Managing Outsourced IT Services: How to Say ‘No’ When You Don’t Know

Print Share on LinkedIn More


Nonprofit leaders know a lot about a lot. The sector requires us to be expert communicators, program analysts, fundraisers, managers, and more. We get used to making do with what we know, and most often that is good enough. Managing technology is one of the greater challenges for nonprofit professionals – and a subject area where the social sector is more likely to call on outside professionals for at least a part of the job.

Many nonprofits try to make do with outsourced information technology (IT) services whenever possible. Often, this is a sensible decision based on the size of the organization and the relative need for IT support. Just as often, it is also an acknowledgement that no one on staff really has the expertise for this role, and where nonprofits may otherwise dump miscellaneous roles to existing staff under “other duties as assigned,” this is one area where, often, no one on staff can really just pick it up in their spare time.

In such cases, the challenge becomes managing the outsourced IT relationship even though it is such a strange and foreign world for many nonprofit leaders. You can ask for the best service at the best pricing, but how do you know if you’re getting more than you need or – even more importantly – getting the wrong kind of support (which can actually hinder your nonprofit mission)? Some parts of managing IT are problems common to nonprofits and for-profits alike. Some are unique to what we do in the social sector, and require nonprofits to educate their IT folks that sometimes, we do actually understand what we want and what we need, and, after all, we’re paying the bill.

A common area requiring some pushback is e-mail services. Nonprofits can get great server technology for practically free (thanks once again, TechSoup!), but that doesn’t mean managing your own Exchange server is suddenly easy. Total cost of ownership is important here, and a free server license can costs you thousands in the ongoing support needed to keep the thing running. If you do manage your own server, you’re likely going to get sold a spam solution, maybe one that offers a little kickback to the service provider selling it. This is one area where you can start to push back on costs and time. IT service providers are going to have their preferred solution, but that doesn’t necessarily make it the right one for you. Check alternatives like MailRoute for cost and efficiency.

Your mission (probably) involves being easy to reach, and here is where many of our service partners can actually get in the way. Their job is to provide you with the most secure environment possible – but not one that is so secure that you can’t get messages or receive files. Helping your IT provider understand that this ease of access is a higher mission imperative than security may run contrary to what they want to sell. Stand your ground. Tell them you understand that there is risk, but that the risk may be very small compared to the reward of making it easier for the public to work with you. No, you don’t want an evil botnet running on your server, but there are levels of risk that are acceptable and don’t result in a worst-case scenario.

Do you really need a captcha on a web form, making it harder for people with disabilities to reach you, or can you just live with the occasional spam submission? It’s your call, not your provider’s call. They may be the IT experts, but you’re the nonprofit client. Tell them they need to find a less costly, less intrusive, and perhaps even riskier way to run what you need. If they can’t provide service to you without upselling you to Kremlin-level security, then it may be time to look for a provider that understands that your mission is more important to you than their preferred infrastructure.


Steve Boland lives at the intersection of community, policy and technology. Steve holds a Master of Nonprofit Management from Hamline University, and is a regular contributor to Nonprofit Quarterly. He can be reached at or

  • Julia Campbell

    I think you raise some valid points, Steve. Nonprofit professionals need to do their research when it comes time to hire an IT consultant or firm. They need to be comfortable with the people that are helping them and conducting the trainings. I always suggest visiting the IT firm’s website, reading their blog and Twitter feed, and getting testimonials and recommendations from other nonprofits they have served. However I do caution against being TOO cautious. If you think everyone is a scammer, a crook and out to get you, then you will get nowhere – have some faith, do you research and just jump in. Acknowledging that you cannot possibly do everything yourself is a great sign of strength and wisdom.