techcafeteria

Last week, I reported that Nonprofit assessors like Charity Navigator and Guidestar will be moving to a model of judging effectiveness (as opposed to thriftiness). The title of my post drew some criticism. People far more knowledgeable than I am on these topics questioned my description of this as a “sea change”, and I certainly get their point.  Sure, the intention to do a fair job of judging Nonprofits is sincere; but the task is daunting.  As with many such efforts, we might well wind up with something that isn’t a sea change at all, but, rather, a modified version of what we have today that includes some info about mission effectiveness, but still boils down to a financial assessment.

Why would this happen? Simple. Because metrics are numbers: ratios, averages, totals. It’s easy to make metrics from financial data.  It’s very difficult to make them out of less quantifiable things, such as measuring how successfully one organization changed the world; protected the planet; or stopped the spread of a deadly disease.

I used to work for an org whose mission was to end poverty in the San Francisco Bay Area. And, sure enough, at the time, poverty was becoming far less prevalent in San Francisco. So could we be judged as successful?  Could we grab the 2005 versus 2000 poverty statistics and claim the advances as our outcomes? Of course not. The reduction in poverty had far more to do with gentrification during the dotcom and real estate booms than our efforts.  Poverty wasn’t reduced at all; it was just displaced. And our mission wasn’t to move all of the urban poor to the suburbs; it was to bring them out of poverty.

So the announcement that our ratings will now factor in mission effectiveness and outcomes could herald something worse than we have today. The dangerous scenario goes like this:

• Charity Navigator, Guidestar, et al, determine what additional info they need to request from nonprofits in order to measure outcomes.


• They make that a requirement; nonprofits now have to jump through those hoops.


• The data they collect is far too generalized and subjective to mean much; they draw conclusions anyway, based more on how easy it is to call something a metric than how accurate or valuable that metric is.


• NPOs now have more reporting requirements and no better representation.

So, my amended title: “We Need A Sea Change In The Way That Our Organizations Are Assessed”.

I’m harping on this topic because I consider it a call to action; a chance to make sure that this self-assessment by the assessors is an opportunity for us, not a threat. We have to get the right people at the table to develop standardized outcome measurements that the assessing organizations can use.  They can’t develop these by themselves. And we need to use our influence in the nonprofit software development community to make sure that NPOs have software that can generate these reports.

The good news? Holly Ross of NTEN got right back to me with some ideas on how to get both of these actions going.  That’s a powerful start. We’ll need the whole community in on this.

Last week, GuideStar, Charity Navigator, and three other nonprofit assessment and reporting organizations made a huge announcement: the metrics that they track are about to change.  Instead of scoring organizations on an “overhead bad!” scale, they will scrap the traditional metrics and replace them with ones that measure an organization’s effectiveness.

The new metrics will assess:

• Financial health and sustainability;
• Accountability, governance and transparency; and
• Outcomes.

This is very good news. That overhead metric has hamstrung serious efforts to do bold things and have higher impact. An assessment that is based solely on annualized budgetary efficiency precludes many options to make long-term investments in major strategies.  For most nonprofits, taking a year to staff up and prepare for a major initiative would generate a poor Charity Navigator score. A poor score that is prominently displayed to potential donors.

Assuming that these new metrics will be more tolerant of varying operational approaches and philosophies, justified by the outcomes, this will give organizations a chance to be recognized for their work, as opposed to their cost-cutting talents.  But it puts a burden on those same organizations to effectively represent that work.  I’ve blogged before (and will blog again) on our need to improve our outcome reporting and benchmark with our peers.  Now, there’s a very real danger that neglecting to represent your success stories with proper data will threaten your ability to muster financial support.  You don’t want to be great at what you do, but have no way to show it.

More to the point, the metrics that value social organizational effectiveness need to be developed by a broad community, not a small group or segment of that community. The move by Charity Navigator and their peers is bold, but it’s also complicated.  Nonprofit effectiveness is a subjective thing. When I worked for a workforce development agency, we had big questions about whether our mission was served by placing a client in a job, or if that wasn’t an outcome as much as an output, and the real metric was tied to the individual’s long-term sustainability and recovery from the conditions that had put them in poverty.

Certainly, a donor, a watchdog, a funder a, nonprofit executive and a nonprofit client are all going to value the work of a nonprofit differently. Whose interests will be represented in these valuations?

So here’s what’s clear to me:

– Developing standardized metrics, with broad input from the entire community, will benefit everyone. – Determining what those metrics are and should be will require improvements in data management and reporting systems. It’s a bit of a chicken and egg problem, as collecting the data wis a precedent to determining how to assess it, but standardizing the data will assist in developing the data systems. – We have to share our outcomes and compare them in order to develop actual standards.  And there are real opportunities available to us if we do compare our methodologies and results.

This isn’t easy. This will require that NPO’s who have have never had the wherewith-all to invest in technology systems to assess performance do so.  But, I maintain, if the world is going to start rating your effectiveness on more than the 990, that’s a threat that you need to turn into an opportunity.  You can’t afford not to.

And I look to my nptech community, including Idealware, NTEN, Techsoup, Aspiration and many others—the associations, formal, informal, incorporated or not, who advocate for and support technology in the nonprofit sector—to lead this effort.  We have the data systems expertise and the aligned missions to lead the project of defining shared outcome metrics.  We’re looking into having initial sessions on this topic at the 2010 Nonprofit Technology Conference.

As the world starts holding nonprofits up to higher standards, we need a common language that describes those standards.  It hasn’t been written yet.  Without it, we’ll escape the limited, Form 990 assessments to something that might equally fail to reflect our best efforts and outcomes.

The traditional project planning method starts with a Project Manager, who plays a role that fluctuates between implementation guru, data entry clerk and your nagging Mom when you’re late for school.  The PM, as we’ll call her or him, gathers all of the projected dates, people, budget, and materials, then builds the house of cards that we call the plan.  The plan will detail how the HR Director will spend 15% of her time on a series of scheduled tasks that, if they slip, will impact the Marketing Coordinator and the Database Manager’s tasks and timelines.  So the PM has to be able to quickly, intelligently, rewrite the plan when the HR Director is pulled away for a personnel matter, skewering those assumptions.

My take is that this methodology doesn’t work in environments like ours, where reduced overhead, high turnover and unanticipated priorities are the norm.  We need a less granular methodology; one that will bend easily with our flexible work conditions.  Mind you, when you give up the detailed plan, you give up the certainty that every “i” will be dotted, every “t” crossed, and every outcome accomplished on schedule.  But it’s possible to still keep sight of the important things while sacrificing some of the structural integrity.

First, keep what is critical: clear goals, communication, engagement and feedback.  The biggest risk in any project no matter how well planned, is that you’ll end up with something that has little relation to what you were trying to get.  You need clearly understood goals, shared by all internal and external parties. Each step taken must factor in those goals and be made in light of them.  All parties who have a stake in the project should have a role and a voice in the plan, from the CEO to the data entry clerk.  And everyone’s opinion matters.

Read up on agile project management, a collaborative approach that is more focused on the outcomes than  the steps and timeline to get there.  Offload the project management by focusing on expectation management.  The clearer the participants are about their roles and accountability for their contributions, the less they need to be managed.  Take a look at the Cult of Done (their manifesto is at the top of this article).  Sound insane? Maybe.  More insane than spending thousands of dollars and hours on an over-planned project that never yields results? For some perspective, read The Mythical Man Month (or, at least, this Wikipedia article on it), a book that clearly illustrates how the best laid plans can go horribly wrong.

Finally, my advocacy for less stringent forms of project management should not be read as permission to do it haphazardly.  Engagement in and attention to the project can’t be minimized.  I’m suggesting that we can take a more creative, less traditional approach in environments where the traditional approach might be a bad fit, and for projects that don’t require it.  There are a lot of judgment calls involved, and the real challenge, as always, is keeping your eye on the goals and the team accountable for delivering them.

A few months ago, I blogged a bit about Google Wave, and how it might live up to the hype of being the successor to email.  Now that I’ve had a month or so to play with it, I wanted to share my initial reactions.  Short story: Google Wave is an odd duck, that takes getting used to. As it is today, it is not that revolutionary—in fact, it’s kind of redundant. The jury is still out.

Awkwardness

To put Wave in perspective, I clearly remember my first exposure to email.  I bought my first computer in 1987: a Compaq “portable”. The thing weighed about 60 pounds, sported a tiny green on black screen, and had two 5 and 1/4 inch floppy drives for applications and storage).  Along with the PC, I got a 1200 BPS modem, which allowed me o dial up local bulletin boards.  And, as I poked around, I discovered the 1987 version of email: the line editor.

On those early BBSes, emails were sent by typing one line (80 characters, max) of text and hitting “enter”.  Once “enter” was pressed, that line was sent to the BBS.  No correcting typos, no rewriting the sentence.  It was a lot like early typewriters, before they added the ability to strike out previously submitted text.

But, regardless of the primitive editing capabilities, email was a revelation.  It was a new medium; a form of communication that, while far more awkward than telephone communications, was much more immediate than postal mail.  And it wasn’t long before more sophisticated interfaces and editors made their way to the bulletin boards.

Google Wave is also, at this point, awkward. To use it, you have to be somewhat self-confident right from the start, as others are potentially watching every letter that you type.  And while it’s clear that the ability to co-edit and converse about a document in the same place is powerful, it’s messy.  Even if you get over the sprawling nature of the conversations, which are only minimally better than  what you would get with ten to twenty-five people all conversing in one Word document, the lack of navigational tools within each wave is a real weakness.

Redundant?

I’m particularly aware of these faults because I just installed and began using Confluence, a sophisticated, enterprise Wiki (free for nonprofits) at my organization. While we’ve been told that Wave is the successor to email, Google Docs and, possibly, Sharepoint, I have to say that Confluence does pretty much all of those things and is far more capable.  All wikis, at their heart, offer collaborative editing, but the good ones also allow for conversations, plug-ins and automation, just as Google Wave promises.  But with a wiki, the canvas is large enough and the tools are there to organize and manage the work and conversation.  With Wave, it’s awfully cramped, and somewhat primitive in comparison.

Too early to tell?

Of course, we’re looking at a preview.  The two things that possibly differentiate Wave from a solid wiki are the “inbox” metaphor and the automation capabilities. Waves can come to you, like email, and anyone who has tried to move a group from an email list to a web forum knows how powerful that can be. And Wave’s real potential is in how the “bots”, server-side components that can interact with the people communicating and collaborating, will integrate the development and conversation with existing data sources.  It’s still hard to see all of that in this nascent stage.  Until then, it’s a bit chicken and egg.

Wave starting points

There are lots of good Wave resources popping up, but the best, hands down, is Gina Trapini’s Complete Guide, available online for free and in book form soon. Gina’s blog is a must read for people who find the types of things I write about interesting.

Once you’re on wave, you’ll want to find Waves to join, and exactly how you do that is anything but obvious.  the trick is to search for a term “such as “nonprofit” or “fundraising” and add the phrase “with:public”. A good nonprofit wave to start with is titled, appropriately, “The Nonprofit Technology Wave”.

If you haven’t gotten a Wave invite and want to, now is the time to query your Twitter and Facebook friends, because invites are being offered and we’ve passed the initial “gimme” stage.  In fact, I have ten or more to share (I’m peterscampbell on most social networks and at Google’s email service).

Last week, I shared a lengthy piece that could be summed up as:

“in a world where everyone can broadcast anything, there is no privacy, so transparency is your best defense.”

(Mind you, we’d be dropping a number of nuanced points to do that!)

Transparency, it turns out, has been a bit of a meme in nonprofit blogging circles lately. I was particularly excited by this post by Marnie Webb, one of the many CEO’s at the uber-resource provider and support organization Techsoup Global.

Marnie makes a series of points:

I’ve made the case before for shared outcomes reporting, which is a big piece of this. Sharing and transparency aren’t traditional approaches to our work. Historically, we’ve siloed our efforts, even to the point where membership-based organizations are guarded about sharing with other members.

The reason that technologists like Marnie and I end up jumping on this bandwagon is that the tech industry has modeled the disfunction of a siloed approach better than most. early computing was an exercise in cognitive dissonance. If you regularly used Lotus 123, Wordperfect and dBase (three of the most popular business applications circa 1989) on your MS-DOS PC, then hitting “/“, F7 or “.” were the things you needed to know in order to close those applications respectively. For most of my career, I stuck with PCs for home use because I needed compatibility with work, and the Mac operating system, prior to OSX, just couldn’t easily provide that.

The tech industry has slowly and painfully progressed towards a model that competes on the sales and services level, but cooperates on the platform side. Applications, across manufacturers and computing platforms, function with similar menus and command sequences. Data formats are more commonly shared. Options are available for saving in popular, often competitive formats (as in Word’s “Save As” offering Wordperfect and Lotus formats). The underlying protocols that fuel modern operating systems and applications are far more standardized. Windows, Linux and MacOS all use the same technologies to manage users and directories, network systems and communicate with the world. Microsoft, Google, Apple and others in the software world are embracing open standards and interoperability. This makes me, the customer, much less of an innocent bystander who is constantly sniped by their competitive strategies.

So how does this translate to our social service, advocacy and educational organizations? Far too often, we frame cooperation as the antithesis to competition. That’s a common, but crippling mistake. The two can and do coexist in almost every corner of our lives. We need to adopt a “rising tide” philosophy that values the work that we can all do together over the work that we do alone, and have some faith that the sustainable model is an open, collaborative one. Looking at each opportunity to collaborate from the perspective of how it will enhance our ability to accomplish our public-serving goals. And trusting that this won’t result in the similarly-focused NGO down the street siphoning off our grants or constituents.

As Marnie is proposing, we need to start discussing and developing data standards that will enable us to interoperate on the level where we can articulate and quantify the needs that our mission-focused organizations address. By jointly assessing and learning from the wealth of information that we, as a community of practice collect, we can be far more effective. We need to use that data to determine our key strategies and best practices. And we have to understand that, as long as we’re treating information as competitive data; as long as we’re keeping it close to our vests and looking at our peers as strictly competitors, the fallout of this cold war is landing on the people that we’re trying to serve. We owe it to them to be better stewards of the information that lifts them out of their disadvantaged conditions.

Yes, we do Twitter requests!

To break down that tweet a bit, kanter is the well-known Beth Kanter of Beth’s blog. pearlbear is former Idealware blogger and current contributor Michelle Murrain, and Beth asked us, in the referenced blog post, to dive a bit into internet security and how it contrasts with internet privacy concerns. Michelle’s response, offers excellent and concise definitions of security and privacy as they apply to the web, and then sums up with a key distinction: security is a set of tools for protecting systems and information. The sensitivity of that data (and need for privacy) is a matter of policy. So the next question is, once you have your security systems and policies in place, what happens when the the policies are breached?

Craft a Policy that Minimizes Violations

Social media is casual media. The Web 2.0 approach is to present a true face to the world, one that interacts with the public and allows for individuals, with individual tastes and opinions, to share organizational information online. So a strict rule book and mandated wording for your talking points are not going to work.

Your online constituents expect your staff to have a shared understanding of your organization’s mission and objectives. But they also expect the CEO, the Marketing Assistant and the volunteer Receptionists to have real names (and real pictures on their profiles); their own online voices; and interests they share that go beyond the corporate script. It’s not a matter of venturing too far out of the water—in fact, that could be as much of a problem as staying too close to the prepared scripts. But the tone that works is the one of a human being sharing their commitment and excitement about the work that they (and you) do.

Expect that the message will reflect individual interpretations and biases. Manage the messaging to the key points, and make clear the areas that shouldn’t be discussed in public. Monitor the discussion, and proactively mentor (as opposed to chastising) staff who stray in ways that violate the policy, or seem capable of doing so.

The Case for Transparency

Transparency assumes that multiple voices are being heard; that honest opinions are being shared, and that organizations aren’t sweeping the negative issues under the virtual rug. Admittedly, it’s a scary idea that your staff, your constituents, and your clients should all be free to represent you. The best practice of corporate communications, for many years, was to run all messaging through Marketing/Communications experts and tightly control what was said. I see two big reasons for doing otherwise:

We no longer have a controlled media.

Controlled messaging worked when opening your own TV or Radio Station was prohibitively expensive. Today, YouTube, Yelp and Video Blogs are TV Stations. Twitter and Facebook Status are radio stations. The investment cost to speak your mind to a public audience has just about vanished.

We make more mistakes by under-communicating than we do by over-communicating.

Is the importance of hiding something worth the cost of looking like you have something to hide? At the peak of the dot com boom, I hired someone onto my staff at about $10k more (annually) than current staff in similar roles were making. An HR clerk accidentally sent the offer letter to my entire staff. The fallout was that I had meaningful talks about compensation with each of my staff; made them aware that they were getting market (or better) in a rapidly changing market, and that we were keeping pace on anniversary dates. Prior to the breach, a few of my staff had been wrongly convinced that they were underpaid in their positions. The incident only strengthened the trust between us.

The Good, the Bad, and the Messenger

Your blog should allow comments, and—short of spam, personal attacks and incivility—shouldn’t be censored. A few years ago, a former employee of my (former) org managed to register the .com extension of our domain name and put up a web site criticizing us. While the site didn’t get a lot of hits, he did manage to find other departed staff with axes to grind, and his online forum was about a 50-50 mix of people trashing us and others defending. After about a month, he went in and deleted the 50% of forum messages that spoke up for our organization, leaving the now one-sided, negative conversation intact. And that was the end of his forum; nobody ever posted there again.

There were some interesting lessons here for us. He had a lot of inside knowledge that he shared, with no concern or allegiance to our policy. And he was motivated and well-resourced to use the web to attack us, But, in the end, we didn’t see any negative impact on our organization. The truth was, it was easy to separate his bias from his “inside scoops”, and hard to paint us in a very negative light, because the skeletons that he let out of our closet were a lot like anybody else’s.

What this proves is that message delivery accounts for the messenger. Good and bad tweets and blog posts about your organization will be weighed by the position and credibility of the tweeter or blogger.

Transparency and Constituent Data Breaches

Two years ago, a number of nonprofits were faced with a difficult decision when a popular hosted eCRM service was compromised, and account information for donors was stolen by one or more hackers. Thankfully, this wasn’t credit card information, but it included login details, and I’m sure that we all know people who use the same password for their online giving as they do for other web sites, such as, perhaps, their online banking. This was a serious breach, and there was a certain amount of disclosure from the nonprofits to their constituents that was mandated.

Strident voices in the community called for full disclosure, urging affected nonprofits to put a warning on the home page of their web sites. Many of the organizations settled for alerting every donor that was potentially compromised via phone and/or email, determining that their unaffected constituents might not be clear on how the breach happened or what the risks were, and would simply take the home page warning as a suggestion to not donate online.

To frame this as a black and white issue, demanding that it be treated with no discretion, is extreme. The seriousness and threat that resulted from this particular breach was not a simple thing to quantify or explain. So it boils down to a number of factors:

• Scope: If all or most of your supporters are at risk, or the number at risk is in the six figure range, it’s probably more responsible, in the name of protecting them, to broadcast the alert widely. If, as in the case above, those impacted are the ones donate online, then that’s probably not close to the amount that would fully warrant broad disclosure, as even the strident voice pointed out.

• Risk: Will your constituents understand that the notice is informational, and not an admission of guilt or irresponsibility in handling their sensitive data? Alternatively, if this becomes public knowledge, would your lack of transparency look like an admission of guilt? You should be comfortable with your decision, and able to explain it.
• Consistency: Some nonprofits have more responsibility to model transparency than others. If the Sunlight Foundation was one of the organizations impacted, it’s a no-brainer. Salvation Army? Transparency isn’t referenced on their “Positions” page.
• Courtesy: Some constituencies are more savvy about this type of thing than others. If the affected constituents have all been notified, and they represent a small portion of the donor base, it’s questionable whether scaring your supporters in the name of openness is really warranted.

Since alternate exposure, in the press or community, is likely to occur, the priority is to have a consistent policy about how and when you broadcast information about security breaches. Denying that something has had happened in any public forum would be irresponsible and unethical, and most likely come right back at you. Not being able to explain why you chose not to publicize it on your website could also have damaging consequences. Erring on the side of alerting and protecting those impacted by security breaches is the better way to go, but the final choice has to weigh in all of the risks and factors.

Conclusion

All of my examples assume you’re doing the right things. You have justifiable reasons for doing things that might be considered provocative. Your overall efforts are mission-focused. And the reasons for privacy regarding certain information are that it needs to be private (client medical records, for example); it supports your mission-based objectives by being private, and/or it respects the privacy of people close to the information.

No matter how well we protect our data, the walls are much thinner than they used to be. Any unfortunate tweet can “go viral”. We can’t put a lock on our information that will truly secure it. So it’s important to manage communications with an understanding that information will be shared. Protect your overall reputation, and don’t sweat the minor slips that reveal, mostly, that you’re not a paragon of perfection, maybe, but a group of human beings, struggling to make a difference under the usual conditions.

I’m wrapping up the Drupal 101 series with some talk about Drupal themes, and some additional info on topics that we’ve already covered. The goal of these posts is to give new Drupal administrators an idea about how Drupal works, and some pointers to the key add-ons and resources in the broad Drupal ecosystem. For reference’ sake, we started with an intro, moved on to Modules, and then covered navigation. So, now that we have a functional web site, what does it look like?

Getting Themes

Drupal comes with five or six themes to choose from, and, if you use them, then your site will look very, um, uninspired. This might not be a problem if your goal is not to impress your visitors, but simply provide information or functionality, but, if you’re putting up a website for your organization, you want one that stands out from the crowd. So you have two choices: you can find a better, less common theme, or you can customize one of the default themes.

The first place to go is to Drupal Theme Garden. This is where many Drupal theme designers share their work. Here, you can either find a theme to use (or customize for your use), or get a good idea about the types of things you can do with your theme.

Customizing Themes

From the Administration menu, you can modify any theme’s main text elements, deciding whether or not to display your site’s mission or slogan, name or logo. And you can replace the default “droplet” logo with your own logo (a no-brainer!). Assuming that you’ve started with a theme that you really like, this might be enough. But, if you want to do more serious customizations, such as moving the logo to the center of your header or changing the site colors, you’re going to need basic web 4.0 programming skills and, most likely, some level of comfort with the PHP scripting language.

Most themes consist of one or more style sheets, a number of “tpl” files with PHP/HTML code laying out various page elements, such as blocks, footers and sidebars, and one called page.tpl.php that establishes the overall page layout. The main styles are usually stored in styles.css, and you can make a lot of changes to your site’s appearance here, modifying default background colors and images, placing and resizing content.

If that’s not enough, most customizations can be done using WordPress’s internal macros and functions, meaning that you won’t have to worry about assigning variables or what goes into the foreach loops. WordPress has simple commands that you can insert into a page to loop through your posts and display them or list your categories in the sidebar. A nice breakdown of the WordPress functions can be found at WpExplorer.com.

If you do modify the stylesheets and templates, make sure that you are storing your themes in sites/default folder and that you’re properly backing up whenever you do an upgrade. If you modify theme files in the main themes folder, and then upgrade to, say, a Drupal security fix, your modifications will be overwritten. In general, themes remain functional from dot release to dot release (e.g., what worked for Drupal 6.1 still works in 6.9), but the Drupal maintainers often make dramatic changes in number versions, so don’t assume that your theme in Drupal 6.9 will not be messed up if you upgrade to Drupal 7 (coming soon).

More Installation Options

In the first Drupal 101 post, I mentioned Fantastico, a two-click installer for Drupal available on most hosting services that use the cPanel site management interface. I subsequently ran into this useful article about Elefante and Simplescripts. These are packages that you can use to install a variety of popular open source applications, including Drupal.

In addition to application installers, there are other options for installing Drupal:

Conclusion

What I hope this Drupal 101 series has done is to offer some context and guidance for people new to Drupal who are about to give it a try, and some backing to my initial proposition that Drupal’s strength is it’s flexibility. Along the way, I’ve received tweets asking “Why Drupal?” and my answer is that Drupal isn’t the only CMS out there, or necessarily the best one for your web site. There are a huge variety of commercial and open source options. In fact, my personal website runs on a combination of Frog CMS and WordPress, because I wanted a simple tool for integrating RSS feeds, which Frog provides, and a powerful blogging platform. On the other hand, last week the White House ditched their commercial CMS for Drupal. So this series might also inspire you to look elsewhere, particularly if a more traditional, tree-structured content management interface will work better for you than Drupal’s layout by association model. Whichever way you go, we suffer more from a surfeit of good options than a lack of same.

Here’s the third in a series of posts on getting started with Drupal, the popular open source content management system. The short intro and discussion on modules are best read first. Today we’ll look at site structure, and how menus, blocks and taxonomies can make your site navigable for your visitors.

Menus

Drupal has a simple and flexible tool for creating and managing menus. You can check/uncheck standard functions; assign them to regions (left sidebar, right sidebar, header, footer, etc.); and easily create new items.

By default, Drupal offers three menus that you can add to your site:

	Navigation – The main menu is dynamic. It displays items based on the visitor’s role and state of authentication. For example, an unauthenticated user might see a “Login” menu item, while an authenticated user would see “logout”. An authenticated user who is also a site manager would see the Administer menu. This menu is usually placed in a sidebar, next to the main content
	Primary Links – This is often the menu for the main content areas, e.g. Home, Blog, Calendar, About. Primarily links are usually placed in a site’s header.
	Secondary Links can be used for less popular pages, but ones that you want to have available, such as site maps, privacy notices, and contact links.

You can assign a menu item to any particular piece of content, or to a collection of items by content type. Drupal assigns numbers to individual items. The basic content type is called a node, so the default first page of a web site would be at http://your-site.org/node/1. If you create a blog, the first post would be at http://your-site.org/blog/1.

Say you wanted blog/1 to be your front page, but you also wanted something easier to remember to appear in the address bar, you could rename it “home”, so that people could browse directly to the site at http://your-site.org/home. They would see, in the center of the home page, that first blog entry. Drupal’s general settings allow you to identify your home page; renaming a numeric page simply makes it friendlier for your users.

If, instead, you simply wanted the whole blog to be the home page, then you would skip the numbers, and not bother with a rename, as linking the front page to http://your-site.org/blog would accomplish that.

Drupal’s real power comes in when you realize that, with the CCK module, you can make your own content types, and that can be very easy. A press release will have a similar format to a blog item (title, content). So you can create a type called press_release and link a page to it: http://your-site.org/press_release. All new press releases that you post to the site from Create Content/Press Release will appear there.

Blocks

Blocks are boxes that can be placed on one or more pages or associated with one or more content types. They usually appear in the left or right sidebars. Strategically associating blocks with particular content can be a subtler way o offer navigational aids. For example, you might want to have a block with current open positions appear on your “About” page, but not necessarily with your blog. Or you might not want the job listings to appear on pages describing your services, instead featuring a “Donate Now” box. This flexibility allows you to align content in ways that make sense for the different audiences with varying interests that your site will attract.

Taxonomies

All of the above is fine for sites without a lot of content. But, once you have a library of blog entries, press releases and documents to share, you’ll want to give your visitors a way to find what they’re looking for that doesn’t involve inordinate amounts of scrolling. Search is a no-brainer, but even more important is to organize your content with meaningful labels. For this, use the Taxonomy module.

Taxonomies allow you to tag or classify your content using hierarchal terminology. For example, if your NPO serves the homeless, you might have papers on poverty and employment, descriptions of available shelters and programs, job opportunities, and much more. You can break this content down into meaningful categories, then assign sub-terms in each category. Once the taxonomy is in place, you can assign menu items to terms in your taxonomy, thus aggregating all of the relevant content on a single page. You can set up menu blocks for the sub-terms and assign each block to it’s category page. The result is a content rich, drill down web site.

That’s it for navigation. Next week, we’ll talk about Themes and ways you can make your Drupal site distinctive.

Last week, I kicked off this series on setting up a basic web site with Drupal, the popular open source Content Management System. This week we’re going to take a closer look at Modules, the Drupal add-ons that can extend your web site’s functionality. One of the great things about Drupal is that it is a popular application with a large developer community working with and around it. So there are about a thousand modules that you can use to extend Drupal, covering everything from document management to payment processing. The good news: there’s probably one that supports the functionality that you want to add to your web site. Bad news: needle in a haystack?

A potentially easier way to add extra functionality to Drupal is to download a customized version, such as CiviCRM or Open Atrium. We’ll discuss those options later in the Drupal 101 series.

Core Modules

Drupal comes with a number of built-in modules that you can optionally enable. Some are obviously useful, others not so much. Here are some notes on the ones that you might not initially know that you need:

Add-on modules, must haves:

I’ve been doing a lot of work with the open source content management system Drupal lately, and thought I’d share some thoughts on how to get a new site up and running. Drupal, you might recall, got high ratings in Idealware’s March ‘09 report comparing open source content management systems. Despite it’s popularity, there are some detractors who make good points, but I find Drupal to be flexible, powerful and customizable enough to meet a lot of my web development needs.

While you can put together a very sophisticated online community and/or website with it, you can also use it for pretty simple things. For example, the nptech aggregator at nptech,info uses Drupal’s excellent RSS aggregation functions extensively, and not much else. No blog, no forums. But, having installed and tried standalone RSS aggregators like Gregarius, it became clear that Drupal was just as good an aggregator and, if desired, much, much more. Similarly, when co-workers were looking for a site to share documents with optional commenting (to replace an FTP repository), Drupal was a good choice to support a simple task without locking out growth possibilities.

Installation

Installing Drupal can be a three click process or a unix command line nightmare, depending on your circumstances. These days, there are simple options. If you are using a web host, check to see if your site management console is the popular CPanel, and, if so, if it includes the Fantastico utility. Fantastico offers automated installs for many popular open source CMSes, blogs and utilities.

Absent Fantastico, your host might have something similar, or you can download the Drupal source and follow the instructions. Required skills include the ability to modify text files, change file and folder permissions, and create a MySQL database. At a minimum, FTP access to your server, or a good, web-based file manager, will be required.

If you’re installing on your own server, things to be aware of are that you’ll need to have PHP, MySQL and a decent web server, such as Apache installed (these are generally installed by default on Linux, but not on Windows). If you use Linux, consumer-focused Linux variants like Ubuntu and Fedora will have current versions of these applications, properly configured. More robust Linux distributions, like Redhat Enterprise, sometimes suffer from their cautious approach by including software versions that are obsolete. I’m a big fan of Centos, the free version of Red Hat Enterprise, but I’m frustrated that it comes with an older, insecure version of PHP and only very annoying ways to remedy that.

Up and Running

Once installed, Drupal advises you to configure and customize your web site. There are some key decisions to be made, and the success of the configuration process will be better assured if you have a solid idea as to what your web site is going to be used for. With that clearly defined, you can configure the functionality, metadata, site structure, and look and feel of your web site.

1. Install and enable Modules. Which of the core modules (the ones included in the Drupal pacckage) need to be enabled, and what additional modules are required in order to build your site? This is the first place I go.
2. Define the site Taxonomy. While you can build a site without a taxonomy, you should only do so for a simple site. A well structured taxonomy helps you make your site navigable; enhances searching; and provides a great tool for pyramid-style content management, with broad topics on one level and the ability to refine and dig deeper intuitively built into the site.
3. Structure your site with Blocks. You can define blocks, assign them to regions on a page (such as the sidebars or header) and restrict them to certain pages. On the theory that a good web site navigates the user through the site intelligently, based on what they click, the ability to dynamically highlight different content on different pages is one of Drupal’s real strengths.
4. Theme your web site. Don’t settle for the default themes—there are hundreds (or thousands) to choose from. Go to Drupal Theme Garden and find one that meets your needs, then tweak it. You can do a lot with a good theme and the built in thee design tools, or, if you’re a web developer, you can modify your themes PHP and CSS to create something completely unique. Just be sure that you followed the installation suggestions as to where to store themes and modules so that they won’t get overwritten by an upgrade.

This just brushes the surface, so I’ll do some deeper dives into Drupal configuration over the next few weeks.