Tag Archives: goodwill

How Easy Is It For You To Manage, Analyze And Present Data?

apple-256262_640I ask because my articles are up, including my big piece from NTEN’s Collected Voices: Data-Informed Nonprofits on Architecting Healthy Data Management Systems. I’m happy to have this one available in a standalone, web-searchable format, because I think it’s a bit of a  signature work.  I consider data systems architecture to be my main talent; the most significant work that I’ve done in my career.

  • I integrated eleven databases at the law firm of Lillick & Charles in the late 90’s, using Outlook as a portal to Intranet, CRM, documents and voicemail. We had single-entry of all client and matter data that then, through SQL Server triggers, was pushed to the other databases that shared the data.  This is what I call the “holy grail” of data ,entered once by the person who cares most about it, distributed to the systems that use it, and then easily accessible by staff. No misspelled names or redundant data entry chores.
  • In the early 2000’s, at Goodwill, I developed a retail data management system on open source (MySQL and PHP, primarily) that put drill-down reporting in a web browser, updated by 6:00 am every morning with the latest sales and production data.  We were able to use this data in ways that were revolutionary for a budget-challenged Goodwill, and we saw impressive financial results.

The article lays out the approach I’m taking at Legal Services Corporation to integrate all of our grantee data into a “data portal”, built on Salesforce and Box. It’s written with the challenges that nonprofits face front and center: how to do this on a budget, and how to do it without a team of developers on staff.

At a time when, more and more, our funding depends on our ability to demonstrate our effectiveness, we need the data to be reliable, available and presentable.  This is my primer on how you get there from the IT viewpoint.

I also put up four articles from Idealware.  These are all older (2007 to 2009), they’re all still pretty relevant, although some of you might debate me on the RSS article:

This leaves only one significant piece of my nptech writing missing on the blog, and that’s my chapter in NTEN’s “Managing Technology To Meet Your Mission” book about Strategic Planning. Sorry, you gotta buy that one. However, a Powerpoint that I based on my chapter is here.

Pop Quiz: PCI Compliance

This post was first published on the Idealware Blog in August of 2009.

The credit card industry is doing the right thing by consumers and enforcing proper security measures regarding the handling of credit card information.  You might have heard about this – a number of the popular vendors of donor databases are recommending upgrades based on their compliance with these regulations. The “Payment Card Industry Data Security Standard”, commonly known as PCIDSS, is a set of guidelines for securely handling credit card information.  The standard has been around for about four years, but early enforcement efforts focused on companies with a high volume of credit card transactions.  Now that they’re all in compliance, they’ve set their sites on smaller businesses and nonprofits. So, what does this mean? Here’s the simplest F.A.Q. that you’re likely to find on the topic:

  • Do you ever process online, phoned in, or mailed-in credit card donations in-house? e.g., do you maintain the credit card number, expiration date and name of a donor?

If no, you don’t have to worry about this.

  • If yes, do you have more than 20,000 such transactions annually?

Well, if you do, congratulations!  Most nonprofits don’t, so they qualify for level 4 of the PCI Compliance scale. That results in a Self Assessment Questionnaire (SAQ) Validation type of “4”.  Higher validation types are subject to stricter security standards.

The Self-Assessment Questionnaire will ask you all sorts of technical questions about your network and security procedures.  Do you have a firewall?  Are all of your transactions encrypted?  Do you use anti-virus software?  Is credit card information properly restricted to authorized staff?

Depending on your network, you might already comply with a lot of the requirements.  If you don’t, then it might require a significant investment to get there.

  • What will happen if I ignore this?

This isn’t government regulation (although your state might have laws in place that do mandate some similar response). Participation is not mandatory.  But, should your security be breached, two things will happen:

  1. The compliance requirements for your organization will be reassessed to level one or two, and they’ll be much more costly and complicated to meet.  The credit card companies might decline to do business with you if you don’t comply.  Can you afford to not take Visa?
  2. You will likely be indirectly fined for non-compliance.  The credit card companies will hold your bank liable for losses due to credit card theft in situations where your security was substandard.  Your bank will likely pass that fine on to you.
  • So what’s the easiest way to deal with this?

Simple: don’t handle credit cards.  There are a number of services that, for a price, will do this for you, from Paypal and Google Checkout to CharityWeb and Blackbaud’s BBNow. Outsourced ECRM software (NetCommunity, Convio, Democracy in Action, etc.) will also handle it. The cost is likely not as significant as that of maintaining compliance or suffering the consequences of a non-compliant breach.

I’ll share that, at the Goodwill where I used to work, outsourcing wasn’t an option, because we were both a charity and a retailer. Our frustration was not that we didn’t have good security in place.  It was that there were differences in how we had set up our security and the PCIDSS requirements.  So, while we had done a lot of work and made significant investments, we still had to reconfigure things and spend more in order to be compliant.  In addition to making our internal IT changes, we had to switch software programs in order to avoid storing credit cards unencrypted in our database, a typical problem.  We also engaged a consultant.  Once you are reasonably sure that you comply, then you must pay a security service to verify your efforts, another non-trivial expense.

Blackbaud has put together some good further reading on this topic (and they are one of the vendor’s whose latest software is compliant; ask your eCRM vendor!).

Should Non-profits Seed Software Development?

There were a ton of interesting side topics that came up at the Salesforce Non-Profit Roadmap event, but a few hit on some related themes that have long interested me, and they can be summed in two basic, but meaty questions:

1. Why isn’t there more collaboration between non-profits and open source software developers?

2. Should non-profits seed software development?

You’d think that open source and mission-focused organizations would be a natural fit, given that both share some common ethics around openness, collaboration, sharing and charity, and, let’s face it, both have challenging revenue models that often depend on the charity of others. And I think that’s the rub — simpatico they may be, but non-profts need partners to satisfy their needs, not share them. So when Microsoft, Salesforce, Cisco or some other high-powered tech company throws a significant bone (and these companies are very supportive), they can take it without putting their sustainability at risk. And I like to think that their charity is returned in more ways than the obvious support of our missions. Non-profits can take risks and do some creative things that profit-oriented companies shouldn’t. When it became strikingly clear to me that Salesforce had data management goals way beyond CRM (The evening that Marc Benioff told me that he was very interested in Goodwill’s inventory management challenges), it pretty quickly occurred to me that there would be a mutually beneficial opportunity if Goodwill wanted to pilot some of Salesforce’s development in that new territory.

The Roadmap session was stimulating on a number of levels – if I weren’t about to get extremely busy on my own sustainment pursuits, I could probably blog non-stop on it. One of the fun things was systematically determining exactly how non-profits are different in our software needs from the software-consuming world at large. There are clear needs for fund development, case management, grant reporting/management, and advocacy that aren’t germaine to the standard business world. And the general market for non-profit specific software has some limitations, as I often mention. At Goodwill, I searched high and low for a Workforce Development case management system that sat on an open platform. It doesn’t, to my knowledge, exist – every option out there limits the clients ability to integrate data from and to other systems. Most of them have severely limited reporting capabilities. Ironically, one of the worst offenders is the system that Goodwill International commissioned and sold to the members.

If the time hasn’t come, then it’s about to – non-profits can no longer afford to lock up their data in inflexible systems. Business management is not about silos. Success lies in your ability to learn from the data you collect, and inter-relate data between disparate systems. It’s not about how many clients you served. It’s about the cost of serving each of those clients and the effectiveness of your methods. You need systems that talk to each other and affordable ways to correlate data. So if the existing vendors don’t value this — or, worse, have built their business models on keeping you locked into their platforms by limiting your access to the data — then you need alternatives. And since Microsoft will discount their own software, but won’t fund other vendors, you need to consider if you shouldn’t be putting aside some of your hard-earned donations toward funding that development.

Looking for a nptech job?

Okay, I’m using my blog to blatantly advertise, but, hey, it’s for open jobs in my department, so I think it’s kosher…

I have two positions open at SF Goodwill in the IT Department that I manage there. I always prefer finding people who are motivated by our mission, and SF Goodwill is a particularly exciting place to be right now under the leadership of Deborah Alvarez-Rodriguez. With a dramatic change in management and a new focus on distributed leadership, Goodwill is now a place that considers technology a key enabler, and our recent budget approved a number of strategies that I think are particularly compelling.

Goodwill supports its mission of bringing people with barriers to employment into the workforce, and we do it by providing counseling, training, jobs and other forms of support to people coming out of poverty, drug habits, homelessness, the criminal system and other disabling conditions. We are a social enterprise, running businesses in order to support our services, and we are best known for our retail thrift operations. We are non-secular, unlike some well-known competitors, and, in addition to our goals of overcoming poverty and building communities so that every person who wishes to work, can work, we actively support the environment by running green operations, recycling computers and other goods, and actively promoting landfill diversion activities.

The two positions are a Database/Web Developer (System Integrator) and a Retail Technology Support Analyst. The first position is new; the second currently vacant.

On the retail side, we are looking at how we can better understand and market to our customers and donors, as well as how we can continue to automate our supply chain. Handling truckloads of donated goods daily is a laborious process, and we want to maximize efficiency while creating a healthy environment for our staff and clients, that will provide them with retail skills applicable beyond Goodwill. The main focus of the job is Point of Sale (POS)/Inventory Management, POS support and training, and retail project management.

You can read about the job and apply for it here

The new position might be particularly interesting to people excited by the nptech project. Goodwill, like most organizations, is run on a cluster of databases. We are committed to (where necessary) migrating our databases to client/server systems and building the links and data warehouses that will allow for high-level dashboards and work flow automation. We are also looking at our web sites (internal and external) and strategizing on how to move them to “Web 2.0” – the social web that is emerging. This job requires solid SQL skills, XML, and server-side scripting. Most of our existing web infrastructure is LAMP-based: Linux servers running Apache, MySQL and PHP. We see RSS as a core element of our web-publishing strategy. If this sounds broad, it’s because I don’t separate internal databases from external web sites – it’s all about managing information and communicating, so we take a holistic approach. We do have a web designer on staff — we’re looking for a programmer who knows SQL, PHP (or something equivalent — we won’t throw out Ruby or Python skills), XML and RSS, xHTML. Design talent is a plus, not a requirement.

You can scan this job description and apply here

Okay, so, yes, we are a non-profit. The pay is on the lower side of market, not the higher. The perks in this job are the environment (friendly, diverse, collaborative, exciting) and the mission (the end result of your work directly improves the community and people’s lives).

If either of these jobs are in your area and sound intriguing, go ahead and apply!

Distributive Leadership

Okay, this isn’t technology related, but I’d love some feedback on this, so it’s going out on the nptech tag. And, since this topic is right out of my job, note the disclaimer that my opinions do not represent the opinions of SF Goodwill in any official or unofficial capacity.

My company, Goodwill Industries of San Francisco, is deep into an organizational change process, and I’ve been given particular responsibility for facilitating the creation of a leadership development group (I am not the current group leader, but I was, and the CEO keeps looking right at me whenever the subject comes up…). This isn’t a generic thing – the idea is that there should be a diverse group of staff (different jobs, different levels of responsibility, ethnic/gender diversity) that rotate into strategic planning sessions with executive staff and, on occassion, board members and other organization strategists. My team’s task is to come up with the plan for how we recruit the members and what we do to prepare them to contribute healthfully at high-level meetings.

So, some background – our CEO has an immensely impressive background, having, at times, headed up an AIDS foundation; the San Francisco Department of Children, Youth and Families; the Omidyar Foundation (started it up with Pierre), and other things. She is a guru on corporate management and organizational change; a visionary; and a natural agent of change and imagination. Our staff, most of whom work in our retail thrift operation, are often hired out of our programs to assist the poor, homeless, and ex-offenders; many speak English as their second language; and are not likely to be well-versed in modern business rhetoric. None of this implies that there aren”t natural leaders and innovators among them – just that they aren’t likely to be prepped to participate at a lingo-driven, high-level business strategy session. So the trick I’m wrestling with is, how do you properly orient them to be able to participate with the executives?

There are really two big things we have to overcome:

  • The language barriers (both rthnic and rhetoric based)
  • and the confidence barriers, in it that some of these potential leaders have been with us for ten to thirty years, but nobody has ever asked them to participate in strategic thinking at the highest level, or given them any expectation that their opinions would be valued.

So we’ve identified some books; we are banking on mentoring as a strategy; we have access to some online training; and I think we have a strong recruitment plan about 90% worked out, one that combines open enrollment with a referal/evaluation process to insure that everyone is able to let us know they’re interested (the first evidence of leadership potential) with enough room for us to determine if they’re ready for it. A big concern is that we don’t want to set our staff up to fail.

So, say you were me: what tools (online, books, etc) would you use to help prep people to participate in rhetoric driven strategy sessions?

What exercizes/methods would be effective in helping them build their confidence to speak up in meetings with the highest level of management? We have already done a lot of thinking on this, and realize that it’s necessary to create a safe environment outside of the office, with an outside facilitator, but there must be some focused ways to teach people how to take that kind of risk. If we teach them all there is to know, but they still feel uncomfortable speaking up in the meetings, we haven’t accomplished our primary goal.

What do the execs and mentors need to know/be explicitly trainined in? I think it’s a two way street.