Do you know what you need to know about IT, cybersecurity, and change management as a board member?
Where is your nonprofit on the scale of IT management maturity? What is the relationship of nonprofit boards and IT roadmaps?
In this podcast Marketing Director Carolyn Woodard, who has served as an IT Director at nonprofits in her career, shares best practices and her thoughts on the importance of
Thank you to the amazing SEAT Program for the invitation to address their board member training alumni and thank you to Dorothy Adams for the introduction.
Like podcasts? Find our full archive here or anywhere you listen to podcasts: search Community IT Innovators Nonprofit Technology Topics on Apple, Spotify, Google, Stitcher, Pandora, and more. Or ask your smart speaker.
Some takeaways:
Carolyn Woodard is currently head of Marketing and Outreach at Community IT Innovators. She has served many roles at Community IT, from client to project manager to marketing. With over twenty years of experience in the nonprofit world, including as a nonprofit technology project manager and Director of IT at both large and small organizations, Carolyn knows the frustrations and delights of working with technology professionals, accidental techies, executives, and staff to deliver your organization’s mission and keep your IT infrastructure operating. She has a master’s degree in Nonprofit Management from Johns Hopkins University and received her undergraduate degree in English Literature from Williams College.
She was happy to give this presentation on nonprofit boards and IT roadmaps to the fabulous SEAT program for community members serving as board members on nonprofits.
Community IT has been serving nonprofits exclusively for twenty years. We offer Managed IT support services for nonprofits that want to outsource all or part of their IT support and hosted services. For a fixed monthly fee, we provide unlimited remote and on-site help desk support, proactive network management, and ongoing IT planning from a dedicated team of experts in nonprofit-focused IT. And our clients benefit from our IT Business Managers team who will work with you to plan your IT investments and technology roadmap if you don’t have an in-house IT Director.
We constantly research and evaluate new technology to ensure that you get cutting-edge solutions that are tailored to your organization, using standard industry tech tools that don’t lock you into a single vendor or consultant. We don’t treat any aspect of nonprofit IT as if it is too complicated for you to understand. When you are worried about recovering from a cybersecurity incident, you shouldn’t have to worry about understanding your provider.
If you have questions about nonprofit boards and IT roadmaps, creating an IT roadmap, or cybersecurity, you can learn more about our approach and client services and contact us here.
We think your IT vendor should be able to explain everything without jargon or lingo. If you can’t understand your IT management strategy to your own satisfaction, keep asking your questions until you find an outsourced IT provider who will partner with you for well-managed IT.
If you’re ready to gain peace of mind about your IT support, let’s talk.
Carolyn Woodard: Thank you for joining the Community IT Innovators Podcast. My name is Carolyn Woodard, and I am the host. And today, I am going to share with you a recording from a presentation I did with Dorothy Adams, who is a consultant in Connecticut, working with the SEAT program to help support community members as they serve on nonprofit boards.
Today, we’re talking about creating an IT roadmap for a nonprofit, but specifically from the perspective of you’re a new board member, what do you need to know about IT. How can you help your nonprofit with their IT planning and strategy to hopefully get them from perhaps an ad hoc break-fix approach to IT, to being more strategic about planning for expenses, budgeting, and making that IT roadmap that helps them know where they’re trying to get to, to where they’ll have stabilized IT, which can help them achieve their mission. You’re going to hear first from Dorothy Adams, introducing me, and then the rest of the podcast.
Dorothy Adams: Community IT Innovators, I came across you guys when, oh gosh, maybe a year ago. Somehow, one of your e-mails came across my desk. I started attending some of the webinars, the free webinars on really key topics like trends. And then there was one the other day on single sign-on. I didn’t know what it was. And within an hour, I now can follow this, which is very helpful for me. And so, we need to get this topic onto our plates because it’s so key, vis-a-vis things like risks and cyber-attacks and stuff like that.
We need everybody, our board members need to be aware of this stuff. I reached out to Carolyn and said, “Carolyn, can you help all of our board members that are serving on different boards and help them to just start to get comfortable with this topic?” She said, “Yes!”
So, we’re here. Carolyn has been not only the marketing and the liaison person for all of Community IT Innovators, but also has prior experience in non-profits and in the IT field. She has been in the shoes of many a person working at nonprofits that are dealing with IT issues. And she’s here with us tonight.
I’m so thrilled. Thank you for coming, Carolyn, and I’ll pass it on to you.
Carolyn Woodard: All right. Thank you. Thanks for the introduction and thanks for coming to the webinars!
My name is Carolyn Woodard, and I am the marketing and outreach director for Community IT. My company does outsourced IT for nonprofits only. We’re not a division of a different company that’s mostly for for-profits, we were formed to serve nonprofits. And we’ve done it over for 20 years, so we have a lot of experience with it.
We really believe that well-managed IT is essential to any nonprofit to be able to achieve their mission, and that every nonprofit deserves well-managed IT.
So that’s kind of where we’re coming from, and why we have a lot of free resources on our site. We have webinars, we have a podcast, we have transcripts. However it is that you best can take in information, hopefully, we have something there that can help.
We give this presentation fairly often about designing an IT roadmap to create value, and it’s really about IT management.
IT can be overwhelming. It is, as Dorothy said, a part of the nonprofit that touches everything. It’s like HR, right? Everybody has to have email. Everybody has to be able to log in. If something isn’t working, everyone freaks out, saying “I can’t log in to Zoom!” or whatever it is. But if it’s working, nobody notices it. Should. Nobody should notice it, right?
It’s just like anything else you have to manage, but it has this extra piece of, “I don’t know anything about IT or I’m not going to be able to do this.” This presentation is all about, you can do it.
Before I worked at Community IT, I actually was a client of Community IT. I was at a small nonprofit and our email broke one day, and I called Community IT, and we became their client. And then I just stayed really good friends with the CEO. And eventually after I had been the IT director at a couple of different other nonprofits, he called me up and asked, “can you come work for us?” And I said, sure. Because I just love the mission, and I love being able to get in front of nonprofits and help with the IT management.
We are a 100 percent employee-owned company. Our founder sold the company to the employees. It was a five-year process for him to divest of his shares and pass them over to us, which is great. It gives us all a piece of the company, and we all have a lot of interest in doing a good job.
We want our clients to succeed. We don’t always recommend the most expensive thing, and IT can be done without having to be the newest thing, the most expensive thing, all of that.
We are a top MSP, which stands for managed service provider. We’re on this list of the top 501 managed service providers. And we think that we’re the only one on the list that only deals with nonprofits. A lot of outsourced IT, like I said, they have a division that does nonprofits, but we really feel like we understand nonprofits. And a lot of us have worked for nonprofits before, so we know how crazy it can get.
The learning objectives for tonight are
My questions to start with are, does the nonprofit that you are on the board with, does that nonprofit have an IT director? Do they have someone at the nonprofit who’s in charge of IT? Where IT falls under them. A lot of times IT will fall under a COO, the person who’s in charge of operations.
This next question, same thing, who does IT report to? Often it will report to the COO if there’s a Chief of Operations. Sometimes it’s the CFO. At the large nonprofit where I was, I was the IT director and I was under the CFO, which was great because she was amazing and taught me how to make a budget, which I didn’t know when I got that job.
Often it can come under the CFO. Sometimes in a really large organization, there can be a CIO, the Chief Information Officer. And sometimes IT reports to the executive director, because it’s a kind of operations. So that’s important to know.
Some people get voluntold that they will be in charge of the IT. There are some people, we used to call them accidental techies. That was how I got into this too, as I was a little bit technical. And when you do a thing, you become the person who does that thing. So that can happen.
Another thing to think about is, how does that nonprofit manage IT now? Do you fix things when they break? Do you have a strategic planning process? Usually, it’s part of a budgeting process. That’s something to think about.
And, does your nonprofit have an IT roadmap already? If you have an IT department, they may, they may not. I’m always surprised. Sometimes we start working with a large client and they have an IT department, but they don’t have an IT roadmap.
Sometimes they don’t even have an inventory of all of the devices, all of the subscriptions, apps that they’re using, tools that they’re using. So it isn’t always the case that a larger place or place with an IT director will definitely have an IT roadmap, but it’s something we recommend for everyone. Small nonprofits, larger nonprofits, it really makes sense.
The first thing we’re going to do is talk about setting priorities.
What Community IT does when we come in with a client is we will do an assessment. If there’s someone who’s been in charge of IT, we’ll ask them for this inventory, if they know all the different tools that people are using, all the devices.
Another good question is about how, when you hire someone, how do they get a laptop? Who assigns it to them? Who sets it up for them?
All those types of kind of basic questions. And this is something where you can do this. If you don’t have an IT background, just keep asking questions, you know, things that you’d want to know. And either the people who are managing the IT will be able to tell you, or maybe they haven’t thought of it either.
It’s just good to start with that. An IT department or an outsourced IT or consultant can often help with the assessment. And sometimes it’s good to have an outsider do the assessment or a board member do the assessment because they can ask a lot of those questions and it’s not necessarily challenging to the person who’s supposed to be managing the IT, right? You’re just asking questions. You just want to see the inventory. You want to see how they do the planning, all of those things.
The assessment is unique to every organization. Every time we do an assessment, we have steps that we follow, but every organization is different. And you guys don’t need me to tell you that nonprofits are all very special flowers, and they will have their own way of doing things, their own history, their own culture, their own vibe.
The IT set up is going to be unique to the organization. And doing this assessment is going to help you prioritize your list and make your roadmap.
There are a few things to think about in terms of your priorities.
Hardware, of course, the actual laptops that everybody has.
Existing services, so platforms, software. Often we don’t have software anymore. It’s not on a disk that you put in and you run Microsoft Windows, right? It’s just software as a service. It’s cloud-based, something you subscribe to, that you have a license to. It could be MailChimp for doing your email newsletters. It could be the website. It could be, social media is kind of falls under this. But then your other cybersecurity, Windows, Google Workspace, if that’s what you’re using, all of those things.
And then new initiatives, right? Is there something that your nonprofit is wanting to do?
For example, moving to the cloud. For the last decade or so, that’s been one of the things that’s a new thing we have to do. We have to migrate all of our files to Google Drive, or we have to migrate all of our files to SharePoint.
Right now, your organization might be thinking about AI, whether or not you’re going to use it for different tasks, if you’re going to use it to make people’s work life better, if you’re going to use it for mission, right? If you’re working with education, or I’ve seen some really interesting examples of nonprofits using AI to pull together maybe census data with their clients, with some other data, pull it all together. So that might be a new initiative that you’re looking at.
I just did a podcast with our Chief Technology Officer, who’s our cybersecurity expert, and we talked about recovery planning. The types of steps that you want to take to plan for, for example, the CrowdStrike issue from a couple of weeks ago, a week and a half ago, wasn’t malicious. It was a mistake. Somebody at one vendor uploaded a bad update.
And it didn’t impact a lot of nonprofits. It impacted a lot of larger organizations, the airlines and some hospitals and that sort of thing. But, you know, it can happen to you. And at the rate that cybersecurity incidents are happening, probably something is going to happen at some point. We have tons of cybersecurity resources on our website also.
Dorothy Adams: A question that a client of mine had today was around permanent records. A lot of the board documents and the IRS determination letter and all these things are part of permanent record for document retention policy. We’re wondering, is it better storing that electronically or in paper or both?
That’s something that boards are always thinking, “wait a minute, we’ve got to talk about document retention. Oh, my God.” Well, what do we do?
Carolyn Woodard: Right. If you are storing it electronically, two things.
You want to make sure that whoever is running your IT is doing backups and can restore from backup.
Because the thing that can happen is a ransomware attack. We did a webinar on insurance, and she told this interesting story of a client that suffered a ransomware attack, and it froze everything, including their list of their phone tree of who they were supposed to call in case of a ransomware attack. So that’s the sort of thing that you might want to have a paper copy of – your insurance broker, who is the next person on your phone tree, who do you call? If you have an IT director or your executive director, the insurance, whoever’s in charge of your cybersecurity, when something like this happens, right?
If you have those permanent records electronically and you can restore them from backup, however often you’re doing the backup, if you’re doing it nightly, then theoretically, you don’t have a problem, right?
But you may want to, once a quarter, store them on an external hard drive that is separate from your online cloud storage, right? And that would fulfill that requirement of you can still access them. They might be three months old, right? But you might want to have that kind of extra insurance.
Dorothy Adams: That’s a great idea. Thanks.
Carolyn Woodard: It does come up, right? The board documents that you have to retain. We have a board because we’re an employee-owned, so we have the same needs.
Hopefully you have put together this list of your inventory, the apps that you’re using, all of that sort of thing. This is a roadmap.
You can do it in a spreadsheet. It used to be that people would have a big whiteboard up and put stickies on it. You can still do that if that is how your vibe works at your organization, if that’s going to be the most efficient way to do it.
We often see this in a spreadsheet. And so, you’re going to go through that, and you’re going to take the things that you want to do, and you’re going to assign an urgency to them. The complexity, the impact, is it something that’s going to hit everyone?
For example, Zoom, right? Everyone in your organization uses Zoom, that’s going to be high impact. If it’s QuickBooks and there are two people at your organization that use it, but it’s really important for them, it might have a high urgency, but a low impact, because it’s only those two people using that tool.
If you are a client, we would go through this with you. We have an account manager who sits with you, and we together, we partner on this. What is the most pressing need that we’re going to do first? What are the things that can wait?
Okay. I have a quiz. I’ve been talking for a while. This is just a quiz to see if you’re paying attention. Do you need an IT roadmap at a nonprofit? Yes, no, maybe, don’t know?
Yes, we recommend you have an IT roadmap.
It’s like anything. If you’re going off in 20 different directions, you’re never going to know if you get there. So, if you have a roadmap of where you’re trying to go with your IT, it makes it a lot easier to see all of those sub-tasks that you’re doing. Are they leading to where you’re trying to go? Or are they going off? Do you have a department that wants a new tool? And if that doesn’t fit in our plan at all, let’s talk about it.
With an IT Roadmap, everybody’s going together, and you have these milestones where you can see, how are we doing? Are we getting through these tasks that are urgent, cybersecurity, for example?
Next question – can you make one yourself, or do you have to have an IT consultant? What do you think? Yes? No? Can you make an IT Roadmap yourself?
Yes. You are totally capable of making this yourself. And it will be a benefit to the nonprofit that you’re on the board of if someone makes it. And it might turn out to be you.
You might want to find somebody that is technical or has the time to be able to do it or has authority in the nonprofit, so people will talk to them and tell them what’s going on. But yes, you can do it yourself.
And what skill set and background does someone need to take on an IT planning role?
You do not need to have an IT background. I am living proof that you do not need to know everything about coding, or cybersecurity, or the latest, greatest, this or that laptop that you’re going to get. You can manage IT just like you manage every other thing that you manage in your life. You manage your kids, you manage your vacation, you manage your HR, you manage all of these different pieces. This is just one of those pieces, and you can totally manage it.
We’re going to move on to allocating budget, staff time, and energy.
Nonprofits have three really precious resources. They have money, which is usually quite constrained, right?
They have time, staff time, that they can spend on projects or that they are spending on something because their IT isn’t working.
And they have staff tolerance and ability to absorb change. Kind of that emotional vibe of change management. I just wanted to emphasize that every nonprofit has these three things.
Another question, how do you budget for IT now?
These are different ways that you can do budgeting, which can help you in your planning. Your finance department can take the amount from last year and just increase it. That’s a really easy way to do a budget. It’s going to be about the same amount. We expect to spend about the same amount on our IT.
Your leadership could meet with a bunch of stakeholders and together review the roadmap, create the roadmap, create a strategic plan.
You could be in a break-fix mode, which a lot of nonprofits are in this mode. There is no shame in being a break-fix, but that is really reactive. When something breaks, you fix it, but you don’t have planning for costs.
For example, we recommend that your laptops should be replaced every three to four years. That keeps them in warranty, that keeps them functioning so that your staff can function, and it keeps them being able to receive those security updates that will keep your cybersecurity running.
One of the things that you probably want to do, knowing that you don’t want your laptops to ever be four, five, six years old, is you could plan to replace a third of them every year, so then you have a turnover, and you know about how much it’s going to cost, or a fourth of them every four years. You can stretch it to a fifth of them every five years.
That sort of planning is going to help you with your budgeting. Instead of just saying, oh, this laptop that’s seven years old doesn’t work anymore. Now we have to budget to buy a new one.
Or when someone needs a new tool, their department approves it. This is kind of associated with this kind of break-fix mentality. Everyone’s kind of doing their own thing. “I’m in marketing and I need MailChimp, so I’m just going to take it out of my budget and buy it. And hopefully it’ll integrate with some other things that maybe the donations, you know, the fundraising development department is doing.” But not necessarily, right? You’re not integrating as much as you could.
You could have outsourced IT.
I want to say this is not how we do it, but some outsourced IT will charge you for everything. you have hours, you have labor, you have help desk, and every little thing has a cost. At Community IT we are up front about costs and have a monthly rate.
There’s just different ways that you can handle IT.
We use this IT maturity model a lot. As you are thinking about your nonprofit that you’re on the board of, this is a really good slide to learn and think about and talk about with your people, the leadership that you’re interacting with. The IT maturity model that we use was developed in the 70s at Harvard Business School, and it can just help you understand the level of your organization and plan accordingly.
In the model that we use, this first stage, stage one is ad hoc. Ad hoc organizations make reactive and isolated investments in people, process, and technology solutions in order to meet critical needs. So, this is a bit what we talk about with the break fix approach which is where you’re not being strategic about your IT. It’s very reactive.
Stage two is functional. Functional organizations make some investment in people, processes, and technology solutions in order to meet immediate day-to-day needs.
Stage three, where we hope all nonprofits will be able to get to, is standardized. In standardized organizations, staffing, training, and processes are well-developed so that technology solutions are used according to sets of standardized guidelines across the organization.
Stage four is optimized. Optimized organizations recognize the importance of continual investment in the improvement of technology solutions, and the people and processes required to support those technology solutions.
And stage five is adaptive. Adaptive organizations consistently evaluate technology for strategic advantage and invest significantly in people and processes to be at the forefront of effective technology usage.
I want to emphasize again that we don’t use this maturity model to cast aspersions on organizations that are at the stage one, more reactive, or to think that stage five, adaptive, is always in the best interest of the nonprofit.
We want to see nonprofits get to the standardized level, so they are thinking strategically about IT investments, and they are able to support their staff through standardized processes.
For example, for software selection, decision making, provisioning, onboarding staff, and rolling out the laptops and devices to them, deciding on licenses, doing a budget. We’re hoping that all nonprofits can get to a position where those processes are standardized.
And often, some things will be standardized, some things will be optimized. It’s not like you’re at one level for everything. You’re going to have different pieces. If you’re doing a new initiative, that might be all over the place and not standardized yet as you roll it out and get it standardized for everyone.
One thing that we find is a lot of nonprofits will be at this ad hoc stage. And that’s what I was kind of talking about, where when something breaks, you fix it. You might have donated laptops. Your website was built by somebody’s nephew that likes to build websites and then they left, and now you don’t know how to run it. Those sorts of things. I’m not being judgy.
There are many nonprofits that happily live in the ad hoc stage for their entire length of being a nonprofit. If that is what’s appropriate for the nonprofit, that is what they should be doing. That’s what we feel.
But often ad hoc means you’re spending more on stuff. When you’re just fixing things as they break, you’re not having that strategic planning.
We had a case of a client that we were working on, working with the Academy of Hope in DC, which is an adult charter school.
And because we’ve been partnering with them and we had been working with them on strategic planning, we had a four-year plan for them to be able to support remote students. The plan included, how are they going to get the laptops for these low-income students, adult students who often have very low literacy rates, let alone having their own laptop?
So, we had been planning for this, and 2020, COVID came around.
They shut down in April, and because they had this four-year plan, they went to their funder who wanted them to be able to go remote, and they had this plan already in place, or they had already thought about it. And it was stressful. We implemented a four-year plan over three months, but they opened in September with all of their students remotely.
When you have a plan, you can work with your funders, you can be strategic about where you want to get to as an organization. That’s why we keep stressing the IT roadmap.
We have an article on our website about technical debt. And that is also what I was talking about. When you’re always in this break-fix mode and a kind of scarcity mode, it can take a lot of money to get you up to a plateau to just where IT is functioning. That’s where it’s penny wise, pound foolish that you are saving money by using donated laptops, for example, but in the long run, it’s costing you. So just be strategic and think about all of those costs.
We have more about budgeting on our website.
You’re going to have staff. If you have an IT director, IT manager, that’s going to be a largest category of costs – salaries.
You’re going to have hardware, so everyone has a laptop they can work on.
You’re going to have all these software licenses for the most part and your services and platforms. If you’re using Microsoft, those licenses, if you’re using Google Workspace, if you’re on a Mac, if you’re on a Mac, you’re probably using either Microsoft or Google.
Change management is a thing. For IT, sometimes people get the deer in the headlights feeling that it’s very difficult to do change management with IT. I don’t think it’s more difficult than other kinds of change management that you might have to do.
But again, because IT is touching all of the people at the nonprofit, you really have to have a lot of change management communication. If you’re changing QuickBooks or something like that, and you’re moving to a different platform, that’s going to impact a whole bunch of people. Making sure that you’re really planning for the rollout, you’re testing it, you’re communicating with everyone who uses it, what’s going to change, how they’re going to change, how they log on. Dorothy, as we were talking about in the last webinar about single sign-on, when you change stuff that people are doing, they can have a lot of fear around that or distrust. I think everyone at a nonprofit has had some IT that didn’t work in the past or some big initiative that was just a complete failure.
As you’re working with an executive director or executives at the nonprofit where you’re on the board, sometimes something that a board does is interview people who are going to come into executive roles.
Asking prospective executives about their change management style, and what their belief system is for change management, is something that you can be very helpful with as a board member for a nonprofit.
And then the last little chunk of this is project timelines and planning timelines and planning steps. So, if you remember, just a few minutes ago, half an hour ago or so, I showed you an example of an IT roadmap.
And you might have noticed we put in urgency, high, medium, low. We didn’t have any low urgency. You also have complexity, kind of the different pieces that it is.
You’re going to want to take this IT roadmap, which is the things that you want to do, and assign some timeline to it.
Which quarter are you going to do the things in? This is one way to do it. This is the method that Community IT uses with our clients. You’re going to add in what quarter are you going to do these initiatives in (onto your spreadsheet.) And it’s going to refer back to your roadmap where you said, “this is the most urgent thing.”
The most urgent things are the things that are going to be done first, right? In the immediate quarters coming up.
It might be networking; it might be security. If you have a password manager, if you’re not using multi-factor authentication, if you need to do cybersecurity training, all of those things, you might have assigned medium priority. And so, you’re going to do those in the fourth quarter and the first quarter of the next year.
So again, this is going to be unique to the organization that you’re working with and the executives that you’re working with. But this is an example of how you could go about it. And I think this example is so funny.
I was talking with a person who was doing a webinar with us, because in this example they put policies way down here, two and three quarters in the future. And we just did a webinar on policies and governance. And we always say your policy is really important, acceptable use policy for the staff members who are using your laptops.
Are they allowed to use AI, for example. Years ago, I worked at a place where my poor tech admin came to me, and he had this laptop that someone had brought him. It was full of porn. And if you don’t have a policy that that’s not acceptable, we didn’t have anything that we could go to that staff member and say, “look, you can’t do this.” He explained it, “oh, it must have been malware. I had some kind of thing that happened to me.”
Your policies are going to be in your staff handbook, and you need to review them. If you have policies that date from before everyone went to working from home, you need to review them and update them. What we do now is we drop ship the laptops directly to the staff member. They’re already loaded with the software. The staff member just has to log in. It’s set up for them. That needs to be part of your policy, right? Those acceptable use policies.
If you’re going to use AI, you need to have some policies around the AI tools. Is everyone allowed to use ChatTPT? Just kind of willy-nilly? Are you only going to use copilot, Microsoft copilot, because it’s more contained and private to your organization? All of those things need to be in your policies. We have an Acceptable Use Policies for AI template on our website that can give you a starting point.
So, we always say the policies are very important, but the person that was on this webinar with me said, honestly, if the organization doesn’t have policies, sometimes it can take going through these first parts of the IT roadmap and the planning to understand what the policies need to include. So, it can be something where you start implementing cybersecurity and as you’re doing that, you’re writing the cybersecurity policy, what you expect staff members to do and take care of.
So that’s just my little thing about policies. Policies are important. We have a whole bunch of resources on our website about policies and governance, and that may be something that as a board member is useful to look at as you just ask the questions.
For example, where is the employee handbook, and does it have an acceptable use policy for IT? In the policies would also be your disaster recovery plans. So, Dorothy, what we were talking about with the CrowdStrike, if you have a situation or ransomware or a hacking attempt, some kind of data breach or a vendor that suffers a data breach, what is your next step? What do you do first? What do you do second? Who do you call? All of those things would be in your policies.
And that’s something where, often it’s a time thing, right? The organization knows they need those policies, but sitting down and doing it can be really difficult to get the leadership buy-in that they really take initiative and make sure that there is a policy.
So, if you’re interested in that, our webinar in May was all about how to do policies governance, who needs to be on the committee, how to keep it in front of mind and kid it on your calendar. All right.
So, I’ll just go quickly back over the learning objectives.
So how to set up priorities, how to start designing your IT roadmap. I don’t know if this is going to be something that you, as board members, are going to do, or if you want to help and work with your executive team, or if there’s an IT person, they already have done this, and they can just share it with you so that you can set your mind at ease.
Allocating budgets, staff time and energy. Again, this kind of, it’s different for different organizations, the size of the organization, what the budget is, what the tech attitude is, all of those things.
And then change management, staff capacity. Those are going to be big issues in how successful your IT management is going to be.
And then I just showed you a couple of examples of the project timeline and how you might go through steps.
Dorothy Adams: Another idea might be that, take the slide deck from this presentation and share it to your Executive Director and maybe board chair as well, say, hey, just learned about these issues, would love to hear how we’re handling it. And so it could be that the ED puts it on the agenda for a board meeting and brings in whoever is involved, and then you get a feel for whatever plan they’ve got and what the policies are, and which documents they’re in, and all that kind of stuff. It will trigger their thinking, and maybe it’ll be a, oops, we don’t have that. But at least you’ll know, it starts the conversation.
Carolyn Woodard: And it may be that, “yeah, we’ve got that. We just did our IT plan last month and we can share it with you.” You really don’t know until you ask.
Dorothy Adams: Yeah.
Carolyn Woodard: Well, I want to thank everyone for all of the amazing things that you’re doing stepping up to be on a board. That’s just so incredible. And thank you for taking IT seriously and being here tonight. I really appreciate the time that you spent on it. I know I talked a lot, but I can always talk a lot about this because it really is just so we want to see these organizations be able to achieve their missions and do the great things that they’re doing in their communities.
And it’s just, it’s heartbreaking when there’s a ransomware attack, or I had a friend who had her website attacked. And she just has a small house museum. It’s not like she could pay them anything, but it took a year for her to get her website domain back. It’s just so stressful and so horrifying.
So, any little thing that you can do as a board member to help, we have tons of free resources. And that’s why we make them free, is we really want everybody to do all of this better together, you know?
Thank you for joining us tonight.
CTO Matthew Eshleman presents the release of our newly updated Playbook on Cybersecurity Readiness for Nonprofits download.
Fill out the form below to request a quote. We’ll be in touch shortly to discuss your needs and take the first step toward better nonprofit IT.