A very common situation that can come about with a small business that is starting out or a community organisation that is running with a handful of core volunteers is that you can end up with a messy information-technology situation.
Typically this happens because the people who are behind the organisation typically buy the hardware, software and services out of their own pocket, assuming that the organisation is running on the “smell of an oily rag” with very minimal funds. This situation affects organisations in the religious, charitable or voluntary sector where they want to spend as little on office-related or capital expenses as possible so the money that comes in is focused on the organisation’s raison d’etre.
What can happen especially with software is that the it ends up being licensed in the name of the contributor or volunteer while a service like Web-site hosting and domain-name renewal is paid out of a member’s or volunteer’s personal funds and managed in the name of that member. In the case of operating systems or other software that are furnished with donated computer hardware, the software can also be licensed in the name of the donor rather than the beneficiary and no procedure takes place to technically and legally transfer this ownership.
Then you can end up with issues like software piracy and non-compliance or a service being paid for by someone who has left the organisation then you don’t know where that service is going or whom the computer software should be in the name of. You also have the issue of where the organisation legally stands when it come to using the service and this can also place the continuity of that service in doubt.
Do you know the organisation’s legal entity?
Here, you have to know how the business or organisation is legally referred to and represented. This includes a business, company or other legal name that represents the organisation as well as its trading or other “public-facing” name. Typically, the organisation’s legal name may be written out in any stationery associated with its bank account.
Make sure that any software that the organisation uses is bought in the name of the organisation, If someone wants to donate a program to the organisation, they need to either donate the program’s value to the organisation as cash through the normal paths like a church’s offering plate or basket. Or they could buy the software as an unencumbered package using their funds and hand the software package over to the organisation.
Some “buy and download” software providers may allow you to register a copy of the software in one name while allowing you to pay using a credit card or PayPal account in a different name. This measure is typically provided to allow one to give the software as a personal gift.
Increasingly business IT is being focused towards the purchasing of services like Web hosting, domain names and the like, with a an increasing amount of IT functions like software suites being sold “as a service”. Typically this involves someone having to pay for the service on a regular basis.
Payment for the services
What these organisations can do is to maintain a business debit card based on a major payment-card platform and drawing from the organisation’s funds. The organisation adopts strict usage and accounting procedures with establishing payments using this card and uses it primarily for paying for business services that can only be paid with a major payment card. On the other hand, they could make sure that the service they want to engage can accept a standing direct-debit order as the payment method. Anyone who wishes to donate the cost of a service could do so through a cash payment to the organisation in the usual payment path.
Whose name is the service under?
As for these services, make sure that they are registered or set up in the name of the organisation. For example, a domain name’s WHOIS data must reflect the name of the organisation and whoever is in executive position. For organisations who have a home as their office, it may be better to supply a mailing address like a PO box or a mail-drop; or use the shopfront’s address as a mailing address if they do operate a long-term physical shopfront.
Login details and user accounts
All login details like usernames and passwords associated with these services have to be known to authorised personnel currently in that organisation. This could be achieved through either a paper document or electronic-form document file that is on a USB memory key which has to be kept in safe storage on the organisation’s premises like a safe. Here, you could use a “secure” USB memory key which uses encryption and password security for this purpose and keep the password for that in a separate envelope. This list of passwords needs to be updated every time these passwords are changed and they should be changed regularly such as whenever people leave the organisation.
You may find that it is better to use multiple user accounts for these services so you can add and remove users easily and allow these users to determine their login parameters. The multiple-user-account setup also gives you the benefit of limiting what privileges a user’s account has, so that the privileges reflect the expected job function for the account-holder But the administrator password for these services needs to be kept on the above-mentioned organisational password list that is to be kept in safe storage.
Similarly, you may find that the multiple-user-account setup that a service uses may work with single-sign-on so that the credentials are verified with a third-party platform like Microsoft.com, Google or Facebook with the service receiving the “all-clear” in the form of a token. This may be OK to pursue if the employee or volunteer agrees to using the account associated with one of these platforms as part of single sign-on.
Once your small business or community organisation has their software and services properly under their own umbrella, they can make sure that they know where it stands through the life of the software and services rather than dealing with a dog’s breakfast.