Why IT Support Isn't the Same as Technology Governance | Tech For Charities

When I ask charities who's responsible for their technology, the most common answer is "our IT support company." And when I ask what that company does, the answer is usually some combination of fixing things when they break, managing email accounts, and making sure the Wi-Fi works.

That's IT support. It's necessary, and it's valuable. But it's not technology governance — and conflating the two is one of the most common and costly mistakes I see in the charity sector.

What IT support actually covers

A typical IT support contract for a small charity covers reactive maintenance and basic infrastructure management. When a printer stops working, they fix it. When someone can't log in, they reset the password. When you need a new laptop set up, they configure it. Some providers also offer proactive monitoring — keeping software updated, managing antivirus, and flagging hardware that's reaching end of life.

This is important work. You need someone who can keep your day-to-day technology functioning. But the scope of a support contract is almost always limited to the systems they manage. They're not looking at your broader technology landscape, your data practices, your processes, or your strategic direction.

What technology governance means

Technology governance is about whether your organisation's technology — all of it, not just the bits your IT company manages — is aligned with your mission, your strategy, and your obligations. It asks questions like:

Are you using the right tools for what you're trying to achieve? Is your data properly protected and managed? Do your staff have the skills they need? Is your board informed about technology risks? Are your processes documented? What happens when key people leave? Are you meeting your legal obligations around data protection?

Your IT support company isn't set up to answer these questions. It's not their fault — it's simply not what they're contracted or qualified to do. They see your email system and your network. They don't see your data flows, your governance gaps, or your strategic misalignment.

Where the gap shows up

The gap between support and governance shows up in predictable ways. Here are some of the most common:

Software sprawl. Your IT company manages the systems they were asked to manage. But over the years, different teams have signed up for their own tools — a project management platform here, a survey tool there, a cloud storage service someone set up for a specific project. Nobody has a complete picture of what software the organisation uses, what it costs, or whether it's appropriate.

Data silos. Information lives in different systems that don't talk to each other. Your CRM has one version of a service user's details, your case management system has another, and a spreadsheet somewhere has a third. Your IT company can keep each system running, but they're not looking at how data flows between them — or whether it should.

Policy gaps. Your IT company might have set up your firewall and configured your antivirus. But do you have an acceptable use policy? A data retention schedule? An incident response plan? A leavers process? These are governance documents, not technical configurations, and they're unlikely to come from your support provider.

Strategic drift. Your IT company maintains what you have. They're not asking whether what you have is still the right thing. Technology decisions in charities often happen reactively — someone hears about a tool, a funder offers to pay for a system, or something breaks and gets replaced with whatever's available. Without governance, there's no thread connecting these decisions to your organisational strategy.

This isn't a criticism of IT support companies

To be clear: a good IT support provider is essential. If yours is responsive, competent, and keeps your infrastructure running, that's genuinely valuable. The issue isn't that they're doing a bad job — it's that their job has defined boundaries, and technology governance sits outside those boundaries.

The problem arises when organisations assume that having an IT support contract means their technology is "sorted." It's a bit like assuming that because you have a bookkeeper, your financial strategy is taken care of. The bookkeeper keeps the books accurate. The strategy requires someone looking at the bigger picture.

What independent governance looks like

An independent technology governance review looks at your entire technology and data landscape — not just the systems your IT company manages, but everything your organisation uses to collect, store, process, and share information. It assesses how technology decisions are made, whether your practices meet regulatory requirements, whether your team has the skills and support they need, and whether your technology is aligned with where your organisation is heading.

Crucially, it's independent. I don't sell software, manage infrastructure, or provide ongoing IT support. I have no commercial interest in recommending one tool over another. The output is an honest assessment of where you stand and a clear plan for what to do next.

If you're relying on your IT support company for technology governance, you're not getting what you need. Not because they're failing you, but because you're asking them to do something that isn't their job. A Digital Governance Review fills that gap.