Skip to main content
On this page

NFPstack Knowledge Base

This documentation provides practical technical guidance for IT professionals working in charities, NGOs, humanitarian organisations, social enterprises, and other mission-driven contexts. The material addresses the particular challenges of managing technology where resources are constrained, operating environments are complex, and the work genuinely matters.

The guidance here is open and freely available. It exists because IT staff in the sector often work in isolation, inheriting systems without documentation, making decisions without peers to consult, and solving problems that someone elsewhere has already solved. This is an attempt to share what works.

Who this is for

The primary audience is IT practitioners: the people configuring systems, responding to incidents, making architecture decisions, and keeping things running. This includes:

  • IT managers and directors responsible for technology strategy and operations
  • System administrators managing infrastructure and applications
  • Security practitioners protecting organisational and beneficiary data
  • Data managers working with programme information and reporting
  • Technical leads making build-or-buy decisions
  • Anyone who has become “the IT person” alongside other responsibilities

The documentation assumes technical competence but not expertise in every area. Someone strong in infrastructure may need guidance on data protection; someone experienced in security may need orientation to humanitarian data standards. The goal is to provide enough depth that practitioners can act, while remaining accessible to those newer to a topic.

What this covers

The documentation spans nine collections, organised by domain rather than by task or technology.

Governance
Operating models, policies, standards, and compliance frameworks. How IT decision-making works, what rules apply, and how to align technology with organisational purpose.
Security
Identity and access management, threat detection and response, data protection, and security governance. Includes specific guidance for protection and safeguarding data, and for operating in high-risk contexts.
Infrastructure
Cloud platforms, networking, compute and storage, field infrastructure, and telecommunications. Covers both headquarter environments and the particular challenges of connectivity in remote locations.
Applications
Productivity and collaboration tools, programme and humanitarian systems, business applications, and application lifecycle management. From email to beneficiary registration to case management.
Data
Data governance, architecture, operations, and analytics. Includes humanitarian data standards and interoperability with sector-wide systems.
Development
Development standards and practices, low-code platform governance, integration patterns, and quality assurance. For organisations building or customising their own solutions.
Operations
Service management, change and release processes, asset and configuration management, monitoring, and IT finance. The ongoing work of keeping systems healthy.
Procedures
Step-by-step guidance for specific tasks: incident response playbooks, field operations, user lifecycle management, system implementation, and maintenance. The largest collection, designed for use during actual work.
Benchmarks
Tool selection guides with evaluation criteria and comparative analysis. Covers common software categories with both open source and commercial options.

How to use this documentation

There is no prescribed reading order. Most visitors arrive looking for something specific-a procedure for handling a security incident, guidance on selecting a case management system, or clarity on what a data protection policy should contain. The search function and navigation structure support this kind of targeted use.

For those exploring more broadly, each collection has an internal logic. Concept pages explain what something is and why it matters. Task pages provide step-by-step procedures. Reference pages offer structured lookup information. Playbooks guide time-critical response. Patterns describe reusable solutions that can be adapted to context.

A few orientation notes:

Context matters. The documentation acknowledges that organisations vary enormously-from single-person IT functions to large federated structures, from well-funded headquarters to resource-constrained field offices. Guidance often includes alternatives for different situations rather than prescribing a single approach.

Open source is presented alongside commercial options. Many organisations in the sector benefit from open source solutions, whether for cost reasons, data sovereignty, or alignment with values. Where relevant, open source options appear first, with honest assessment of trade-offs.

Field realities are addressed. Significant portions of the documentation deal with intermittent connectivity, low bandwidth, offline operation, power constraints, and physical security-the conditions under which much mission-driven work actually happens.

Links connect related content. Pages include “See also” sections pointing to related concepts, implementation procedures, and governing policies. Following these links builds understanding of how pieces fit together.

Contributing and feedback

This documentation improves through use. Every page includes a feedback mechanism-if something is unclear, outdated, or wrong, that input helps.

For longer suggestions, corrections, or questions, contact hello@nfpstack.com. All feedback is welcome, including:

  • Errors or outdated information
  • Topics that are missing or insufficiently covered
  • Sections that are confusing or assume too much knowledge
  • Approaches that haven’t worked in practice
  • Alternatives that should be mentioned

The people using this documentation know things that aren’t written down yet. Sharing that knowledge benefits everyone working in similar contexts.

A note on scope

This documentation focuses on information technology management-systems, security, data, infrastructure. It does not cover broader digital transformation strategy, programme design, or organisational change management except where these directly intersect with IT implementation.

The guidance reflects common patterns across the mission-driven sector but cannot address every regulatory environment, funding requirement, or organisational context. Readers should apply judgement and seek specialist advice where their situation demands it, particularly for legal, compliance, and high-risk security matters.

Technology in mission-driven organisations exists to serve the mission. The systems matter because the work matters. This documentation aims to help IT practitioners do that work well.

```