Upgrading Napa Firewise's Managed IT Support Services

Background

Napa Firewise, a nonprofit dedicated to wildfire prevention and community education, sought to modernize its technology environment while improving collaboration, security, and operational predictability. Their legacy support model under a Base agreement left leadership without consistent strategic guidance, and IT decisions were often reactive instead of guided by governance.

As the organization scaled, two issues became more urgent:

Contract Complexity
Fragmented support arrangements created uncertainty around billing, forecasting, and accountability. Leadership needed a predictable model that aligned IT with mission outcomes and grant cycles.

Security and Infrastructure Gaps
Legacy file systems, varying security controls, and inconsistent data practices introduced operational and compliance risks. A modern, standards-based environment anchored in Microsoft 365 became essential.

Situation

Email discussions between Jyan Omidian, Robyn Bera, and Joe Nordlinger revealed Napa Firewise’s desire to shift from Base support to a comprehensive Maintenance Agreement that delivered:

• Predictable monthly costs
• Proactive strategic guidance through TAM involvement
• Stronger governance around data, security, and planning

A review of 2023 billing data showed:

• Base Agreement (7 users): $4,824.74/month
• Proposed Maintenance (15 users): $5,301.93/month

The modest increase provided a significant value gain by adding structured strategy, security advisement, planning, and governance oversight.

Objectives

1. Standardize IT support under a single Maintenance Agreement.
2. Establish consistent governance through a formal IT Governance Committee.
3. Adopt and operationalize the Napa Firewise Information Technology Standards and Requirements.
4. Modernize file systems and collaboration through a SharePoint migration.
5. Elevate security posture via MFA, Defender, Intune, BCDR, and compliance practices.
6. Leverage TAM/vCIO work to create strategic alignment and a forward-looking roadmap.
   
   

Action Plan

1. Transition to a Maintenance Agreement

Endsight aligned the contract to support Napa Firewise’s operational maturity. The Maintenance Agreement introduced:

• Predictable, consolidated billing
• Recurring strategy sessions
• Access to TAM and vCIO advisement for planning, budgeting, and security
• Governance-driven decision-making

This replaced the reactive, ticket-centric Base model with a proactive, structured partnership.

2. Establishment of a Governance Committee

Napa Firewise committed to greater organizational discipline by forming an IT Governance Committee consisting of leadership and key operational stakeholders.

The committee’s role included:

• Reviewing quarterly strategy and risk assessments
• Aligning technology decisions with grant funding cycles
• Evaluating security recommendations and prioritizing adoption
• Ensuring adherence to the newly implemented IT Standards

This became the primary mechanism for accountability and long-term planning.

3. Adoption of Formal IT Standards

The client fully adopted the Napa Communities Firewise Foundation Information Technology Standards and Requirements (2024) covering:

• Business Continuity and Disaster Recovery (OFFLINE + OFFSITE backups, MFA-protected access, annual testing)
• Email security (SPF, DMARC, DKIM, phishing training, MFA, restricted admin use)
• Endpoint and Internet security (EDR, NextGen AV, encryption, patching, Intune, identity management)
• MFA requirements for all users, admins, backups, key applications, and VPN
• Workstation standards (lockout policies, storage restrictions, lifecycle planning)
• Compliance requirements and recommended policies

Endsight’s guidance as TAM/vCIO ensured the standards were not just adopted but operationalized, helping leadership interpret requirements, evaluate tooling, and sequence implementation steps.

4. SharePoint Migration Using Group-Centric Architecture

Endsight implemented a SharePoint migration that aligned with the new governance and standards framework:

• Logical, department-based structure
• Controlled external sharing
• Lifecycle and metadata considerations
• Scan-to-SharePoint workflows for document digitization

This supported the Governance Committee’s goals of reducing data sprawl and tightening access control.

5. Strengthening Security Posture

By pairing the IT Standards with strategic guidance, Endsight delivered improvements such as:

• Deployment of Microsoft Defender and Intune
• Enforcement of MFA across all identities
• Implementation of BCDR practices aligned with OFFLINE and OFFSITE requirements
• Training for staff on secure collaboration and external sharing
• Review and cleanup of administrative rights and legacy systems

Leadership’s willingness to tighten security and accept the cultural impact of adopting MFA, governance processes, and workstations standards demonstrated a growing maturity that aligned with their mission and stakeholder expectations.

Execution Highlights

• Conducted a full discovery and mapping of data sources pre-migration.
• Implemented SharePoint permissions to minimize accidental leakage.
• Enabled phishing simulations and email security controls (DMARC, DKIM, SPF).
• Deployed NextGen AV, EDR, encryption, and patch management in alignment with the IT Standards .
• Delivered training sessions for Governance Committee members and operational staff.
• Introduced annual compliance and BCDR review cycles.
  
  

Strategic Value Delivered Through TAM Work

The transition revealed significant strategic value derived from recurring TAM/vCIO engagement.

1. Security Advisement as a Strategic Enabler

Through structured meetings, risk reviews, and roadmap planning, the TAM provided:

• Guidance on MFA, BCDR, EDR, and email security requirements
• Alignment of technology standards with operational realities
• Budget forecasting tied to grant cycles
• Prioritization of high-impact security improvements

The organization’s willingness to embrace strong security practices allowed Endsight to implement controls typically challenging for nonprofits with limited staff.

2. Quarterly Strategic Check-ins

These sessions ensured:

• Real-time alignment with organizational growth
• Early identification of risks or dependencies
• Adjustments to licensing, hardware lifecycle, and compliance needs
• Reinforcement of governance decisions
  
  

3. Governance as a Continuous Practice

The Governance Committee became the backbone of the new Maintenance model. It ensured:

• Technology decisions were intentional and documented
• Policies and standards were consistently applied
• Leadership maintained visibility into IT budget and risk
• No strategic initiative advanced without review and prioritization

This governance maturity was not feasible under the Base agreement structure.

4. Roadmapping and Planning

The TAM developed a forward-looking security and modernization roadmap that provided clarity on:

• Lifecycle management
• Security projects
• SharePoint governance
• Endpoint modernization
• Disaster recovery planning
• Future cloud services

Napa Firewise’s adoption of the roadmap demonstrated trust in Endsight’s long-term strategic guidance.

Results

Governance & Decision-Making

The Governance Committee and adopted IT Standards established a sustainable decision framework where IT initiatives are predictable, transparent, and aligned with mission priorities.

Security Maturity

The organization now meets core security requirements:

• MFA everywhere
• BCDR
• EDR + NextGen AV (Endpoint & Cloud)
• Email authentication (SPF/DMARC/DKIM)
• Entra ID and Intune-based identity and device management

This represents a major shift from reactive IT to intentional cybersecurity leadership.

Operational Efficiency

SharePoint consolidation reduced friction in collaboration, improved document retrieval, and eliminated legacy data silos.

Cost Predictability

Maintenance billing removed surprises associated with ad hoc work, making long-term planning and grant alignment substantially easier.

Strategic Alignment

Regular TAM engagement provided Napa Firewise with the confidence that technology decisions are being guided by a comprehensive strategy, not isolated work requests.