Background
Napa Firewise, a nonprofit dedicated to wildfire prevention and community education, sought to modernize its technology environment while improving collaboration, security, and operational predictability. Their legacy support model under a Base agreement left leadership without consistent strategic guidance, and IT decisions were often reactive instead of guided by governance.
As the organization scaled, two issues became more urgent:
Contract Complexity
Fragmented support arrangements created uncertainty around billing, forecasting, and accountability. Leadership needed a predictable model that aligned IT with mission outcomes and grant cycles.
Security and Infrastructure Gaps
Legacy file systems, varying security controls, and inconsistent data practices introduced operational and compliance risks. A modern, standards-based environment anchored in Microsoft 365 became essential.
Situation
Email discussions between Jyan Omidian, Robyn Bera, and Joe Nordlinger revealed Napa Firewise’s desire to shift from Base support to a comprehensive Maintenance Agreement that delivered:
- Predictable monthly costs
- Proactive strategic guidance through TAM involvement
- Stronger governance around data, security, and planning
A review of 2023 billing data showed:
- Base Agreement (7 users): $4,824.74/month
- Proposed Maintenance (15 users): $5,301.93/month
The modest increase provided a significant value gain by adding structured strategy, security advisement, planning, and governance oversight.
Objectives
- Standardize IT support under a single Maintenance Agreement.
- Establish consistent governance through a formal IT Governance Committee.
- Adopt and operationalize the Napa Firewise Information Technology Standards and Requirements.
- Modernize file systems and collaboration through a SharePoint migration.
- Elevate security posture via MFA, Defender, Intune, BCDR, and compliance practices.
- Leverage TAM/vCIO work to create strategic alignment and a forward-looking roadmap.
Action Plan
- Transition to a Maintenance Agreement
Endsight aligned the contract to support Napa Firewise’s operational maturity. The Maintenance Agreement introduced:
- Predictable, consolidated billing
- Recurring strategy sessions
- Access to TAM and vCIO advisement for planning, budgeting, and security
- Governance-driven decision-making
This replaced the reactive, ticket-centric Base model with a proactive, structured partnership.
- Establishment of a Governance Committee
Napa Firewise committed to greater organizational discipline by forming an IT Governance Committee consisting of leadership and key operational stakeholders.
The committee’s role included:
- Reviewing quarterly strategy and risk assessments
- Aligning technology decisions with grant funding cycles
- Evaluating security recommendations and prioritizing adoption
- Ensuring adherence to the newly implemented IT Standards
This became the primary mechanism for accountability and long-term planning.
- Adoption of Formal IT Standards
The client fully adopted the Napa Communities Firewise Foundation Information Technology Standards and Requirements (2024) covering:
- Business Continuity and Disaster Recovery (OFFLINE + OFFSITE backups, MFA-protected access, annual testing)
- Email security (SPF, DMARC, DKIM, phishing training, MFA, restricted admin use)
- Endpoint and Internet security (EDR, NextGen AV, encryption, patching, Intune, identity management)
- MFA requirements for all users, admins, backups, key applications, and VPN
- Workstation standards (lockout policies, storage restrictions, lifecycle planning)
- Compliance requirements and recommended policies
Endsight’s guidance as TAM/vCIO ensured the standards were not just adopted but operationalized, helping leadership interpret requirements, evaluate tooling, and sequence implementation steps.
- SharePoint Migration Using Group-Centric Architecture
Endsight implemented a SharePoint migration that aligned with the new governance and standards framework:
- Logical, department-based structure
- Controlled external sharing
- Lifecycle and metadata considerations
- Scan-to-SharePoint workflows for document digitization
This supported the Governance Committee’s goals of reducing data sprawl and tightening access control.
- Strengthening Security Posture
By pairing the IT Standards with strategic guidance, Endsight delivered improvements such as:
- Deployment of Microsoft Defender and Intune
- Enforcement of MFA across all identities
- Implementation of BCDR practices aligned with OFFLINE and OFFSITE requirements
- Training for staff on secure collaboration and external sharing
- Review and cleanup of administrative rights and legacy systems
Leadership’s willingness to tighten security and accept the cultural impact of adopting MFA, governance processes, and workstations standards demonstrated a growing maturity that aligned with their mission and stakeholder expectations.
Execution Highlights
- Conducted a full discovery and mapping of data sources pre-migration.
- Implemented SharePoint permissions to minimize accidental leakage.
- Enabled phishing simulations and email security controls (DMARC, DKIM, SPF).
- Deployed NextGen AV, EDR, encryption, and patch management in alignment with the IT Standards .
- Delivered training sessions for Governance Committee members and operational staff.
- Introduced annual compliance and BCDR review cycles.
Strategic Value Delivered Through TAM Work
The transition revealed significant strategic value derived from recurring TAM/vCIO engagement.
- Security Advisement as a Strategic Enabler
Through structured meetings, risk reviews, and roadmap planning, the TAM provided:
- Guidance on MFA, BCDR, EDR, and email security requirements
- Alignment of technology standards with operational realities
- Budget forecasting tied to grant cycles
- Prioritization of high-impact security improvements
The organization’s willingness to embrace strong security practices allowed Endsight to implement controls typically challenging for nonprofits with limited staff.
- Quarterly Strategic Check-ins
These sessions ensured:
- Real-time alignment with organizational growth
- Early identification of risks or dependencies
- Adjustments to licensing, hardware lifecycle, and compliance needs
- Reinforcement of governance decisions
- Governance as a Continuous Practice
The Governance Committee became the backbone of the new Maintenance model. It ensured:
- Technology decisions were intentional and documented
- Policies and standards were consistently applied
- Leadership maintained visibility into IT budget and risk
- No strategic initiative advanced without review and prioritization
This governance maturity was not feasible under the Base agreement structure.
- Roadmapping and Planning
The TAM developed a forward-looking security and modernization roadmap that provided clarity on:
- Lifecycle management
- Security projects
- SharePoint governance
- Endpoint modernization
- Disaster recovery planning
- Future cloud services
Napa Firewise’s adoption of the roadmap demonstrated trust in Endsight’s long-term strategic guidance.
Results
Governance & Decision-Making
The Governance Committee and adopted IT Standards established a sustainable decision framework where IT initiatives are predictable, transparent, and aligned with mission priorities.
Security Maturity
The organization now meets core security requirements:
- MFA everywhere
- BCDR
- EDR + NextGen AV (Endpoint & Cloud)
- Email authentication (SPF/DMARC/DKIM)
- Entra ID and Intune-based identity and device management
This represents a major shift from reactive IT to intentional cybersecurity leadership.
Operational Efficiency
SharePoint consolidation reduced friction in collaboration, improved document retrieval, and eliminated legacy data silos.
Cost Predictability
Maintenance billing removed surprises associated with ad hoc work, making long-term planning and grant alignment substantially easier.
Strategic Alignment
Regular TAM engagement provided Napa Firewise with the confidence that technology decisions are being guided by a comprehensive strategy, not isolated work requests.
