The Home for Bewildered Beasts of Legend¶

A cluttered but warmly lit office. Whiteboards covered in post-its, a tangle of cables, a dog asleep under the desk. Someone has written WHERE IS THE ASSET REGISTER in red marker and circled it three times.

Like many NGO’s, this organisation also runs on goodwill, donor data, and a patchwork of tools acquired over the years by people who meant well and moved on. There are integrations nobody fully understands, a CRM that predates three governance cycles, and a Microsoft 365 tenant configured by whoever was available at the time. The volunteers are enthusiastic. The budget is not.

The stakes are real: 200,000 members, donors and supporters whose data needs stewarding.

The goal here is not a checkbox. ISO 27001 exists and may eventually be relevant, but a freshly hired architect in a resource-constrained non-profit does not start there. The goal is to reduce actual risk for actual people and animals: the care workers, the volunteers, the 200,000 members and donors whose trust funds your mission.

Evidence for auditors accumulates as a side effect of doing the work properly. Purple crossroads mark where the work intersects with frameworks, but the motive is protection, not compliance theatre.