are transparency data points, not pass/fail requirements — an org may have a perfectly good reason not to publish a given one. We list what we look for so you can surface what you already have, and tell us so we re-index. We publish the marker, the detection method, and the ideal state for each.

On this page

Financial transparency

#01

Form 990 linked from the website

Why it matters
Donors should not have to hunt ProPublica for the most basic disclosure document a nonprofit files. A direct link signals the org treats public filings as donor-facing material, not paperwork.
How we detect it
Static scan for `form 990`, `990-PF`, and Guidestar/ProPublica/ProPublica Nonprofit Explorer links on the homepage, /about, /financials, /transparency.
What we'd love every org to have
Direct PDF link to the most recent three years, plus a one-paragraph plain-English explanation of what changed year-over-year.
If this applies to you — how to surface it
  1. Upload the most recent 3 fiscal years of Form 990 PDFs to your site.
  2. Link them from /financials, /about, or /transparency — somewhere a donor will find them.
  3. Add a one-paragraph plain-English explanation of what changed YoY.
  4. Sign in and submit the financials-page URL — we'll re-index and lift the tag.
Ask us to re-index

Once the change is live on the org website, sign in with UmmahPassport SSO and submit the supporting link. Ihsan Standard re-runs detection and lifts the tag on the next pass — typically within 5 business days.

Sign in & request reindex →

UmmahPassport SSO live in Phase 2. Until then, the engagement-track contact form works the same way.

#02

Audited financials published

Why it matters
An independent audit is the single strongest signal that the financial story the org tells matches reality. Without it, donors are taking management's word for it.
How we detect it
Look for `audit`, `audited financial statements`, `independent auditor` on financial-disclosure pages.
What we'd love every org to have
Three most recent audited financials, alongside the auditor's name and how long they've served (long tenure is itself a flag).
If this applies to you — how to surface it
  1. Engage an independent CPA — or the Ihsan Standard audit — to audit (or review) your financials.
  2. Publish the audit opinion letter + financial statements on your site, ideally 3 years deep.
  3. Name the auditor and disclose how long they've served you (rotate periodically).
  4. Sign in and submit the audit page URL — we'll re-index.
Ask us to re-index

Once the change is live on the org website, sign in with UmmahPassport SSO and submit the supporting link. Ihsan Standard re-runs detection and lifts the tag on the next pass — typically within 5 business days.

Sign in & request reindex →

UmmahPassport SSO live in Phase 2. Until then, the engagement-track contact form works the same way.

#03

Stated reserves policy and months of operating reserve

Why it matters
Best-practice nonprofit governance: a published reserves policy with a target range and the current ratio against it. Tells donors the org is built to weather a bad year.
How we detect it
Text search of /about, /financials, /annual-report for `reserves policy`, `operating reserve`, `months of operating expense`.
What we'd love every org to have
Policy linked publicly, stating a target (often 3–12 months) and the current month-count.
If this applies to you — how to surface it
  1. Adopt a board-approved reserves policy with a target range (industry norm is 3–12 months).
  2. Publish the policy on your /financials or /about page.
  3. State the current months-of-reserve calculation against the target.
  4. Sign in and submit the URL once published — we'll re-index.
Ask us to re-index

Once the change is live on the org website, sign in with UmmahPassport SSO and submit the supporting link. Ihsan Standard re-runs detection and lifts the tag on the next pass — typically within 5 business days.

Sign in & request reindex →

UmmahPassport SSO live in Phase 2. Until then, the engagement-track contact form works the same way.

Zakat policy

#01

Published zakat policy page that's specific to this org

Why it matters
A `/zakat-policy` page that's org-specific (not a generic 'What is Zakat' explainer) signals the org has actually thought through the operational fiqh of zakat — and is willing to be held to its choices.
How we detect it
Automatic detection from public website data on `/zakat-policy`, `/zakat-methodology`, `/our-approach-to-zakat`, plus a heuristic distinguishing org-specific from encyclopedic language.
What we'd love every org to have
Plain-English page covering admin-cost policy, segregation, scholar board, eight-category allocation, lunar-year timing, tamlīk position, and fī sabīlillāh interpretation. Versioned with a changelog.
If this applies to you — how to surface it
  1. Publish a dedicated /zakat-policy page (URL slug matters — donors search for it).
  2. Cover at minimum: admin-cost policy, fund segregation, scholar board, 8-category allocation, lunar-year timing, tamlīk and fī sabīlillāh positions.
  3. Write it in plain English, not boilerplate copied from another org.
  4. Version it — a changelog signals you stand behind your choices and revise as understanding evolves.
  5. Sign in and submit the policy URL — we'll re-index immediately.
Ask us to re-index

Once the change is live on the org website, sign in with UmmahPassport SSO and submit the supporting link. Ihsan Standard re-runs detection and lifts the tag on the next pass — typically within 5 business days.

Sign in & request reindex →

UmmahPassport SSO live in Phase 2. Until then, the engagement-track contact form works the same way.

#02

Named scholar advisory board

Why it matters
Naming the scholars who review an org's fiqh decisions supports peer accountability and makes those positions citable.
How we detect it
Regex for `Sheikh|Mufti|Dr.|Imam|Ustadh [Firstname] [Lastname]` in proximity to zakat / fatwa / advisory language.
What we'd love every org to have
At least two named scholars with credentials, institutional affiliations, and a one-sentence statement of their fiqh madhhab or methodological stance.
If this applies to you — how to surface it
  1. Name the scholars who review your zakat / fiqh decisions — at least two, ideally with diverse madhhabs.
  2. Publish each scholar's credentials and institutional affiliation.
  3. State each scholar's methodological stance in one sentence so donors can read it without inferring.
  4. Sign in and submit the URL of the page where scholars are named — we'll re-index.
Ask us to re-index

Once the change is live on the org website, sign in with UmmahPassport SSO and submit the supporting link. Ihsan Standard re-runs detection and lifts the tag on the next pass — typically within 5 business days.

Sign in & request reindex →

UmmahPassport SSO live in Phase 2. Until then, the engagement-track contact form works the same way.

#03

Transparent policy on admin costs applied to zakat funds

Why it matters
Zakat is restricted under classical fiqh — it can't be spent on general admin and overhead the way unrestricted donations can. We don't assume a cap exists; we look for the org to state its policy plainly: whether any admin cost is drawn from zakat at all, and if so, how much and on what basis. The classical basis for compensating those who administer zakat is the Qurʾānic category of ʿāmilīna ʿalayhā (one of the eight aṣnāf) — scholars differ on how far that extends to general operational overhead.
How we detect it
Pattern match for statements of admin / overhead policy in proximity to `zakat` on policy pages — including explicit 'no admin fee taken from zakat' language.
What we'd love every org to have
A public statement of the org's admin-cost policy on zakat: either that no admin / overhead is drawn from zakat funds, or — if a share is — the percentage and its basis under ʿāmilīna ʿalayhā, reconciled to the annual audit.
If this applies to you — how to surface it
  1. State your policy publicly: if you take no admin cost from zakat, say so plainly.
  2. If you do apply an admin cost, publish the percentage and its basis (the ʿāmilīna ʿalayhā entitlement to compensate those administering the zakat — scholars differ on how far it extends to general overhead), and be explicit about what it includes (staff, processing fees, allocation overhead).
  3. Reconcile it to your annual audit so donors can verify.
  4. Sign in and submit the URL — we'll re-index.
Ask us to re-index

Once the change is live on the org website, sign in with UmmahPassport SSO and submit the supporting link. Ihsan Standard re-runs detection and lifts the tag on the next pass — typically within 5 business days.

Sign in & request reindex →

UmmahPassport SSO live in Phase 2. Until then, the engagement-track contact form works the same way.

#04

Zakat funds clearly demarcated

Why it matters
Comingling zakat with general operations is a common fiqh concern across the sector. What we look for isn't a particular banking arrangement — it's that zakat receipts are clearly demarcated and tracked so they reach eligible (aṣnāf) recipients, rather than being bucketed as a general donation spendable on any cause.
How we detect it
Text search for `segregated`, `restricted zakat fund`, `tracked separately`, `demarcated`, `zakat is only spent on`, and similar earmarking language.
What we'd love every org to have
A public statement that zakat is clearly demarcated and tracked separately from general funds — a dedicated account is one way, but clear internal earmarking plus accounting is sufficient — so it's disbursed only to eligible recipients.
If this applies to you — how to surface it
  1. Demarcate zakat receipts in your accounting so they're tracked separately from general donations (a separate bank account is one option; clear earmarking + an internal control is enough).
  2. Publicly state that zakat is disbursed only to eligible (aṣnāf) recipients, not general operations.
  3. Have your auditor confirm the demarcation held in the next audit (optional — a strong signal).
  4. Sign in and submit the URL of the disclosure page — we'll re-index.
Ask us to re-index

Once the change is live on the org website, sign in with UmmahPassport SSO and submit the supporting link. Ihsan Standard re-runs detection and lifts the tag on the next pass — typically within 5 business days.

Sign in & request reindex →

UmmahPassport SSO live in Phase 2. Until then, the engagement-track contact form works the same way.

#05

Zakat distribution timeline

Why it matters
Some classical fiqh positions hold that zakat should be distributed within a hawl (one lunar year) of collection. If an org follows that, we note it as a transparency signal. If it doesn't, that isn't a failing on its own — donors just shouldn't have to wonder whether zakat is sitting indefinitely. We understand an org may receive a large amount of zakat in a year and need time to distribute it well; what we look for is evidence of an active disbursement process.
How we detect it
Pattern match for `lunar year`, `hijri year`, `hawl`, `within one year`, and disbursement-timeline language.
What we'd love every org to have
Either a public commitment to lunar-year distribution, or — if zakat is held longer — a clear statement of the org's active disbursement process and timeline, so funds aren't sitting indefinitely. A published average days-to-disbursement metric is a strong signal.
If this applies to you — how to surface it
  1. If you follow lunar-year distribution, say so on your zakat-policy page.
  2. If your operations require holding zakat longer, describe your active disbursement process and timeline so donors see it isn't sitting indefinitely.
  3. Publishing an average days-to-disbursement metric is a strong transparency signal.
  4. Sign in and submit the URL — we'll re-index.
Ask us to re-index

Once the change is live on the org website, sign in with UmmahPassport SSO and submit the supporting link. Ihsan Standard re-runs detection and lifts the tag on the next pass — typically within 5 business days.

Sign in & request reindex →

UmmahPassport SSO live in Phase 2. Until then, the engagement-track contact form works the same way.

Religious products

#01

Qurbānī / Uḍḥiya offered with full timing disclosure

Why it matters
Qurbānī has a fiqh-window of three or four days. An org that takes orders past the window or distributes meat outside it is selling something that won't fulfill the donor's religious obligation.
How we detect it
Automatic extraction from qurbānī / udhiya / dhul-hijjah pages for cutoff date, slaughter window in days, geographic distribution, per-share price, proof-of-fulfillment language.
What we'd love every org to have
Pre-Eid order deadline, three- or four-day slaughter window stated with madhhab citation, photo or certificate per share, named distribution country.
If this applies to you — how to surface it
  1. On your qurbānī page, publish the pre-Eid order cut-off date.
  2. State the slaughter window (3 or 4 days) and cite the madhhab basis for your timing choice.
  3. Commit to per-share proof of fulfillment: photo, GPS-tagged video, or named-animal certificate.
  4. Name the distribution country (and city if possible).
  5. Sign in and submit the qurbānī page URL — we'll re-index.
Ask us to re-index

Once the change is live on the org website, sign in with UmmahPassport SSO and submit the supporting link. Ihsan Standard re-runs detection and lifts the tag on the next pass — typically within 5 business days.

Sign in & request reindex →

UmmahPassport SSO live in Phase 2. Until then, the engagement-track contact form works the same way.

#02

Proof-of-fulfillment commitment per donation

Why it matters
Per-donation tracking is the gold standard of donor experience in the Muslim sector. Without it, the donor has no way to know their qurbānī or sponsored orphan story is real.
How we detect it
Pattern match for `photo`, `video`, `certificate`, `proof of slaughter`, `name on the animal`.
What we'd love every org to have
Each donation has a unique receipt with media (photo / video / GPS-tagged report) accessible via donor portal.
If this applies to you — how to surface it
  1. Build a donor portal where each gift gets a unique tracking ID.
  2. Attach media to each ID: a photo, video, or GPS-tagged report tied to the actual program output.
  3. If you don't have the technical capacity, Ihsan Standard OS accounting (Phase 2) provides FIFO bucketing for orgs without per-donation tracking.
  4. Sign in to engage the engagement track — we'll help set this up.
Ask us to re-index

Once the change is live on the org website, sign in with UmmahPassport SSO and submit the supporting link. Ihsan Standard re-runs detection and lifts the tag on the next pass — typically within 5 business days.

Sign in & request reindex →

UmmahPassport SSO live in Phase 2. Until then, the engagement-track contact form works the same way.

Zakat calculator

#01

On-site zakat calculator with current nisab

Why it matters
An org that publishes a stale nisab is misleading donors at the moment of intent. A calculator showing $3,000 nisab when the real number is something else may make donors think they don't owe zakat when they actually do. Our live nisab tool publishes the current gold and silver thresholds daily.
How we detect it
Automatic loading of /zakat-calculator and extraction of the displayed nisab USD value; compared to live gold (87.48g) and silver (612.36g) spot prices.
What we'd love every org to have
Both gold and silver thresholds shown, computed daily from a named spot-price feed, with all eight asset categories as inputs and an admin-cost reminder.
If this applies to you — how to surface it
  1. Add a /zakat-calculator page that pulls daily-updated nisab from a named spot-price feed.
  2. Display BOTH gold (87.48g) and silver (612.36g) thresholds — let the donor pick the conservative one.
  3. Cover all eight asset categories (cash, gold/silver, business inventory, investments, etc.) as inputs.
  4. Sign in and submit the calculator URL — we'll re-index.
Ask us to re-index

Once the change is live on the org website, sign in with UmmahPassport SSO and submit the supporting link. Ihsan Standard re-runs detection and lifts the tag on the next pass — typically within 5 business days.

Sign in & request reindex →

UmmahPassport SSO live in Phase 2. Until then, the engagement-track contact form works the same way.

Vendor & supplier stack

#01

No flagged vendors detected in website stack

Why it matters
Muslim donors increasingly ask whether their donations route through vendors with documented ties to surveillance, content suppression, or political positions adverse to Muslim communities.
How we detect it
Static HTML scan + JS-rendered network-log scan for 14 vendor signatures across Wix, Stripe, Meta Pixel, Hotjar, Clarity, TikTok Pixel, and 8 others.
What we'd love every org to have
Conscientious-Pragmatic tier minimum: zero flagged vendors detected. Conscientious-Strict tier: full back-office stack disclosed during engagement.
If this applies to you — how to surface it
  1. Review the flagged vendors on your org's page (the public-website scan covers what's visible in HTML/JS).
  2. Engage the Ihsan Standard Supplier-Stack Audit — we go beyond public-website detection to inventory the full back-office stack.
  3. For each flagged vendor we surface an ethical alternative with a transition timeline that fits your staffing.
  4. Pair with the Khulafāʾ al-Arḍ Stewardship Audit (environmental footprint of sites and vendors).
  5. Sign in to schedule either audit — Gold tiers are awarded on completion.
Ask us to re-index

Once the change is live on the org website, sign in with UmmahPassport SSO and submit the supporting link. Ihsan Standard re-runs detection and lifts the tag on the next pass — typically within 5 business days.

Sign in & request reindex →

UmmahPassport SSO live in Phase 2. Until then, the engagement-track contact form works the same way.

#02

Surveillance-affiliated SSO on donor-facing pages (flagged)

Why it matters
When an org puts 'Sign in with Google' or 'Login with Facebook' on its donate page, every Muslim donor who clicks it creates an authenticated linkage between their identity and a Muslim charity on the books of a company whose parent holds contracts with militaries and surveillance agencies — Google's Project Maven (Pentagon AI) and Project Nimbus ($1.2B with the Israeli government, joint with Amazon), Microsoft's $21.9B IVAS Army contract, all three major US clouds (Google, Microsoft, AWS) as announced Palantir host partners. Muslim Pro / X-Mode sold prayer-app location data to US Special Operations Command in 2020. The NYPD Demographics Unit surveilled Muslim communities for years. The risk is documented, not theoretical — so we note it and encourage a privacy-respecting alternative.
How we detect it
Static + JS-rendered scan of the org's /donate, /login, and homepage for the script signatures of Sign in with Google (accounts.google.com/gsi/client), Sign in with Apple (appleid.cdn-apple.com), Sign in with Microsoft (login.microsoftonline.com), Login with Facebook (connect.facebook.net), and Login with Amazon (assets.loginwithamazon.com).
What we'd love every org to have
We flag when donor-facing pages embed mainstream surveillance-affiliated SSO and encourage a privacy-respecting alternative — we don't require removal. Alternatives worth considering (any is a meaningful upgrade): UmmahPassport SSO (Muslim-owned, charter-locked against state funding and ad business, zero-admin-visibility architecture); or an open-source privacy-first option — ZITADEL (Swiss-hosted, GDPR-respecting), Authentik (self-hostable), Keycloak (Red Hat open source, self-hostable), or Ory (open source identity primitives). Direct email signup is also fine if you don't need federated identity.
If this applies to you — how to surface it
  1. This is something we flag and encourage you to reconsider — not a required removal.
  2. If you'd like to move off it: pick a privacy-respecting alternative. Best for the Muslim ecosystem: UmmahPassport SSO. Self-hostable: Authentik, Keycloak, Ory. Managed privacy-first: ZITADEL (Swiss). All are OIDC-compliant — wiring one in is a single config block.
  3. If the buttons are there because your donate-platform vendor (Stripe Checkout, Donorbox, GiveLively) loads them by default, most can be turned off in dashboard settings.
  4. Sign in and submit the donate-page URL if you make a change — we'll re-index.
Ask us to re-index

Once the change is live on the org website, sign in with UmmahPassport SSO and submit the supporting link. Ihsan Standard re-runs detection and lifts the tag on the next pass — typically within 5 business days.

Sign in & request reindex →

UmmahPassport SSO live in Phase 2. Until then, the engagement-track contact form works the same way.

Tax-efficient giving

#01

Accepts appreciated stock, DAF grants, cryptocurrency, real estate

Why it matters
Modern major-donor giving moves through DAFs and appreciated assets, not credit cards. An org that only takes cash is leaving the largest donations on the table.
How we detect it
Text search for `donor-advised fund`, `DAF`, `appreciated stock`, `cryptocurrency`, `Bitcoin`, `real estate`, `bequest` across donate pages.
What we'd love every org to have
Each asset class has its own donate flow with the org's brokerage info, custody bank, and confirmation process documented.
If this applies to you — how to surface it
  1. Create a dedicated /ways-to-give page that breaks out each asset class with its own flow.
  2. For appreciated stock: name the brokerage and account number for the receiving party.
  3. For DAF: link to DAF Direct or list the major sponsors you accept grants from.
  4. For crypto: name the wallet provider (e.g. Engiven, The Giving Block).
  5. For real estate / vehicles: provide a contact for the gift acceptance committee.
  6. Sign in and submit the /ways-to-give URL — we'll re-index each tag separately.
Ask us to re-index

Once the change is live on the org website, sign in with UmmahPassport SSO and submit the supporting link. Ihsan Standard re-runs detection and lifts the tag on the next pass — typically within 5 business days.

Sign in & request reindex →

UmmahPassport SSO live in Phase 2. Until then, the engagement-track contact form works the same way.

#02

Corporate matching gifts enabled

Why it matters
Many large US employers will match employee charitable gifts dollar-for-dollar (some up to 3x). For Muslim donors who work at companies with a match program, every dollar given to an org without a match-platform integration is a dollar of free philanthropy left on the table. Orgs that surface a Benevity / Double the Donation / Millie / similar widget on the donate page consistently see 25–40% of donors initiate a match where the program exists.
How we detect it
Static scan for `benevity`, `double the donation`, `doublethedonation`, `millie`, `givewith`, `groundwork`, plus heuristic detection of phrases like 'employer match', 'matching gift program', 'double your donation'.
What we'd love every org to have
Donate-page integration with a corporate-match lookup widget (Double the Donation, Millie, Benevity Causes), plus a one-paragraph donor explainer of how to initiate the match through the employer's giving portal.
If this applies to you — how to surface it
  1. Add a Double the Donation, Millie, or Benevity Causes widget to your donate page.
  2. Write a short donor-facing explainer: how to look up your employer, submit the match, what happens next.
  3. If your nonprofit is not yet registered on the match platforms, register first (it's free).
  4. Sign in and submit the donate-page URL — we'll re-index.
Ask us to re-index

Once the change is live on the org website, sign in with UmmahPassport SSO and submit the supporting link. Ihsan Standard re-runs detection and lifts the tag on the next pass — typically within 5 business days.

Sign in & request reindex →

UmmahPassport SSO live in Phase 2. Until then, the engagement-track contact form works the same way.

#03

Estate & wasiyya (planned giving)

Why it matters
Inheritance- and estate-based giving — sharia-compliant wills (wasiyya), bequests, charitable trusts, life-insurance beneficiary designations — is how Muslim institutions build multi-generational sustainability. A donor's wasiyya is often the largest single gift they will ever make; the org should be ready to receive it correctly and to help the donor write it cleanly per fiqh.
How we detect it
Detection looks for a dedicated estate / wasiyya / planned-giving page (URL or page title), named contact officer for legacy gifts, sample bequest language usable in a sharia-compliant will, and (ideally) referral to fiqh-aware estate-planning resources.
What we'd love every org to have
Dedicated wasiyya / legacy-giving page, named legacy contact officer, sample bequest language, fiqh-aware will-writing resources, life-insurance beneficiary instructions.
If this applies to you — how to surface it
  1. Publish a dedicated /wasiyya, /legacy, or /planned-giving page.
  2. Name a legacy-giving contact officer — donors writing their estate plan need a real human to talk to.
  3. Include sample bequest language usable in a sharia-compliant will (the 1/3 bequest provision).
  4. Link to fiqh-aware will-writing resources (Faraidh apps, scholar-reviewed templates).
  5. Cover life-insurance beneficiary designations as a separate sub-section.
  6. Sign in and submit the wasiyya page URL — we'll re-index.
Ask us to re-index

Once the change is live on the org website, sign in with UmmahPassport SSO and submit the supporting link. Ihsan Standard re-runs detection and lifts the tag on the next pass — typically within 5 business days.

Sign in & request reindex →

UmmahPassport SSO live in Phase 2. Until then, the engagement-track contact form works the same way.

Governance & scholarship

#01

Board members listed publicly

Why it matters
Board composition is governance transparency. Donors should know who holds fiduciary responsibility for the org.
How we detect it
Text search for board / trustee / directors pages.
What we'd love every org to have
Each board member named publicly. A short bio and role is a plus, but a public name list is what we look for.
If this applies to you — how to surface it
  1. Publish a /board or /leadership page listing every board member by name — that's what we look for.
  2. Sign in and submit the page URL — we'll re-index.
Ask us to re-index

Once the change is live on the org website, sign in with UmmahPassport SSO and submit the supporting link. Ihsan Standard re-runs detection and lifts the tag on the next pass — typically within 5 business days.

Sign in & request reindex →

UmmahPassport SSO live in Phase 2. Until then, the engagement-track contact form works the same way.

We work with you, not against you.

If you run an org and want to improve on any of these, the Ihsan Standard engagement track is free. Reach out, share what's in flight, and we'll work through it together. Publishing a gap is always a last resort — and never without right of reply.

Read the full methodology →Try the engagement tools