Image courtesy bonkedproducer

If your spam and cold calls haven’t resulted in a business relationship, tracking me down personally on LinkedIn, Twitter or Facebook won’t work either.

Let’s be clear: it’s not a secret that I have purchasing responsibility for IT at my company, and my business contact info is easy to find (or purchase). Mind you, I don’t hire companies based on their ability to locate that information and email or call me. I hire consultants and purchase products based on the recommendations in my communities. So cold contacting me might be inexpensive and easy for you to do, but all it tells me is that you don’t respect my time or privacy and you can’t sustain your business based on quality and word of mouth. Two strikes against you, whereas, before you cold-contacted me, you had none.

But, in failing to spam me into a relationship, taking it to LinkedIn or the contact form here is taking your pathetic and unprofessional approach to marketing into a whole new realm of sleaziness and creepitude. Cold-contacting me at my business email or on my business phone is annoying and pathetic, but far more appropriate that tracking down my personal, non-business addresses and contacting me at those. It’s called stalking.

I’m looking at you, Server Technologies. The fact that you’ve spammed me in the past does not mean that we have an established business relationship, as your LinkedIn invite falsely indicates.

And local IT Recruiters 58 and Foggy—you take the cake. Within two minutes, out of the blue, you cold-called my work number, emailed me personally via this blog, and sent me a LinkedIn invite. That was so over the top annoying that I not only will never do business with you, I’ll make sure that all of my professional acquaintances are warned away.

Because I seriously question what a company that violates my privacy as a means of introduction would do if I actually relied on them and dealt with them financially. Ethical behavior? Not a safe thing to assume. Professionalism? Already in the toilet.

Social networks offer a great avenue for the type of business promotion that works for me—word of mouth. Sincere recommendations from people who think you’re good at what you do because they’ve used your products or services. You can foster my business by doing well enough with your current customers that they will speak well of you online. You can also demonstrate your expertise by publishing materials and distributing them on Slideshare and other public repositories (including your web site, of course). If you put your energy into establishing your credentials, instead of shoving your uncertified opinion that you’re great into every channel that you can reach me through, you’ll get a shot at my business. But using these networks to harass and annoy potential customers is incredibly stupid and short-sighted. Similar Posts:

• Feed Fight
• Losing Facebook
• Microsoft’s Secret Giveaway
• Twitiquette
• The Buzz Factor

In mid-2008, Terry Childs, the (then) System Administrator for the City of San Francisco, was called into a meeting with the COO (his boss); the CIO of the SF Police Department; a Human Resources representative; and, unbeknownst to Terry, by phone, a few of the engineers he managed. He was ordered to share the system passwords for the network. He made them up. Subsequently challenged with this fact, he refused to reveal the passwords, ending up in a city jail cell.

Close to two years later, Childs has been found guilty of felonious computer tampering and faces up to five years in prison (he’ll likely be let off in two, with his racked time counting toward the total).

Open and shut, right?  The city claims, and the court found it believable, that Childs’ obstinate refusal to provide passwords resulted in over $200,000 lost city revenue.  He lied to his employer.  He held the city ransom.

Childs’ defense has always been that he was protecting the city’s network.  He wasn’t going to share sensitive passwords with people who, in his estimation, wouldn’t respect the sensitivity of those passwords, and would likely share them other employees and contractors.

To my mind, while that’s a valid concern, it doesn’t clear him.  He still works for the person who was asking for the passwords, and he was obligated to provide them.

The real crime here, though, is not that Childs’ hoarded the keys to the system. It’s that the meeting occurred at all, and the reasons that it came to the point of a stand-off are all too criminally common.  Was Childs guilty? Sure! But others shared guilt in bringing it to that point.  Consider:

• The System Administrator reported to the COO.  No CIO? No VPIT? No IT Director?  This means that there was a gap between the absolute tech and the non-technical businessperson, and that’s a critical layer, particularly for an organization as large as the government of a major U.S. city.


• There were no policies governing use of system passwords. The fact that Childs was allowed to be the sole keeper of the entire network was a lapse in operations that never should have been allowed.


• Childs was a city employee for ten years.  If there were concerns about his trustworthiness or reliability, shouldn’t they have been addressed earlier in that decade?

All too often, IT departments are isolated from the organizations they serve.  Part of this is due to the nature of technology work and techies—we speak a language of our own; enjoy working with the tools that many people find obstructive and confusing; and the majority of us are not very good at casual socializing. More of it is due to the fact that most people—including the CEOs and VPs—don’t get technology, and don’t know how to integrate technology tools and purveyors into the organization.

But that lack of comprehension shouldn’t be a license for persecution.  Everyone’s a loser here, most personally Childs, but the city suffered from a situation they created by not investing properly in technology.  And, by investing, I don’t just mean hiring the right amount of staff and equipment—I mean that CEOs, COOs and everyone up the chain has to step out of their comfort zone and either learn more; hire staff and consultants to vet and translate; or, optimally, both.  The CEO doesn’t have to be as knowledgeable as Bill Gates, but they have to have educated oversight on how IT is run that “gets” what IT is about and how the technology practitioners operate.

As much as Terry Childs is guilty of a crime, he’s tenfold a victim of one, and it’s a cautionary tale for any of us who work in environments where management is happy to let us build a big, isolated kingdom.

What drove Terry Childs to commit a felony was a crime unto itself.Similar Posts:

• Keys to the Kingdom
• The Evolution Of The NTEN Tech Track
• How to Send an All Staff Technical Email
• Paving the Road – a Shared Outcomes Success Story
• Why I won an Anonymous Blogger award at NTC

But, enough gushing. One of my (many) rants regards my concern that, although the biggest group of people that we call “nptechies” are the ones who support technology in their organizations, our biggest nptech conferences focus heavily on social media and the web (NTC, Netsquared, and now SXSW). It is true that the advent of social media and the interactive web is spawning a revolution in the way that we do advocacy and fundraising. But there is no less of a revolution in our server rooms, where virtualization, cloud computing and wireless devices are changing the entire way that we manage and deliver applications.

Our System Administrators, Support Specialists and Accidental Techies need to share in the peer support that can inform their efforts and help them feel more connected, both to their missions and the broader community. This year, in deference to a throat getting hoarse from ranting, I took a first stab at addressing this gap.

The Tech Track

The tech track was conceived as a six session “mini” track; five of the proposed sessions made the cut. The topics went from the basics to the broad overview:

• Tech Track 1: Working Without a Wire (But With a Net): Dealing with Wireless Networks, Laptops, and Cell Phones


• Tech Track 2: Proper Plumbing: Virtualization and Networking Technologies


• Tech Track 3: Earth to Cloud: When, Why and How to Outsource Applications


• Tech Track 4: Budget vs Benefits: Providing Top Class Technology in Constrained Resource Environments


• Tech Track 5: Articulating Tech: How to Win Friends and Influence Luddites.

Joining me in these sessions were fellow blogger Johanna Bates of OpenIssue, Matt Eshleman of CITIDC, Tracy Kronzak of Applied Research Center, John Merritt of the San Diego YMCA, Michelle Murrain of OpenIssue, Michael Sola of National Wildlife Federation and Thomas Taylor of the Greater Philadelphia Cultural Alliance.

Subject Matter

Instead of doing the usual Powerpoint presentations and talking to the crowd, we pulled the chairs into circles for these sessions and put the session agenda up for grabs, asking each group what issues, related to the session topic, were foremost in their minds. The conversation was rich, and served as a healthy catalogue of the challenges facing nonprofit technology practitioners. Some highlights:

• Supporting remote laptop use in a western state with very little wireless bandwidth available


• Securing our networks while making network data accessible on mobile devices


• Supporting use of and crafting fair policies to address the boom in mobile devices


• Understanding the risks and benefits of virtualizing servers and desktops


• Knowing how and when to virtualize, and how Storage Area Networks fit in the big picture


• Weighing the risk of cloud computing, which also entails weighing the risks of our non-cloud networks


• Knowing what to ask a cloud provider to insure that data is safe, even in the case of the provider going out of business


• Assessing the cost of owned vs service-provided applications


• Assessing the readiness of Cloud Computing, and moving large, complex server rooms to the cloud


• Chickens and eggs: what to do when IT is asked to budget, but is not part of the planning process prior?


• What strategies can be applied to provide good technology with limited budgets?


• What tools and resources are available to help with the budgeting process?


• How can we engage our users when we roll out new technology?


• How do we get them to attend training?

Next week, I’ll follow this up with some of the answers we came up with for these questions.Similar Posts:

• The Evolution Of The NTEN Tech Track
• The Sky is Calling
• Where I’ll Be At The 10 NTC
• Why I Won’t Be At NTC (And Why You Should Be)
• NTC Wrap-up

You have a web site and you have a domain, and as long as the web site is up and running, everything is fine. But what happens if your domain is hijacked? What if you need to make changes to your domain registration, or register a new one, and your registrar is simply disinterested? What if they go out of business? Your domain name is a valuable property, and you should keep it in pro-active and trustworthy hands.

How Domain Registration Works

Domain registrars provide the service of keeping your domain name mapped with current information so that it can be found on the web. Domain names are meaningful aliases for numeric IP addresses, and aren’t technically required in order to host a web site. But, the internet would be hard to navigate if we could only find things by their numeric addresses.

The primary thing that a registrar does is to keep your contact (whois) data maintained; point your domain to the appropriate name servers; and allow you to move your domain to another registrar if you choose to.

Domain Services

In addition to domain registration, most registrars offer additional services, such as:

1. Are they accredited? ICANN, the organization that oversees domain management , accredits registrars. If they aren’t on ICANN’s list, they aren’t trustworthy.


2. Do they add a year to the existing expiration date, or charge you for a full year as of engagement? They should do the former.


3. Do they offer automated access to all functions (via web forms), including locking/unlocking domains, retrieval of authorization (EPP) codes, and modification of all whois records? (Some registrars prefer to list themselves as the technical contact. It should be up to you whether they can have an official name on your domain, not them).


4. Do they list a telephone number, and is it promptly answered during business hours?


5. Do they respond promptly to emails and support requests? The ability to communicate with your registrar is rarely needed, but, when it is, it’s critical – you don’t want them out of the loop if your domain is subject to an attempted hijack.


6. Do they offer the ability to manage DNS for mail servers and subdomains? While this is an added feature, it’s common enough to be worth expecting.


7. Do they have any additional services (examples above)? While these supplemental services are far from critical, they are convenient. More to the point, a company that is engaging in a robust suite of services is more likely to be focused on their business. The truth is that anyone can be a domain registrar, if they make the proper investment, but whether it’s a going concern or a neglected piece of extra income for them is a question you’ll want to ask.

Next week: Safely transferring domains and a word on web hosting completes the topic.Similar Posts:

• Dealing with Domains – Part 2
• The Years Of The Kat
• Wanna play with OpenID?
• What does OpenID mean to Non-Profits?
• Sleazy Sales Tactics and Social Networks

Why would this happen? Simple. Because metrics are numbers: ratios, averages, totals. It’s easy to make metrics from financial data.  It’s very difficult to make them out of less quantifiable things, such as measuring how successfully one organization changed the world; protected the planet; or stopped the spread of a deadly disease.

I used to work for an org whose mission was to end poverty in the San Francisco Bay Area. And, sure enough, at the time, poverty was becoming far less prevalent in San Francisco. So could we be judged as successful?  Could we grab the 2005 versus 2000 poverty statistics and claim the advances as our outcomes? Of course not. The reduction in poverty had far more to do with gentrification during the dotcom and real estate booms than our efforts.  Poverty wasn’t reduced at all; it was just displaced. And our mission wasn’t to move all of the urban poor to the suburbs; it was to bring them out of poverty.

So the announcement that our ratings will now factor in mission effectiveness and outcomes could herald something worse than we have today. The dangerous scenario goes like this:

• Charity Navigator, Guidestar, et al, determine what additional info they need to request from nonprofits in order to measure outcomes.


• They make that a requirement; nonprofits now have to jump through those hoops.


• The data they collect is far too generalized and subjective to mean much; they draw conclusions anyway, based more on how easy it is to call something a metric than how accurate or valuable that metric is.


• NPOs now have more reporting requirements and no better representation.

So, my amended title: “We Need A Sea Change In The Way That Our Organizations Are Assessed”.

I’m harping on this topic because I consider it a call to action; a chance to make sure that this self-assessment by the assessors is an opportunity for us, not a threat. We have to get the right people at the table to develop standardized outcome measurements that the assessing organizations can use.  They can’t develop these by themselves. And we need to use our influence in the nonprofit software development community to make sure that NPOs have software that can generate these reports.

The good news? Holly Ross of NTEN got right back to me with some ideas on how to get both of these actions going.  That’s a powerful start. We’ll need the whole community in on this.Similar Posts:

• Get Ready For A Sea Change In Nonprofit Assessment Metrics
• Pop Quiz: PCI Compliance
• Evaluating Wikis
• NPO Evaluation, IE6, Still Waters for Wave
• Succession Planning

The new metrics will assess:

• Financial health and sustainability;
• Accountability, governance and transparency; and
• Outcomes.

This is very good news. That overhead metric has hamstrung serious efforts to do bold things and have higher impact. An assessment that is based solely on annualized budgetary efficiency precludes many options to make long-term investments in major strategies.  For most nonprofits, taking a year to staff up and prepare for a major initiative would generate a poor Charity Navigator score. A poor score that is prominently displayed to potential donors.

Assuming that these new metrics will be more tolerant of varying operational approaches and philosophies, justified by the outcomes, this will give organizations a chance to be recognized for their work, as opposed to their cost-cutting talents.  But it puts a burden on those same organizations to effectively represent that work.  I’ve blogged before (and will blog again) on our need to improve our outcome reporting and benchmark with our peers.  Now, there’s a very real danger that neglecting to represent your success stories with proper data will threaten your ability to muster financial support.  You don’t want to be great at what you do, but have no way to show it.

More to the point, the metrics that value social organizational effectiveness need to be developed by a broad community, not a small group or segment of that community. The move by Charity Navigator and their peers is bold, but it’s also complicated.  Nonprofit effectiveness is a subjective thing. When I worked for a workforce development agency, we had big questions about whether our mission was served by placing a client in a job, or if that wasn’t an outcome as much as an output, and the real metric was tied to the individual’s long-term sustainability and recovery from the conditions that had put them in poverty.

Certainly, a donor, a watchdog, a funder a, nonprofit executive and a nonprofit client are all going to value the work of a nonprofit differently. Whose interests will be represented in these valuations?

So here’s what’s clear to me:

This isn’t easy. This will require that NPO’s who have have never had the wherewith-all to invest in technology systems to assess performance do so.  But, I maintain, if the world is going to start rating your effectiveness on more than the 990, that’s a threat that you need to turn into an opportunity.  You can’t afford not to.

And I look to my nptech community, including Idealware, NTEN, Techsoup, Aspiration and many others—the associations, formal, informal, incorporated or not, who advocate for and support technology in the nonprofit sector—to lead this effort.  We have the data systems expertise and the aligned missions to lead the project of defining shared outcome metrics.  We’re looking into having initial sessions on this topic at the 2010 Nonprofit Technology Conference.

As the world starts holding nonprofits up to higher standards, we need a common language that describes those standards.  It hasn’t been written yet.  Without it, we’ll escape the limited, Form 990 assessments to something that might equally fail to reflect our best efforts and outcomes.Similar Posts:

• Won’t You Let me Take You On A Sea Change?
• The Road to Shared Outcomes
• Paving the Road – a Shared Outcomes Success Story
• My Full NPTech Dance Card
• The NPTech Lineup

Poster by Joshua RothaasCC BY 2.0

My take is that this methodology doesn’t work in environments like ours, where reduced overhead, high turnover and unanticipated priorities are the norm.  We need a less granular methodology; one that will bend easily with our flexible work conditions.  Mind you, when you give up the detailed plan, you give up the certainty that every “i” will be dotted, every “t” crossed, and every outcome accomplished on schedule.  But it’s possible to still keep sight of the important things while sacrificing some of the structural integrity.

First, keep what is critical: clear goals, communication, engagement and feedback.  The biggest risk in any project no matter how well planned, is that you’ll end up with something that has little relation to what you were trying to get.  You need clearly understood goals, shared by all internal and external parties. Each step taken must factor in those goals and be made in light of them.  All parties who have a stake in the project should have a role and a voice in the plan, from the CEO to the data entry clerk.  And everyone’s opinion matters.

Read up on agile project management, a collaborative approach that is more focused on the outcomes than  the steps and timeline to get there.  Offload the project management by focusing on expectation management.  The clearer the participants are about their roles and accountability for their contributions, the less they need to be managed.  Take a look at the Cult of Done (their manifesto is at the top of this article).  Sound insane? Maybe.  More insane than spending thousands of dollars and hours on an over-planned project that never yields results? For some perspective, read The Mythical Man Month (or, at least, this Wikipedia article on it), a book that clearly illustrates how the best laid plans can go horribly wrong.

Finally, my advocacy for less stringent forms of project management should not be read as permission to do it haphazardly.  Engagement in and attention to the project can’t be minimized.  I’m suggesting that we can take a more creative, less traditional approach in environments where the traditional approach might be a bad fit, and for projects that don’t require it.  There are a lot of judgment calls involved, and the real challenge, as always, is keeping your eye on the goals and the team accountable for delivering them.Similar Posts:

• From Zero to Sixty: What type of Project Management tool is appropriate?
• Keys to the Kingdom
• About the new job
• Free as in "Hurricanes"
• NTEN Connected

Public Domain image by Takada

Last week, I shared a lengthy piece that could be summed up as:

“in a world where everyone can broadcast anything, there is no privacy, so transparency is your best defense.”

(Mind you, we’d be dropping a number of nuanced points to do that!)

Transparency, it turns out, has been a bit of a meme in nonprofit blogging circles lately. I was particularly excited by this post by Marnie Webb, one of the many CEO’s at the uber-resource provider and support organization Techsoup Global.

Marnie makes a series of points:

I’ve made the case before for shared outcomes reporting, which is a big piece of this. Sharing and transparency aren’t traditional approaches to our work. Historically, we’ve siloed our efforts, even to the point where membership-based organizations are guarded about sharing with other members.

The reason that technologists like Marnie and I end up jumping on this bandwagon is that the tech industry has modeled the disfunction of a siloed approach better than most. early computing was an exercise in cognitive dissonance. If you regularly used Lotus 123, Wordperfect and dBase (three of the most popular business applications circa 1989) on your MS-DOS PC, then hitting “/“, F7 or “.” were the things you needed to know in order to close those applications respectively. For most of my career, I stuck with PCs for home use because I needed compatibility with work, and the Mac operating system, prior to OSX, just couldn’t easily provide that.

The tech industry has slowly and painfully progressed towards a model that competes on the sales and services level, but cooperates on the platform side. Applications, across manufacturers and computing platforms, function with similar menus and command sequences. Data formats are more commonly shared. Options are available for saving in popular, often competitive formats (as in Word’s “Save As” offering Wordperfect and Lotus formats). The underlying protocols that fuel modern operating systems and applications are far more standardized. Windows, Linux and MacOS all use the same technologies to manage users and directories, network systems and communicate with the world. Microsoft, Google, Apple and others in the software world are embracing open standards and interoperability. This makes me, the customer, much less of an innocent bystander who is constantly sniped by their competitive strategies.

So how does this translate to our social service, advocacy and educational organizations? Far too often, we frame cooperation as the antithesis to competition. That’s a common, but crippling mistake. The two can and do coexist in almost every corner of our lives. We need to adopt a “rising tide” philosophy that values the work that we can all do together over the work that we do alone, and have some faith that the sustainable model is an open, collaborative one. Looking at each opportunity to collaborate from the perspective of how it will enhance our ability to accomplish our public-serving goals. And trusting that this won’t result in the similarly-focused NGO down the street siphoning off our grants or constituents.

As Marnie is proposing, we need to start discussing and developing data standards that will enable us to interoperate on the level where we can articulate and quantify the needs that our mission-focused organizations address. By jointly assessing and learning from the wealth of information that we, as a community of practice collect, we can be far more effective. We need to use that data to determine our key strategies and best practices. And we have to understand that, as long as we’re treating information as competitive data; as long as we’re keeping it close to our vests and looking at our peers as strictly competitors, the fallout of this cold war is landing on the people that we’re trying to serve. We owe it to them to be better stewards of the information that lifts them out of their disadvantaged conditions. Similar Posts:

• Paving the Road – a Shared Outcomes Success Story
• Get Ready For A Sea Change In Nonprofit Assessment Metrics
• NTC08 Part 2: In Honor of Marnie Webb
• Security and Privacy in a Web 2.0 World
• Should Non-profits Seed Software Development?

Idealware’s blog is not the best place for me to talk about my kid.  There’s Facebook and Flickr for that sort of thing. But I want to talk about him anyway, and open a discussion, if possible, about children and the nptech community.

My career is in nonprofit technology (nptech). My plan is to continue working for nonprofits (or, if for profit, a for profit with a mission and a socially beneficial bottom line) until I retire or expire.  While my ten year old boy’s stated goal is to become a NASA engineer, and that’s great, I want him to understand why I chose my path of purposeful work and understand what’s involved in it, should he, at age 15 or 25, decide that NASA isn’t the only option.

A few year’s back, former NTEN CEO and current MobileActive CEO Katrin Verclas suggested adding a program for teenagers at the annual nonprofit technology conference. This is a brilliant idea. We have a great opportunity to educate children in the work we do: advocating for social justice and good; raising funds and resources in order to act effectively and independently; and collaborating in a  supportive community to accomplish our varied, but sympathetic goals.  Whatever our children end up doing with their lives, we have something worthwhile to teach them.

When I was a teenager, I was active in a youth group called Liberal Religious Youth (LRY). LRY was an independent group affiliated with the Unitarian Universalist Association, but it was not a particularly religious group. The themes were more along the lines of addressing social concerns and building community. At ages sixteen and seventeen, I was creating flyers, renting facilities, giving presentations, leading sessions, planning menus and taking a leadership role that prepared me far better for my current career than high school actually did.

When I look at our nptech community, I see a similar environment, where our commitment and excitement regarding our work is bolstered by a natural adoption of supportive camaraderie and peer development. We definitely model something of value to our high school age kids who will face career choices and challenges like ours. We can develop a mentoring program that passes on our expertise in resource management, activism, fundraising, community building, nonprofit technology and social media as a social activism tool. This would provide them with an early introduction to the skills that will be needed when we retire to continue the important work that we do. As much as a grant, donation, or volunteer effort, this is an investment in our work and our world that we should be making.

I want my son to develop his skills and community with socially-conscious peers and mentors.  I want his generation to be more effective than we are at solving problems like poverty, pollution and social injustice. It’s not enough for us to try and save the world. We should be prepping the next generation to keep it protected.

Who’s with me?Similar Posts:

• My Full NPTech Dance Card
• Get Ready For A Sea Change In Nonprofit Assessment Metrics
• Won’t You Let me Take You On A Sea Change?
• More RSS Tools: Web Site Integration
• NPTech.Info Updated

• Do you ever process online, phoned in, or mailed-in credit card donations in-house? e.g., do you maintain the credit card number, expiration date and name of a donor?

If no, you don’t have to worry about this.

• If yes, do you have more than 20,000 such transactions annually?

Well, if you do, congratulations!  Most nonprofits don’t, so they qualify for level 4 of the PCI Compliance scale. That results in a Self Assessment Questionnaire (SAQ) Validation type of “4”.  Higher validation types are subject to stricter security standards.

The Self-Assessment Questionnaire will ask you all sorts of technical questions about your network and security procedures.  Do you have a firewall?  Are all of your transactions encrypted?  Do you use anti-virus software?  Is credit card information properly restricted to authorized staff?

Depending on your network, you might already comply with a lot of the requirements.  If you don’t, then it might require a significant investment to get there.

• What will happen if I ignore this?

This isn’t government regulation (although your state might have laws in place that do mandate some similar response). participation is mandatory.  But, should your security be breached, two things will happen:

1. The compliance requirements for your organization will be reassessed to level one or two, and they’ll be much more costly and complicated to meet.  The credit card companies might decline to do business with you if you don’t comply.  Can you afford to not take Visa?

2. You will likely be indirectly fined for non-compliance.  The credit card companies will hold your bank liable for losses due to credit card theft in situations where your security was substandard.  Your bank will likely pass that fine on to you.

• So what’s the easiest way to deal with this?

Simple: don’t handle credit cards.  There are a number of services that, for a price, will do this for you, from Paypal and Google Checkout to CharityWeb and Blackbaud’s BBNow. Outsourced ECRM software (NetCommunity, Convio, Democracy in Action, etc.) will also handle it. The cost is likely not as significant as that of maintaining compliance or suffering the consequences of a non-compliant breach.

I’ll share that, at the Goodwill where I used to work, outsourcing wasn’t an option, because we were both a charity and a retailer. Our frustration was not that we didn’t have good security in place.  It was that there were differences in how we had set up our security and the PCIDSS requirements.  So, while we had done a lot of work and made significant investments, we still had to reconfigure things and spend more in order to be compliant.  In addition to making our internal IT changes, we had to switch software programs in order to avoid storing credit cards unencrypted in our database, a typical problem.  We also engaged a consultant.  Once you are reasonably sure that you comply, then you must pay a security service to verify your efforts, another non-trivial expense.

Blackbaud has put together some good further reading on this topic (and they are one of the vendor’s whose latest software is compliant; ask your eCRM vendor!).Similar Posts:

• Complying with Data Security Regulation
• Swept Up in a Google wave
• My Full NPTech Dance Card
• Won’t You Let me Take You On A Sea Change?
• Evaluating Wikis

We all know that we make less in this industry than we might in the commercial world, and we’re all pretty okay with that.  But how much, or how little, the discrepancy between “real world” and nonprofit salaries should be is a metric with little established thought behind it.  We don’t base our pay scales on any rationale other than what we determine others are paying and what we can afford. My concern is that, by not taking a strategic, reasoned approach to compensation, nonprofits are incurring far more unnecessary expense than they might, particularly when it comes to technology support, although these thoughts apply across the org chart.

The problem is that, when it comes to determining the market value of a nonprofit employee, we often go to nonprofit salary surveys, such as the one put out by NTEN and the Nonprofit times. But job seekers don’t read those surveys.  In San Francisco or New York, a good System Administrator can make $70-80k a year at a for-profit.  Even if they come in to your org understanding that they aren’t going to be offered the market pay ($75k), they have an expectation that they’ll either be on the low end of it ($70k), or within 10% of it ($67.5k).  The recent NTEN Staffing Survey puts the average nonprofit Sysadmin salary at $52k, which is about 75% of that market. So, given this scenario, here are my questions:

• How many excellent candidates are eliminated from consideration because they can’t afford to take a 25% pay cut?
• Of the ones who can afford that pay, how many can afford it because they aren’t qualified for the work required?
• How many can afford it because they have other primary income sources, and therefore can take a low paying job and not feel very committed to it?
• If a good Sysadmin takes a job at that rate, how long will it be before they decide that they need more money and leave?
• What is the impact of having a heavy rotation among the staff that maintain and upgrade your technology?
• What is the impact of having of having often empty critical IT positions?

But, let’s get really into this. Unless the IT people that are hired at the 75% rate are extremely mature, then they might have some of the common failings of immature Sysadmins:

• Many are often controlling and secretive. I’ve been in multiple situations where I’ve come into an organization and learned that the prior IT staff left with the key system passwords.  I’ve also seen numerous situations where the IT staff left en masse.
• Most Sysadmins are lousy about writing things down.  What is the ramp-up time for your new staff when they have to research and guess how everything works on arrival?
• The general instinct of a new IT person is to rip everything out and install their favorite things. Got Windows? They like Linux.  Got Word? They like Google Docs.  They don’t necessarily understand that one platform is much like another, but imposing massive change on an organization can be dangerously disruptive.

Technology candidates need to be assessed not only for their technical skills, but also for their attitude and maturity.  A very sharp tech, who can answer all of your Outlook questions, might have little patience for documenting his or her work or sharing knowledge with other technical staff. And those skills are the ones that will allow you to transition more smoothly when the tech leaves.

Mission is a motivator, and it has value that can be factored in to overall compensation, but not to the point where it’s so unattractive that it knocks the pool of candidates down to a pool of uncommitted or desperate ones.  The impact of paying poorly isn’t isolated to the salary bucket on the balance sheet.  In many cases, particularly with technology, it’s tied directly to the ability to operate.Similar Posts:

• Fair Pay
• My Full NPTech Dance Card
• Get Ready For A Sea Change In Nonprofit Assessment Metrics
• Succession Planning
• The Case Against Internet Explorer 6

I recently wrote about the potential for shared outcome reporting among nonprofits and the formidable challenges to getting there. This topic hits a chord for those of us who believe strongly that proper collection, sharing and analysis of the data that represents our work can significantly improve our performance and impact.

Shared outcome reporting allows an organization to both benchmark their effectiveness with peers, and learn from each others’ successful and failed strategies. If your most effective method of analyzing effectiveness is year to year comparisons, you’re only measuring a portion of the elephant. You don’t practice your work in a vacuum; why analyze it in one?

But, as I wrote, for many, the investment in sharing outcomes is a hard sell. Getting there requires committing scarce time, labor and resources to the development of the metrics, collection of data, and input; trust and competence in the technology; and partnering with our peers, who, in many cases, are also our competitors. And, in conditions where just keeping up with the established outcome reporting required for grant compliance is one of our greater challenges, envisioning diving into broader data collection, management and integration projects looks very hard to justify.

So let’s take a broader look this time at the justifications, rather than the challenges.

Success Measures is a social enterprise in DC that provides tools and consulting to organizations that want to evaluate their programs and services and use the resulting data. From their website:

Success Measures®, a social enterprise at NeighborWorks® America is an innovative participatory outcome evaluation approach that engages community stakeholders in the evaluation process and equips them with the tools they need to document outcomes, measure impact and inform change.

The tools work on sets of indicators, and they provide pre-defined sets of indicators as well as allowing for custom items. The existing sets cover common areas: Affordable housing; community building; economic development; race, class and community. Sets currently under development include green building/sustainable communities; community stabilization; measuring outcomes of asset programs; and measuring value of intermediary services.

Note that this resources nonprofits on both sides of the equation—they not only provide the shared metrics and accompanying insight into effective strategies for organizations that do what you do; they also provide the tools. This addresses one of the primary challenges, which is that most nonprofits don’t have the skills and staff required simply to create the surveying tools.

Once I understood what Success Measures was offering, my big question was, “how did you get any clients?” They had good answers. They actually engage more with the funders than the nonprofits, selling the foundations on the value of the data, and then sending them to their grantees with the recommendation. This does two important things:

• First, it provides a clear incentive to the nonprofits. The funders aren’t just saying “prove that you’re effective”; they’re saying “here’s a way that you can quantify your success. The funding will follow.


• Second, it provides a standardized reporting structure—with pre-developed tools and support—to the nonprofits. In my experience, having worked for an organization with multiple city, state and federal grants and funded programs, keeping up with the diverse requirements of each funding agency was an administrative nightmare.

So, if the value of comparative, cross-sector metrics isn’t reason enough to justify it, maybe the value of pre-built data collection tools is. Or, maybe the value of standardized reporting for multiple funding sources has a clear cost benefit attached. Or, maybe you’d appreciate a relationship with your funders that truly rewards you with grants based on your effectiveness. Success Measures has a model for all of the above.Similar Posts:

• The Road to Shared Outcomes
• Get Ready For A Sea Change In Nonprofit Assessment Metrics
• The Idealware Research Fund
• Won’t You Let me Take You On A Sea Change?
• Buying Software is like Buying a House (Part 1)

Steve, Lucy and Lalithia painted a pretty visionary picture of what it would be like if all nonprofits standardized and aggregated their outcome reporting on the web. Lalithia had a case study that hit on the key levels of engagement: shared measurement systems; comparative performance measurement and a baked in learning process. Steve made it clear that this is an iterative process that changes as it goes—we learn from each iteration and measure more effectively, or more appropriately for the climate, each time.

I’m blogging about this because I’m with them—this is an important topic, and one that gets lost amidst all of the social media and web site metrics focus in our nptech community. We’re big on measuring donations, engagement, and the effectiveness of our outreach channels, and I think that’s largely because there are ample tools and extra-community engagement with these metrics—every retailer wants to measure the effectiveness of their advertising and their product campaigns as well. Google has a whole suite of analytics available, as do other manufacturers. But outcomes measurement is more particular to our sector, and the tools live primarily in the reporting functionality of our case and client management systems. They aren’t nearly as ubiquitous as the web/marketing analysis tools, and they aren’t, for the most part, very flexible or sophisticated.

Now, I wholly subscribe to the notion that you will never get anywhere if you can’t see where you’re going, so I appreciate how Steve and crew articulated that this vision of shared outcomes is more than just a way to report to our funders; it’s also a tool that will help us learn and improve our strategies. Instead of seeing how your organization has done, and striving to improve upon your prior year’s performance, shared metrics will offer a window into other’s tactics, allowing us all to learn from each others’ successes and mistakes.

But I have to admit to being a bit overwhelmed by the obstacles standing between us and these goals. They were touched upon in the talk, but not heavily addressed.

• Outcome management is a nightmare for many nonprofits, particularly those who rely heavily on government and foundation funding. My brief forays into shared outcome reporting were always welcomed at first, then shot down completely, the minute it became clear that joint reporting would require standardization of systems and compromise on the definitions. Our case management software was robust enough to output whatever we needed, but many of our partners were in Excel or worse. Even if they’d had good systems, they didn’t have in-house staff that knew how to program them.


• Outcomes are seen by many nonprofit executives as competitive data. If we place ours in direct comparison with the similar NPO down the street, mightn’t we just be telling our funders that they’re backing the wrong horse?


• The technical challenges are huge—of the NPOs that actually have systems that tally this stuff, the data standards are all over the map, and the in-house skill, as well as time and availability to produce them, is generally thin. You can’t share metrics if you don’t have the means to produce them.

A particular concern is that all metrics are fairly subjective, as can happen when the metrics produced are determined more by the funding requirements than the NPO’s own standards. When I was at SF Goodwill, our funders were primarily concerned with job placements and wages as proof of our effectiveness. But our mission wasn’t one of getting people jobs; it was one of changing lives, so the metrics that we spent the most work on gathering were only partially reflective of our success – more outputs than outcomes. Putting those up against the metrics of an org with different funding, different objectives and different reporting tools and resources isn’t exactly apples to apples.

The benefits of shared metrics that Steve and crew held up is a worthwhile dream, but, to get there, we’re going to have to do more than hold up a beacon saying “This is the way”. We’re going to have to build and pave the road, working through all of the territorial disputes and diverse data standards in our path. Funders and CEOs are going to have to get together and agree that, in order to benefit from shared reporting, we’ll have to overcome the fact that these metrics are used as fodder in the battles for limited funding. Nonprofits and the ecosystem around them are going to have to build tools and support the art of data management required. These aren’t trivial challenges.

I walked into the session thinking that we’d be talking about cloud computing; the migration of our internal servers to the internet. Instead, I enjoyed an inspiring conversation that took place, as far as I’m concerned, in the clouds. We have a lot of work to do on the ground before we can get there.Similar Posts:

• Paving the Road – a Shared Outcomes Success Story
• Get Ready For A Sea Change In Nonprofit Assessment Metrics
• Why Geeks (like Me) Promote Transparency
• Buying Software is like Buying a House (Part 1)
• Won’t You Let me Take You On A Sea Change?

Photo: Gabriel White

There are two types of silos that I want to discuss: organizational silos, and siloed organizations.

An organizational silo, to be clear, is a group within an organization that acts independently of the rest of the organization, making their own decisions with little or no input from those outside of the group. This is not necessarily a bad thing; there are (although I can’t think of any) cases where giving a group that level of autonomy might serve a useful purpose. But, when the silo acts in an environment where their decisions impact others, they can create long-lived problems and rifts in critical relationships.

We all know that external decisions can disrupt our planning, be it a funders decision to revoke a grant that we anticipated or a legislature dropping funding for a critical program. So it’s all the more frustrating to have the rug pulled out from under us by people who are supposed to be on the same team. If you have an initiative underway to deploy a new email system, and HR lays off the organizational trainer, you’ve been victimized by a silo-ed decision. On the flip side, a fundraiser might undertake a big campaign, unaware that it will collide with a web site redesign that disables the functionality that they need to broadcast their appeal.

Silos thrive in organizations where the leadership is not good at management. Without a strong CEO and leadership team, departmental managers don’t naturally concern themselves with the needs of their peers. The expediency and simplicity of just calling the shots themselves is too appealing, particularly in environments where resources are thin and making overtures to others can result in those resources being gladly taken and never returned. In nonprofits, leaders are often more valued for their relationships and fundraising skills than their business management skills, making our sector more susceptible to this type of problem.

The most damaging result of operating in this environment is that, if you can’t successfully manage the silos in your organization, then you won’t be anything but a silo in the world at large.

We’ve witnessed a number of industries, from entertainment and newspapers to telephones and automobiles, as they allowed their culture to dictate their obsolescence. Instead of adapting their models to the changing needs of their constituents, they’ve clung to older models that aren’t relevant in the digital age, or appropriate for a global economy on a planet threatened by climate change. Since my focus is technology, I pay particular attention to the impacts that technological advancement, and the accompanying change in extra-organizational culture (e.g., the country, our constituents, the world) have on the work my organization does. Just in the past few years, we’ve seen some significant cultural changes that should be impacting nonprofit assumptions about how we use technology:

• Increased regulation on the handling of data. We’re wrestling with the HIPAA laws governing handling of medical data and PCI standards for financial data. If we have not prioritized firewalls, encryption, and the proper data handling procedures, we’re more and more likely to be out of step with new laws. Even the 990 form we fill out now asks if we have a document retention plan.


• Our donors are now quite used to telephone auto attendants, email, and the web. How many are now questioning why we use the dollars they donate to us to staff reception, hand write thank you notes, and send out paper newsletters and annual reports?


• Our funders are seeing more available data on the things that interest them everywhere, so they expect more data from us. The days of putting out the success stories without any numbers to quantify them are over.

Are we making changes in response to these continually evolving expectations? Or are we still struggling with our internal expectations, while the world keeps on turning outside of our walls? We, as a sector, need to learn what these industrial giants refused to, before we, too, are having massive layoffs and closing our doors due to an inability to adapt our strategies to a rapidly evolving cultural climate. And getting there means paying more attention to how we manage our people and operations; showing the leadership to head into this millennia by mastering our internal culture and rolling with the external changes. Look inward, look outward, lead and adapt.Similar Posts:

• Distributive Leadership
• NTEN Connected
• Free as in "Hurricanes"
• Why SharePoint Scares Me
• Are there barriers to effective non-profit management?

So, what does NASA know that we don’t about the benefits of taking risks?

In my world of technology management, it seems to be primarily about minimizing risk. We do multiple backups of critical data to different media; we lock down the internet traffic that can go in and out of our network; we build redundancy into all of our servers and systems, and we treat technology as something that will surely fail if we aren’t vigilant in our efforts to secure it. Most of our favorite adages are about avoiding risk: “It it ain’t broke, don’t fix it!” and “Nobody was ever fired for buying IB.. er, MicroSoft.”

On Monday, I’ll be presenting on my chapter of NTEN’s Book “Managing Technology to Meet Your Mission” at the Nonprofit Technology Conference in San Francisco. My session, and chapter, is about mission-focused technology planning and the art of providing business-class systems on a nonprofit budget. That’s certainly about finding sustainable and dependable options, but my case is that nonprofits, in particular, need to identify the areas where they can send out those probes and gamble a bit. For many nonprofits, technology planning is a matter of figuring out which systems desperately need upgrading and living with a lot of systems and applications that are old and semi-functional. My case is that there’s a different approach: we should spend like a regular business on the critical systems, but be creative and take risks where we can afford to fail a bit, on the chance that we’ll get far more for less money than we would playing it “safe” with inadequate technology. It’s a tough sell, yes, but I frame it in my belief that, when your business is changing the world, your business plan has to be bold and creative. As I mention often, the web is, right now, a platform rife with opportunity. We will miss out on great chances to significantly advance our missions if we just treat it like another threat to our stability.

We need stable systems, and we often struggle with inadequate funding and the technical resources simply to maintain our computer systems. I say that, as hard as that is, we need to invest in exploration. It’s about maximizing potential at the same time as you minimize risk. And its all about the type of dust that you want to gather.Similar Posts:

• Should Non-profits Seed Software Development?
• Regime Change
• Putting The Tech Back In Nonprofit Technology
• Are there barriers to effective non-profit management?
• SaaS and Security

The most important skill for any IT staff person to have is the ability to communicate.  All of the technical expertise in the world has little value without it, because, if you can’t tell people what you’re doing, what you’re doing won’t be well-received.  And there is an art, particularly with tech, to telling people what you’re doing, whether it’s taking the system down for maintenance of upgrading staff from Notepad to Office 2007.

Here are my five rules for crafting an technical email that even my most computer-phobic constituents will read:

1. Let no acronym go unexplained.

   The simplest, worst mistake that techies regularly make is to tell people that

   “The internet will be down while we reconfigure the DHCP server” or

   “The database will be unavailable while we replace the SCSI backplane”.

   Best practice is to avoid the technical details in the announcement, if possible.  But if it’s relevant, speak english: “In order to accommodate the growth of our staff, we need to reconfigure the server that assigns network resources to each system to allow for more connections.”

2. Be clear, concise and consistent in your subjects

   Technical messages should have easily recognizable subjects, so that staff can quickly determine relevance.  If your message is titled “Technical Information”, it might as well be titled “You are getting sleepy…”  But, if it’s titled “Network Availability” or “Database Maintenance Scheduled”, your staff will quickly figure out that these are warnings that are relevant to them. Don’t worry about the Orwellian aspect of announcing system downtime with a message about availability.  The point here is that using the consistent phrasing will grab staff’s attention far more effectively than bolding, underlining and adding red exclamation points to the email (see rule 4).

3. Keep it short and simple

   It’s about what the staff needs to know, not what you’d like to tell them.  So, the network maintenance email should not read:

   “The systems will be down from 4:30 to 9:00 tonight while we replace drives in the domain controllers and run a full defrag on the main document server”

   It should read:

   “The network will be unavailable from 4:30 pm until 9:00 pm while we perform critical maintenance”.

   If it’s only a portion of the network, but something useful will be up – as when the file servers are being repaired, but email is still available, make a note of that: “While the main servers will not be available, you will still be able to send and receive email”.

4. No ALL CAPS, no exclamation points and go sparingly on the bold

   System downtime might be urgent to you, but it’s never urgent to the staff.  It’s a fact of life.  A reply from the Director of Online Giving that the downtime will jettison a planned online campaign is urgent; not your routine announcement.

5. Tell the whole story

   ...even if this sounds like it conflicts with rule 3.  Because there are two types of people on your staff:

   • The majority, who want simple, non-techie messages as described above
   • The rest, who want the gory details, either so they can rest easy that you aren’t making anything up, or because they’re actually interested in what you’re up to.
   
   

   My approach is to do the simple message and, below it type, “Technical Details (optional reading)”.  In this section I might explain that we’re replacing the server that processes their network logins (I won’t use “DHCP” or “Domain Controller” if I can help it) or that we’re upgrading to the new version of Outlook.

The key concepts here are consistency, simplicity, and a focus on what impacts them regarding what you’re doing.  Stick to it and, miraculously, people might start reading your all staff emails.Similar Posts:

• Keys to the Kingdom
• The Sky is Calling
• Smartphone Follies
• Colossus vs. Cloud – an Email System Showdown
• NTC Wrap-up

The typical corporate desktop computer is restricted by group policies and filtering software. Management, along with the techs, justify these restrictions in all sorts of ways:

• Standardized systems are easier, more cost-effective to manage.


• Restricted systems are more secure.


• Web filtering maximizes available bandwidth.

This is all correct. In fact, without standardization, automation, group policies that control what can and can’t be done on a PC, and some protection from malicious web sites, any company with 15 to 20 desktops or more is really unmanageable. The question is, why do so many companies take this ability to manage by controlling functionality to extremes?

Because, in many/most cases, the restrictions put in place are far broader than is necessary to keep things manageable. Web filtering not only blocks pornography and spyware, but continues on to sports, entertainment, politics, and social networking. Group policies restrict users from changing their desktop colors or setting the system time. And the end result of using the standardization tools to intensively control computer usage results, most often, in IT working just as hard or harder to manage the exceptions to the rules (like Beth’s 72, above) than they would dealing with the tasks that the automation simplifies in the first place.

Restricting computer/internet use is driven by a management and/or IT assumption that the diverse, dynamic nature of computing is either a distraction or a problem. The opportunity to try something new is an opportunity to waste time or resources. By locking down the web; eliminating a user’s ability to install applications or even access settings, PC’s can be engineered back down to the limited functionality of the office equipment that they replaced, such as typewriters, calculators and mimeograph machines.

In this environment, technology is much more of a controlled, predictable tool. But what’s the cost of this predictability?

• Technology is not fully appreciated, and computer literacy is limited in an environment where users can’t experiment.


• Strategic opportunities that arise on the web are not noticed and factored into planning.


• IT is placed in the role of organizational nanny, responsible for curtailing computer use, as opposed to enabling it./

Cash and resource-strapped, mission-focused organizations only need look around to see the strategic opportunities inherent in the web. There are an astounding number of free, innovative tools for activism and research. Opportunities to monitor discussion of your organization and issues, and meaningfully engage your constituents are huge. And all of this is fairly useless if your staff are locked out of the web and discouraged from exploring it. Pioneers like Beth Kanter understand this. They seek out the new things and ask, how can this tool, this web site, this online community serve our sector’s goals to ease suffering and promote justice? More specifically, can you end hunger in a community with a widget? Or bring water to a parched village via Twitter? If our computing environment is geared to stifle innovation at the cost of security, are we truly supporting technology?

As the lead technologist at my organization, I want to be an enabler. I want to see our attorneys use the power of the web to balance the scales when we go to court against far better resourced corporate and government counsel. In this era of internet Davids taking down Goliaths from the RIAA the the mainstream media, I don’t want my co-workers to miss out on any opportunities to be effective. So I need the flexibility and perspective to understand that security is not something that you maintain with a really big mallet, lest you stamp out innovation and strategy along with the latest malware. And, frankly, cleaning a case of the conflickr worm off of the desktop of an attorney that just took down a set of high-paid corporate attorneys with data grabbed from some innovative mapping application that our web-filtering software would have mistakenly identified as a gaming site is well worth the effort.

Flexibility has it’s own Return on Investment (ROI), particularly at nonprofits, where we generally have a lot more innovative thinking and opportunistic attitude than available budget. IT has to be an enabler, and every nonprofit CIO or IT Director has to understand that security comes at a cost, and that cost could be the mission-effectiveness of our organizations.Similar Posts:

• My Full NPTech Dance Card
• Google Reader Reaches Out
• More RSS Tools: Sharing Feeds
• Get Ready For A Sea Change In Nonprofit Assessment Metrics
• Succession Planning

Well, consider this. Say you start up a Web 2.0 business that allows people to bookmark, share, categorize and annotate links on your site. And, over the years, you amass thousands of users, some solid funding, advertising revenue—things are great. Then, one day, the server crashes. You’re a talented programmer and designer, but system administration just wasn’t your strong suit. So you write a painful blog entry, letting your users know the extent of the disaster, and that the lesson you’ve learned is that you should have put your servers in the cloud.

My recent posts have advocated cloud computing, be it using web-based services like Gmail, or looking for infrastructure outsourcers who will provide you with virtualized desktops. And I’ve gotten some healthily skeptical comments, as cloud computing is new, and not without it’s risks, as made plain by the true story of the Magnolia bookmarking application, which recently went down in the flames as described above. The lessons that I walk away with from Magnolia’s experience are:

• You can run your own servers or outsource them, but you need assurances that they are properly maintained, backed up and supported. Cloud computing can be far more secure and affordable than local servers. But “the cloud”, in this case, should be a company with established technical resources, not some three person operation in a small office. Don’t be shy about requesting staffing information, resumes, and details about any potential off-site vendor’s infrastructure.
• You need local backups, no matter where your actual infrastructure lives. If you use Salesforce or Google, export your data nightly to a local data store in a usable format. Salesforce lets you export to Excel; Google supports numerous formats. Gmail now supports an Offline mode that stores your mail on the computer you access it from. If you go with a vendor who provides virtual desktop access (as I recommend here), get regular snapshots of the virtual machines. If this isn’t an over the air transfer, make sure that your vendors will provide DVDs of your data or other suitable medium.
• Don’t sign any contract that doesn’t give you full control over how you can access and manipulate your data, again, regardless of where that data resides. A lot of vendors try and protect themselves by adding contract language prohibiting mass updates and user access, even on locally-installed applications. But their need to simplify support should not be at the expense of you not having complete control over how you use your information.
• Focus on the data. Don’t bend on these requirements: Your data is fully accessible; It’s robustly backed up; and, in the case of any disaster, it’s recoverable.

Technology is a set of tools used to manage your critical information. Where that technology is housed is more of a feature set and financial choice than anything else. The most convenient and affordable place for your data to reside might well be in the cloud, but make sure that it’s the type of cloud that your data won’t fall through.Similar Posts:

• Administrivia
• The Sky is Calling
• SaaS and Security
• Putting The Tech Back In Nonprofit Technology
• Why I Don’t “Like” Facebook

Of course, the healthy disclaimer is that I never worked for a nonprofit, or knew all that much about the culture, before I took a job at Goodwill in late 2000. But I did have enough sense to pick an NPO that ran more like a traditional business than most, at least in some ways, and I took some time to adjust to the culture before I tried to push through any changes. Which isn’t to say that I blend all that well – I’m one of the people complaining that we move to slowly and that consensus is not a value, it’s a tool that, like most tools, is better suited for some tasks than others.

Any business (and nonprofits are businesses) benefits from diversity, just as any business benefits by retaining internal expertise. Businesses suffer when they lean too far in one direction or the other. If your hiring policy is to only hire people who are lifetime nonprofit workers, you run the risk of stifling innovation and you court stagnation. The world doesn’t sit still around us, so we have to dynamically adapt to it. A key tool for managing that adaption is to maintain a diversity of experience and skills in your organization.

Think about it: ten or fifteen years ago, non-profits were largely unregulated. There was no HIPAA. There was no Sarbanes-Oxley, which, while not designed for NPOs, is generally agreed to impose guidelines on us. There was no PCI compliance, the next wave of external oversight that will demand that we modify our processes and investments. Beyond the 990 and what we chose to disclose about our outcomes, there was little demand for detailed metrics. These are all circumstances that the for-profit world, with traditional government oversight and accountability to shareholders has dealt with for decades. We need some of that expertise.

Of course, it’s a scale, and just as we can suffer from cultural insulation, we can suffer by turning over too dramatically. While I would steadfastly debate that we need some of that for-profit perspective on board, I’ve seen a few examples of for-profit executives that take over as CEOs and—because the nonprofit style is so antithetical to the big business style—quickly replace everyone that, to them, looked like they weren’t up to the task of running “a business”. This type of culture change, in a nonprofit, is deadly, because it is a misconception to think that we can run like normal businesses. When that happens, the nonprofit runs the risk of losing all of the internal historical expertise, as the people who aren’t squeezed out don’t stick around for the cultural change, and the new execs face the budgeting challenges with no perspective to draw on.

So, a businessman like me – and I absolutely consider myself a businessman—gets frustrated with the slow pace at the nonprofits that I work for. And I beg, moan and try and shame my boss into adopting more business-like practices. But I don’t sweat it too much, because, at the end of the day, even if we don’t do things in the efficient and productive ways that I’m so stuck on adopting, we still do an amazing job of defending the planet, or, you can fill your mission in here. I’d hate to see it fall apart because we didn’t properly comply with regulations or we simply didn’t manage our resources well, and we have to staff to address that. So my shoutback to Jay Love is that the bunker mentality is a bit much. Let a few for-profit types in the door. But, until they understand and value our culture, don’t let them drive.Similar Posts:

• Fair Pay
• Are there barriers to effective non-profit management?
• Technology and Risk: Are you Gathering Dust?
• What happened?
• The Silo Situation

What I assume Npower knows, though, and hope that other nonprofit technical support providers are aware of, is that this is the outdated approach. Nonprofits should be looking to simplify technology maintenance and reduce cost, and the cloud is a more effective platform for that. As ReadWriteWeb points out, most small businesses—and this can safely be assumed to include nonprofits—are completely unaware of the benefits of cloud computing and virtualization. If your support arrangement is for dedicated, outsourced management of technology that is housed at your offices, then you still have to purchase that hardware and pay someone to set it up. The benefits of virtualization and fast, ubiquitous Internet access offer a new model that is far more flexible and affordable.

One example of a company that gets this is MyGenii. They offer virtualized desktops to nonprofits and other small businesses. As I came close to explaining in my Lean, Green, Virtualized Machine post, virtualization is technology that allows you to, basically, run many computers on one computer. The environmental and financial benefits of doing what you used to do on multiple systems all on one system are obvious, but there are also huge gains in manageability. When a PC is a file that can be copied and modified, building new and customized PCs becomes a trivial function. Take that one step further – that this virtual PC is stored on someone else’s property, and you, as a user, can load it up and run it from your home PC, laptop, or (possibly) your smartphone, and you now have flexible, accessible computing without the servers to support.

For the tech support service, they either run large servers with virtualization software (there are many powerful commercial and open source systems available), or they use an outsourced storage platform like Amazon’s EC2 service. In addition to your servers, they also house your desktop operating systems. Running multiple servers and desktops on single servers is far more economical; it better utilizes the available server power, reducing electricity costs and helping the environment; and backups and maintenance are simplified. The cost savings of this approach should benefit both the provider and the client.

In your office, you still need networked PCs with internet access. But all you need on those computers is a basic operating system that can boot up and connect to the hosted, virtualized desktop. Once connected, that desktop will recognize your printers and USB devices. If you make changes, such as changing your desktop wallpaper or adding an Outlook plugin, those changes will be retained. The user experience is pretty standard. But here’s a key benefit—if you want to work from home, or a hotel, or a cafe, then you connect to the exact same desktop as the one at work. It’s like carrying your computer everywhere you go, only without the carrying part required.

So, it’s great that there are mission focused providers out there who will affordably support our servers. But they could be even more affordable, and more effective, as cloud providers, freeing us from having to own and manage any servers in the first place.Similar Posts:

• The Lean, Green, Virtualized Machine
• Talking NPTech in Marin
• Current Projects
• Both Sides Now
• Putting The Tech Back In Nonprofit Technology