How Fiscal Sponsors Can Better Manage IT Infrastructure for Each Project

Nonprofit fiscal sponsors face a delicate balancing act in providing organizational support to projects. On one hand, you need to ensure each project has what they need to maintain compliance and protect their 501c3 status. But on the other, you also have to give each project the operational flexibility they need to thrive. And as you juggle priorities for multiple projects, your challenge grows more and more complex, especially in one key area: IT management. 

Your mission is to support and empower the projects under your organization’s umbrella. Taking a proactive approach to IT management not only protects your organization from cyber threats but also provides your projects with the secure, stable infrastructure they need to focus on their important work.

The dilemma of IT management for fiscal sponsors 

When it comes to IT management, many fiscal sponsors find themselves forced to choose between two imperfect options: You can either absorb the hefty burden of centralized IT management, or you can accept the risks of letting projects handle their own technology needs. 

However, there is a third approach, one that helps your organization find the sweet spot between protecting security while preserving autonomy for your projects. You need a partner who cares about your mission and understands the unique challenges, IT and otherwise, you must navigate as a fiscal sponsor.

Let’s examine each of these three options to help your fiscal sponsorship organization make a more informed IT management decision.

1. The centralized approach to IT management

In this model, the fiscal sponsor manages all IT infrastructure for projects, just as you would for any employees. When a new project comes on board, your organization provides them with tools for budgeting and fundraising. Plus, you set up each project with accounts for necessary software, such as Google Workspace, Zoom, and 1Password.

Along with ensuring security across all projects with onboarding and offboarding procedures, you can also set up baseline measures such as two-factor authentication. Providing your projects with an infrastructure they need to use is the most ironclad solution for developing IT maturity for your projects 

While that all sounds straightforward enough, a centralized approach also poses significant challenges — particularly if your fiscal sponsor organization oversees numerous projects. Managing IT support for potentially hundreds of projects constitutes a massive logistical burden. Along with facing increased internal costs of additional software licenses, you also bear the administrative overhead of managing their use. 

If your projects already have systems in place like email addresses and specific apps or integrations, you may face resistance among those organizations that prefer flexibility in choosing the tools they need. Worse yet, you may lose projects who don’t want the burden of managing a disruptive migration after sponsorship.

2. A decentralized model 

With a decentralized approach, your projects manage their own IT systems with minimum standards you’ve established through documentation about how their systems should work. While this model offers greater flexibility for your projects and less of an administrative burden for your own IT team, it also poses considerable risks:

• Increased security vulnerabilities due to diverse and potentially unsecured systems.
• Difficulty in maintaining compliance with minimum standards across numerous projects.
• Challenges in implementing organization-wide policies and updates.
• Potential for inconsistent practices that could lead to exposing your fiscal sponsor organization to data breaches or financial fraud.

Given these challenges, many fiscal sponsors are best served by finding a middle ground. Is there a way to ensure robust security without overburdening your IT staff?

3. The advantage of a specialized IT partner for fiscal sponsors

Increasing your IT capacity with a specialized partner allows you to offer your projects not just advice, but actual technical assistance and technical support. Even if you decide not to provide centrally managed IT accounts, you can still provide the resources needed to ensure projects have a baseline of IT maturity and security with the added capacity of a specialized partner.

Engaging an agency partner who understands the unique processes your organization needs can help manage your projects under one umbrella. The key is to identify an MSP who is well-versed in the unique experiences and challenges fiscal sponsors face to build and maintain the support your projects’ systems need. 

From centralized infrastructure to policy-setting for each project, engaging an IT partner who speaks your language and understands your mission offers a spectrum of tailored solutions you won’t find with a generalized MSP.  

Here’s an example of that idea in action. One of our clients provides all the IT systems for the organizations it sponsors. And Personified provides support to each project as well as annual training and consulting to ensure each project remains secure and stable.

This partnership offers the following benefits:

• Expertise in Nonprofit IT: The right agency will have experience working with nonprofits and know the specific challenges and constraints you face.
• Scalable Support: Whether you have a handful of projects or hundreds, a specialized agency can provide the level of support you need.
• Flexible Implementation: You can choose which aspects of IT to centralize and which to leave to individual projects, with expert guidance on best practices.

This approach allows you to benefit from centralized expertise without the burden of managing IT for every project in-house. It also provides your projects with vital support while protecting your organization from the risk of exposure from inadequate cybersecurity practices.

Cybersecurity best practices for fiscal sponsors

Whether you choose to take a centralized, decentralized, or partnership approach, there are several best practices you should consider implementing to protect your projects from security vulnerabilities. Remember, any security breach at one project also exposes your entire organization.

At minimum, you should require any new project coming on with your fiscal sponsor organization to document their systems. What platform are they using for email? Where is their domain registered, and who has access to that account? What other software accounts do their teams use? These insights form the foundation of establishing IT maturity at each project.

Once the project has documented these details, they can look at each system and implement the following baseline security measures:

• Long, unique password for every account
• Account access managed with an institutional password manager like 1Password
• Two-Factor Authentication (2FA) on every account
  • Where supported, use key-based 2FA (physical security keys or digital passkeys). Security keys and passkeys are the most resistant to phishing.
• Enable advanced security features for your email platform: 
  • If using Google, enable Advanced Protection
  • If using Microsoft, enable Account Guard

As their IT maturity grows, each project should consider implementing more advanced security measures. For example, you may want to implement a data retention policy about what should be stored, what should be archived, and for how long. But you may not have the capacity to provide that level of support to your projects. 

When you work with the right partner, you can incorporate additional measures to protect your projects and your organization. 

Empowering your mission through strategic IT management 

Robust IT management comprises more than simply avoiding problems. The right approach creates opportunities to continually evolve with the security landscape. Ensuring your projects have secure, efficient IT systems enables them to work more effectively and ultimately make a greater impact. But you don’t have to deliver this support on your own.

If you’d like to hear more about how Personified can help your fiscal sponsor organization, we should talk.