Major Gifts Officers, To Enter or Not Enter Data?

Major Gifts Officer works with prospective donors to obtain funds and coordinate stewardship, among many other tasks. When it comes to data, there are often two schools of thought regarding the Major Gifts Officer’s role in data entry.

  1. The Major Gifts Officer should only be able to view enough information in the Constituent Relationship Management (CRM) platform to do their job.
  2. The Major Gifts Officer should actively input the information when directly interacting with a donor.

We discuss the pros and cons of each option to help you decide whether to task your Major Gifts Officer with entering data or not.

Major Gifts Officer Granted Read-Only Access

Granting a Major Gifts Officer read-only access is the look, but don’t touch model. The idea behind this is that institutions don’t want to burden the Major Gifts Officer with this entry-level, tedious task.


Here’s what to consider.




The read-only access model keeps your gift officer focused on fundraisers and activities rather than data entry. Your gift officer is a highly-paid resource. Not requiring them to enter data is being fiscally responsible.


Major Gifts Officers are likely better suited to creating strategy, building relationships, connecting with donors and faculty, and identifying opportunities to support donors’ philanthropic vision and impact.




By only granting your Major Gifts Officer read-only access to your data, you are centralizing data entry to a particular group specifically trained and in continuous conversation about data quality. This group understands the nuances of the system and data entry and has a straightforward methodology to maintain usable and reliable data.


But they are staying up to date of this valuable information, but your Major Gifts Officer is not. The gift officer is in the middle of the stuff happening while it’s happening—they’re gaining information and know firsthand how the donor feels. Getting as much of that information into the CRM is critical.


If the Major Gifts Officer is not responsible for data entry, you need some way to get the information from them into the system. This transfer of knowledge requires a second step and resources to be able to process the data—that’s instant overhead. It’s purely duplicative work if the person takes the information the gift officer gave them and copies and pastes it into the system.


But what if it’s not a copy-and-paste situation? Maybe the person is required to interpret what the gift officer provided them. For example, information is miscoded and goes through another filter before inputting into the CRM. This scenario allows for information to be lost or misinterpreted—like the age-old game of telephone.


Another con is if the Major Gifts Officer never touches the system and is not responsible for data maintenance, do they really have any stake in data quality? If they aren’t responsible for data maintenance, they may view it as someone else’s job. This creates the wrong environment and culture.


Data is an institution’s greatest asset. It’s a downside for the Major Gifts Officer to be entirely removed. 

Major Gifts Officer Required to Enter Data

This model ensures that Major Gifts Officers are at the forefront of the CRM system, and the responsibility to enter data usually comes with a mandate from the Chief Philanthropy Officer.


Here’s what to consider.




When Major Gifts Officers are tasked with data entry, one notable pro is that the information entered comes directly from the source. The CRM system reflects what happened as close as you can get.


Another pro is the gift officer is interacting with the system—it’s not just view only—it’s a genuine interaction that offers a different perspective. Major Gifts Officers may be more inclined to notice errors and offer a more complete profile because they are involved in many interactions.


This level of interaction may motivate them to correct errors if the record is misaligned. For example, the gift officer might notice a donor’s address is outdated if they recently met at the donor’s house.




There is specific training involved in understanding the CRM system from a data entry perspective. And most institutions have additional procedures to maintain data quality. The added responsibility of extensive training sometimes becomes a hardship for Major Gifts Officers.


This issue becomes more complex as gift officers learn additional information they may want to capture in the CRM system. They start to accumulate a training burden, and given the nature of their job, they may be unable to fulfill it. Even with the best intentions, things start to go awry and have a cascading effect—data becomes less usable and reliable. There’s no denying it, data quality is impacted without proper training and understanding of processes and procedures.


Now that you’ve considered your options, both may sound bleak. Our recommendation is to consider a model that’s not either-or. Instead, establish a workflow where Major Gifts Officers enter data firsthand to eliminate duplicative work. If they don’t have entry privileges, determine how to document the information and task someone else with entry. Or consider using guardrails. Guardrails could be helpful tips while entering or validating information.


At the very least, have a formal review process before data is deemed final. A formal review process presents an opportunity to make the workflow prescriptive. This interactive method suggests double-checking existing information in the record for accuracy. And establish balance. This eliminates the trepidation Major Gifts Officers may experience and gets them involved in the CRM system. You need them to be a knowledgeable user for the advancement of CRM.

Streamlining Advancement Gift Operations with Next Level Automation

Gift operations processing is the backbone of fundraising. However, many institutions have a hefty volume of manual gift entry that requires many staff hours and much personnel power. Increasing your gift volume but simultaneously taking on operational overhead is not a winning combination. Not to mention, this back-office element prevents growth and hinders institutional strategies to grow and expand programs—it would just become an albatross. 


It is necessary to look toward technology and automate repetitive tasks to free up time for staff members. This enables you to upskill individuals and focus on high-level or mission-critical tasks. 


If it’s been six months or more after your Constituent Relationship Management (CRM) Go-Live and stabilization is done, it’s time to refine your toolset and streamline gift operations with next-level automation.


Here’s what to consider. 

Importing Gifts 

We’ve already established essential gifts can be a cumbersome to-do. But what happens if you’re receiving daily gift files from the lockbox of your caging vendor? In this scenario, your caging vendor is inputting data into their system, not yours, creating a file and sending it to you with your information. Caging vendors are best leveraged for straightforward data; complicated stuff doesn’t even get entered.  


Additionally, you may receive high-volume gifts from online platforms that automatically structure the information to convert it to a digital file. These digital files are usually separate from your CRM. 


Importing gifts in these ways require much time and effort to augment the integration process. When it comes to importing gifts, staff time should be reserved for evaluating exceptions with the goal to receive and handle information with as little human intervention as possible. 


Whether acquiring tools that use data and improve automation file cleanup, complete data transformation, or restructuring, streamlining your gift operations with next level automation helps your data flow into your CRM with minimal human intervention.

Leveraging Features 

If manual gift entry is necessary, look to the advancement CRM platform you’ve purchased to ensure you’re leveraging data entry automation features. Data entry automation features prevent errors, eliminate rework, and empower analytics.


For example, data entry automation templates focus user attention to required fields, preventing missed data points. Additionally, default values prevent the user from having to enter the same value repeatedly. 


Data entry automation features also help you better assess error rates. Error rates for gift operations are essential because they help you understand the time spent correcting gift errors. If your error rates are higher than expected, consider looking at your processes upstream, leveraging tools in your advancement CRM to prevent mistakes and reduce rework for gift entry. 


Digital Communications 

The world expects to receive digital responses instantaneously. For example, you purchase something and receive an email or text confirmation upon checkout. Your donors have similar expectations. If you’re not already, you should be using instantly triggered emails, receipts, and thank you notes to automate gift operations. This helps build a personalized strategy and engage donors.


But using automations also creates more data you can use to enhance your fundraising strategy. With automations, especially as they relate to digital communication, not only can you deliver information at scale, but you can assess how often it is opened, track clicks, and analyze trends to tailor future communication. This prevents your communications from becoming sterile, and if done well and strategically, increases your initiatives.

Gift Operations Documentation Integration 

As an institution, you must keep gift operations documentation for a designated period. Gift documentation is often maintained in another system or folder and disconnected from the advancement CRM. But automation can bring these two critical things together without requiring additional resources.


Automation as a holistic strategy = time-saving. If a question comes up about gift operations, but you’re in a different system, information may get lost and time waste. Time-saving is enhanced when everything is synced and at your fingertips.

Grateful Patient Fundraising Programs, Success and Compliance go Hand in Hand

A grateful patient program, sometimes called “Grateful Giving,” is a fundraising initiative that healthcare institutions use to cultivate relationships with patients whose lives have been positively affected by their providers and services. These fundraising programs allow patients to express their gratitude while simultaneously helping institutions.

Like all fundraising, a grateful patient fundraising program requires the following:

  • building relationships;
  • understanding donor affinity;
  • engaging donors; 
  • understanding the donor’s philanthropic vision; and
  • presenting opportunities to support your organization that align with the donor’s vision.

Meeting all the demands of these fundraising programs requires data. With a grateful patient fundraising program, data is regulated by the Health Insurance Portability and Accountability Act (HIPAA) and must be handled carefully. Compliance and success go hand in hand when it comes to a grateful patient fundraising program. Here’s what to consider.

Understand How Patient Can Be Used

Because there are so many rules and regulations regarding patient data, you must have a secure system in place for managing donor data for your grateful patient fundraising program.


You’ll want to use that data to create robust profiles and identify your top prospects for stewardship. Above all, patient information must remain private, and there are limitations to the data that you can obtain and share.


Federal, state, and local laws govern patient privacy, and institution policies regarding handling patient information may vary. Once you’re abreast of all privacy policies, create a plan to protect the data of both patients and their families. Here are some guidelines to remember.


Able to use without patient authorization:

  • Name, address, phone number, age, gender
  • Dates of health care provided, department of service, and treating physician can also be utilized.

Able to use, but requires a patient’s explicit authorization:

  • Specific health information like diagnoses, test results, and medications.
  • Sharing a patient story is especially important to your grateful patient fundraising program. All identifiable information must be removed unless the patient explicitly gives permission when using patient stories for fundraising.

All tools and processes to support your grateful patient fundraising program must comply with HIPAA requirements and best practices. Make sure you use HIPAA-compliant software and invite your compliance team to weigh in right from the start. Don’t forget these guidelines for opt-outs and data security. 



  • Fundraising materials should allow patients to opt out of future communication at any time.
  • If a patient has opted out of fundraising communications, no information can be used to contact them. Their opt-out status must be honored.

Data Security

  • Reasonable safeguards must be in place to protect unauthorized use or disclosure of protected health information.
  • Limit access to patient-specific data; only allow access for those who need it for job duties.

Partner with Your Compliance Officer

Too often, those in Advancement skip partnering with their Compliance Officer because it feels like an uphill battle. Those in Advancement might feel like compliance will never understand fundraising. We highly recommend avoiding this mindset. 


Instead, educate your Compliance Officer about fundraising and how it furthers the institution’s mission. Simultaneously illustrate that your goal is patient privacy and the safeguards you have implemented. 


Here are some essential ways to partner with your Compliance Officer:

  • Develop policies and procedures for safeguarding patient information.
  • Training
  • Establish periodic check-ins to share the team’s success in using patient data.
  • Review how everyone has collaborated to respect the patient’s privacy and secure the information.

If there has been a misstep or misuse of patient data, come clean, review the facts, and discuss what adjustments will be made to prevent it in the future.

Beyond HIPAA Training

Ensuring a successful, grateful patient fundraising program goes beyond standard HIPAA training—partner with your Compliance Officer to develop training specifically for your fundraisers and support staff.


This gives your fundraisers the tools they need for their best work and equips them with the knowledge to remain compliant.


Topics for training that go beyond HIPAA may include:

  • Do’s and Don’ts: WHAT IS and WHAT IS NOT appropriate use of patient data for fundraising?
  • How to properly obtain patient consent: Fundraisers need to know when and how to obtain a patient’s consent before using their information for fundraising purposes. This includes getting written authorization to use Protected Health Information (PHI) when required.
  • Opt-outs: How to make sure you adhere to and respect the patient’s wishes.
  • Tips for using data securely and appropriately.
  • How and when to encrypt emails.
  • Guidance for storing and controlling access to documents with patient information.


Now that you’ve learned some compliance how-tos for your grateful patient fundraising program, it’s time to get out there and kickstart your work. Your institution and community will be better for it!

Data Governance Committee, Best Practices for Your New Advancement CRM

In today’s data-driven world, organizations recognize the critical role of governance in managing and leveraging their data effectively. Effective data governance is essential to guarantee data quality, regulatory compliance, and enable better decision-making. 


By establishing a solid data governance framework, organizations can unlock the full potential of their data assets and drive success.


We discuss some how-to best practices for establishing a data governance committee for your new advancement Constituent Relationship Management (CRM) platform. 


Here are five tips to consider. 

What is a data governance committee? 

Data governance is managing the availability, usability, integrity, and security of the data in enterprise systems based on internal data standards and policies controlling data usage. 


The data governance committee is responsible for developing, implementing, and maintaining policies and procedures that guide how the organization’s data is handled, used, and shared. 


Effective data governance ensures that data is consistent and trustworthy and doesn’t get misused. Practicing good governance is increasingly critical as organizations face new data privacy regulations and rely more on analytics to optimize operations and empower decision-making. If you’re trying to establish a culture of data-driven decisions, you can only make good decisions if you have good data.

Tip 1: Establish the composition of the committee. 

Your data governance committee should be in effect at the launch of your CRM. Developing a robust data governance framework starts by establishing the composition of the committee. The committee should be cross-functional and include representation from multiple departments and stakeholders.


This is because people managing your data will view it differently than those who consume it, but both viewpoints are required for optimal data quality.


Additionally, consider various tenures of committee members. Involve permanent members and guests or ad hoc positions. The guest or ad hoc positions should represent a topic that may be specific to a data exchange in another system. And they should be familiar with a particular data governance question rather than stand-ins. 

Tip 2: Appoint a data governance committee chair and charter. 

Now that you’ve established the composition of your committee, you’ll need to appoint a data governance committee chair and charter. 


Data governance committee chair supports orderly decisions. This person leads productive discussions, reinforces guidelines, and aids the purpose of the committee. Having a data governance committee chair in place is even more critical regarding heated debates. The committee chair eliminates “round-table discussions” and maintain functionality despite disagreements. 


Data governance committee charter formalizes documents, defines your strategy, and outlines roles. They also decide how the members should work together to meet goals. For example, the charter sets goals and metrics for data quality.

Tip 3: Develop a data governance training program.

Don’t assume everyone—regardless of their participation in the committee—knows and understands data governance. Develop a training program and deliver it equality. 


For those on the data governance committee, training eliminates confusion and synchronizes information. 


For those who are not on the committee, training eliminates any fears of “missing out.” Additionally, training creates transparency and empowers them to bring issues to the data governance committee.

Tip 4: Identify a communication plan.

The data governance committee needs an overall communication plan that acts as a public relations campaign. The communication plan should clearly identify metrics.

  • What are the metrics that are resulting from this data governance strategy and committee being in place? 
  • Are there improvements being made?
  • What spheres of excellence have come about for data governance strategy and commitments? 

The data governance committee may not be the most popular people in the organization, so you must maintain metrics and communicate how these efforts are pushing the institution in a positive direction. 

Tip 5: Provide resources for the data governance committee.

While the data governance committee will make recommendations, discuss challenging issues, and help the institution move forward, they can’t be successful without a supportive infrastructure. One of the critical components of the infrastructure is having data governance security policies and guidelines. 


The data governance committee will turn to executive leadership to support and approve these guidelines. And executive leaderships should be willing to have ongoing and interactive discussions. If the committee can’t lean toward executive leadership to enact change, they’ll be stuck in a perpetual cycle reviewing the same situation repeatedly. You don’t want to make them the enemy, but you do want them to be the think tank advisory board on data quality and management.

Streamline Your Advancement CRM Implementation with a Data Assessment


Introducing a Constituent Relationship Management (CRM) into your institution’s operations boasts features like workflow automation, data integration, and Artificial Intelligence (AI)-driven insights. But these things can only be fully realized with the proper data foundation.


The importance of laying an appropriate groundwork for your data during a CRM implementation cannot be overstated. By ensuring the data’s integrity and readiness, you unlock the complete potential of your advancement CRM.


We discuss how a data assessment impacts the success rate of your CRM implementation. 

What is a data assessment?  

There are many expectations regarding your new advancement CRM. Institutions often expect it to perform leaps and bounds over their legacy system. In many cases, it can, but not if incorrect or outdated data is transferred from the legacy system. In this case, the frustrations experienced in the legacy system will follow you to your new CRM.


A data assessment prevents the letdown and helps you realize the benefits of your new advancement CRM. At its core, a data assessment is a data inventory—accounting for valuable information in your legacy system (or a miscellaneous spreadsheet) and creating a strategy for integrating it into the CRM. 


Completing a comprehensive data assessment is a tailored strategy specifically designed to maximize the benefits of your CRM application. Central to its purpose, the CRM aims to enhance the engagement of constituents, amplify fundraising efforts, and refine the lines of communication across various stakeholders. 


When you conduct a data assessment, you engage in a rigorous identification process of all data sources and systems linked to your operations. This thorough examination establishes a well-defined strategy for archiving and purging, ensuring only the most relevant and recent data is chosen for the conversion process.

Data Privacy and Security 

With the ever-increasing importance of safeguarding personal and sensitive information, a data privacy and security assessment pinpoints data components that require elevated attention due to their security and privacy implications. 


By identifying and documenting data privacy and security, you can highlight special considerations in the overall data conversion strategy. This ensures vital aspects of your data are treated with the utmost care and expertise—allowing you to design and configure your new advancement CRM application. 


Additionally, your data remains secure with only the appropriate people having access. 

Data Cleansing and Standardization 

Everyone knows insufficient or incomplete data exists in your legacy systems. And the question remains, “Should we clean up the data or leave it behind?” Whatever you choose, establishing an action plan for the cleanup process is necessary. 


Data cleansing prevents bad data from being transferred. It also ensures your new data meets expectations for decision-making and becomes a foundation for good data to build on.


Recognizing the intricacies of data structures can be challenging. A data assessment first evaluates duplicate constituent records. Then, a data assessment analyzes reference tables for core data to ensure consistency and relevance. 


Identifying orphaned or missing relationships between core data tables and correcting misaligned dates ensures chronological coherence. This detailed examination identifies and recommends proactive solutions to counteract conversion challenges—significantly increasing your data conversion process’s precision and success rate.


A typical timeline during a data assessment might include:

  • Month 1: Data inventory
  • Month 2: Data private and security assessment 
  • Month 3: Data cleansing and standardization assessment 
  • Month 4: Data cleanup and check-in
  • Month 5: Data cleanup and check-in

Partnering with Precision Partners for a data assessment means investing in a streamlined operation, committing to accurate and secure data (especially the most sensitive components), and driving your advancement department’s mission with unparalleled trust and efficacy. 


You can expect the following outcomes when you partner with us for a data assessment:

  • Optimized data foundation for AI.
  • Decrease budget and schedule risks.
  • Increase trust and user adoption.
  • Increased return on investment (ROI).

Engaging Millennials, Developing an Effective Advancement Strategy


Advancement departments may consider Baby Boomers and Generation X as the most likely to contribute when it comes to donor relations and securing donations. The Millennial generation accounts for 21.67% of the population as opposed to Baby Boomers (20.58%) and Generation X (19.61%), according to a 2023 Statista report.


Millennials are quickly growing in buying power. According to two U.S. studies, Millennial spending is just over $65 billion. You’re missing valuable opportunities if you’re not engaging millennials as a viable donor base.


But Millennials have different expectations for donor engagement. 


Historically, data strategy around advancement focuses on the information collected and how it’s used. When considering a traditional data strategy perspective, advancement departments emphasize data maintenance and contact information. This strategy is all about getting accurate contact information to send direct mail or phone numbers to converse—aiming to grow their allegiance or affinity to the organization.


Organizations need to rethink their advancement strategy for millennials. Precisely, one that includes having digital communication at the forefront. 


Here’s how to develop an effective advancement strategy that engages millennials.

Understand How Millennials Differ

Millennials are interested in something other than receiving direct mail or getting caught on the phone. To them, those are outdated approaches. Creating a strategy in the digital communication space is essential, specifically on social media.


Choose the social media platform carefully because the platform you use will impact their willingness to donate. Identify how you can leverage your existing platforms to engage millennials. Is it necessary to acquire another? Or can you add something to complement your strategy? 


For example, in eCommerce, omnichannel shopping allows customers to shop in-store, online, and via mobile. Use a similar methodology for your advancement strategy to offer a complete donation approach.


Here are some other ways Millennials differ from other generations.

  • Impact: Millennials want to know their gifts will make a difference.
  • Influence: This cohort is primarily influenced by their network including peers, family, and friends.
  • Efficiency: Millennials value speed and efficiency. You must capture their gift quickly and easily—if you don’t, it may never happen.
  • Authenticity: They are not impressed by a nonprofit with a well-established brand or respected name; it’s all about the cause and whether it speaks to them authentically.
  • Flexibility: Millennials expect omnichannel donation options, including online (social media, text message) and offline options. 

Develop a Data Strategy

The traditional approach regarding data strategy around networks and relationships for a particular donor focuses on finding the six degrees of separation. The six degrees of separation is the idea that all people are six or fewer social connections away from each other. As a result, a chain of “friend of a friend” statements can be made to connect any two people in a maximum of six steps. It is also known as the six handshakes rule.


The new approach for data strategy includes collecting information about networks and relationships and provides opportunities for group engagement. For example, a group engagement that consists of volunteer opportunities. If you can get one person on board, it is likely you’ll have the rest of the group because millennials are influenced by their peers.


Another aspect of data strategy, from a networking perspective, is to review what social activism groups millennials participate in. Prioritize collecting information about what is important to them. This inspires engagement opportunities and segments accordingly.

Refocus Stewardship 

Donor stewardship is the relationship-building process that occurs after a donor makes a gift. The main purpose of stewarding your donors is to inspire them to give again. Creating a connection with your donors will make them feel loyal to your nonprofit. And this, in turn, will help your future fundraising efforts.


The underlying element of stewardship is to show the donor their gift is appreciated and communicate the impact of their support. The traditional approach does this but focuses on general acknowledgement. 


For example, organizations say thank you with a general acknowledgment of the gift’s impact—i.e., your contribution helped us raise $2 million for gymnasium renovations—statistics may be provided to further the case.


But generalizing stewardship eliminates opportunities to engage Millennials and makes it feel less authentic.


A better approach to stewardship includes “we,” effectively bringing the Millennial donor into the fold. Showcasing we empowers Millennials to want to be a part of something that makes a difference. If you choose to include statistics, supplement with a real-life story that Millennial donors could potentially see themselves in. Statistics are great, but they don’t have as much impact as sharing a personal story.




Statista Report:

Millennial Spending Statistics: 

Data Quality, We Are All in This Together


Creating a robust data quality framework is essential to ensure that your Constituent Relationship Management (CRM) implementation remains a powerful tool for your organization. 


But in some cases, stakeholders and users in advancement may be less inclined to trust the data in the system—especially during the beginning stages of your CRM implementation. 


Stakeholders and users may think, “Not much will change after implementing the new advancement CRM because there’s already a divide.” Or “Data quality is someone else’s job.”


But that’s not true. 


There must be a shift in the mindset and organizational culture regarding data quality. Ensuring quality data is the responsibility of every person within advancement. Here’s why. 

Data Literacy 

Data literacy is viewing, working with, analyzing, and communicating the data in your advancement CRM. 


The quality of your CRM data is only as good as the people entering it. Increase data literacy through ongoing training. 

  • Educate users about the importance of data quality. 
  • Provide training resources to help users understand how to enter data accurately and consistently. 
  • Encourage users to check their work and promptly report errors they encounter. 
  • Reward employees who demonstrate exceptional commitment to maintaining high-quality data.

Data Maintenance 

Defined as the task and process to keep data reliable and updated, data maintenance includes data security, processes, and procedures. And like data literacy, data maintenance is everyone’s responsibility—whether you have security access to enter or update data or only view it. 


Your advancement team and CRM users must have a solid understanding of data maintenance processes, including data entry guidelines, validation checks, data cleansing routines, and monitoring mechanisms to improve data quality. 


When it comes to data maintenance, stakeholders and users should be able to:

  • accurately input required information into the advancement CRM; 
  • eliminate outside silo databases like Microsoft Excel spreadsheets; and
  • maintain safety.

Consider creating one if your organization still needs a data safety statement. A data safety statement is a working document illustrating how users ensure data remains safe, including security, confidentiality, and privacy rules.


For example, a safety statement may include verbiage that if users find incorrect data in the advancement CRM, they intend to take the responsibility to report it and make sure it gets corrected—not just ignored or left for someone else. 

Data Stewardship 

Data stewardship is the collection of practices that ensure data is accessible, usable, safe, and trusted. Once again, like data literacy and maintenance, every individual within advancement should see themselves as a data steward. It is not solely one person’s job. 


Good data stewardship includes:

  • managing existing CRM system or overseeing the implementation of a new system;
  • verifying that system users are adequately trained;
  • monitoring users’ entries to prevent inaccurate data from entering the CRM system;
  • standardizing information and eliminating discrepancies;
  • resolving problems like duplicate or incomplete data;
  • running and checking reports for data accuracy;
  • understanding the organization’s workflow processes and identifying opportunities for automation; and
  • maintaining control of the CRM system as more data is collected and entered.

Effective (and collaborative) data literacy, maintenance, and stewardship enable the CRM system to produce reliable data your organization trusts.

Three Tips to Optimize Your CRM Data Validation Sprint


Data Validation is a set of capabilities that leverages your Constituent Relationship Management (CRM) integration. A “data validation sprint,” from an agile methodology standpoint, is a set period of doing specific work that must be completed and reviewed at the end. A data validation sprint aims to build a series of experiments that will confirm or reject the assumptions made about your CRM.


There are plenty of reasons for running a data validation sprint, but here are just a few of the most important ones:

  • data-driven validation on your early-stage CRM project;
  • identify and list your most critical assumptions;
  • validate or invalidate these assumptions;
  • gather useful information about your potential donors; and
  • finalize in a way that is fast, lean, and efficient.


As you plan and prepare for your CRM data validation sprint, here are three tips to maximize and optimize the process. 

Communicate early and often.

Regarding your CRM implementation, communication is always vital—your data validation sprint is no exception. Communicate with those completing the validation, and your subject matter experts (SMEs) assigned the task of data validation early and often. The earlier you communicate and the frequency, the better the outcome. 


Focus on simple things like notification of orientation dates. Let users know what’s coming—give notice ahead of dates and communicate the time commitment. Clearly articulating the time required helps users properly allocate time to complete the validation. 


Allowing your team to prepare appropriately, impacts the results of your data validation—most often positively.  Additionally, preparation prevents the “last-minute scramble,” decreasing the likeliness of overwhelming feelings of your CRM team.

Offer support and resources.  

Support SMEs and provide appropriate resources to achieve and optimize results. Whether it’s simple system navigation or offering clarity about CRM project expectations, make a support person available to help. 


For example, at Precision Partners, we offer planned times throughout the data validation sprint to provide clarity, direction, and IT troubleshooting support, alleviating the need for users to visit their IT departments. 


One fairly easy way to support SMEs is to hold office hours. The project team should make themselves readily available during this sprint. Office hours allow SMEs to ask questions or troubleshoot an issue or problem with their assigned data validation. 

Develop and maintain a resource repository.  

For each data validation sprint, maintain a resource repository specific to the subject matter at hand. A repository or center of excellence is where users can go for support. 


As you build the resource repository, create decision logs specific to the subject matter. The decision log should include any tool or resource that provides clarification or information that could be helpful. Keep your decision log up to date, relevant to the subject matter at hand for the sprint, and easily accessible. 


For example, SMEs are tasked with data validation, and the repository equips them with the resources to identify and support them with how to do it. The repository would provide the following: 

  • where to find information;
  • what tools are available;
  • what tools are appropriate for what purpose; and
  • videos about how to use them.


Consolidate where you access the repository information, making it easy and efficient. Create something users can bookmark whether through their email or in an internet browser. This prevents the hassle of sifting through various links or resources, instead offering all the tools they may need to complete the data validation sprint or work requirements.

Enterprise Data Management and the Importance to Institutional Advancement Operations


In the age of so much information and the ability to collect data at different touch points, an entire methodology has emerged: enterprise data management (EDM.) EDM is the ability of an organization to precisely define, easily integrate, and effectively retrieve data for both internal applications and external communication. In addition, it focuses on the creation of accurate, consistent, and transparent content. 


Previously, each department was responsible for managing its own data. This process has shifted to a collaborative approach. Specifically examining how the data collected by different departments can be pulled together to better serve the institution. (Concepts like the 360-degree customer view were born out of that.) 


What is the single version of truth about specific data points?


From an EDM perspective, it has traditionally been led by the information technology (IT) department. However, in some instances, IT may be specialized and have a data management division and the ability to reach out to the competency departments. 


For example, hospital IT reaches out to the clinical area to get feedback; a university reaches out to the student information management department (or the marketing department) for feedback. Both scenarios have a central IT department, and likely big data consumers. But the downside is this often isolates advancement operations.


Institutional advancement’s primary goal is to extend the message through outreach, fundraising, marketing, or publicity. They are also tasked with establishing long-lasting relationships with donors, promoting the institution, and building financial resources to support ongoing programs and operations. 


When it comes to enterprise data management, they’re often forget about—but they shouldn’t be. Here’s why. 


Quality Data Improves Processes 

Data is only valuable when it is accurate, relevant, and reliable. Advancement departments often work to build relationships based on interactions that may be initiated because of data.


But if your data is low-quality, a considerable chunk of your revenue is spent on the dedicated staff hired to cope with it. They could instead be focusing on value-add processes like building relationships or raising vital funds for your organization.


Data Provides Donor Insights 

Leveraging the potential of data analytics, advancement team members can quickly identify prospective donors and optimize the fundraising process.


For example, in a hospital, an address to patient billing is essential so they can send the bill and receive payment. When it comes to advancement, an address helps them contact prospective donors and identify wealth.


Data Supports Relationship Building

Advancement teams are on the front line with donors and supporters, and data empowers a meaningful way to build relationships.


For example, a fundraiser is interacting with a donor or supporter, and they mention their spouse who happens to be deceased because they are unaware. This creates a considerable embarrassment for the fundraiser, offends the donor or supporter, and creates an overall uncomfortable situation. 


Another scenario might be a fundraiser sends mail or an invoice to the wrong address that then gets returned to the sender. This is a missed opportunity to engage prospective donors, but also makes your organization look incompetent. Both scenarios could be avoided with the use of enterprise data management. 


Simply put, enterprise data management is essential for institutional advancement. It creates a standard and streamlined system for advancement departments to locate, access, control, store, and secure their data. 

Data Mart vs. a Data Warehouse: What’s the Difference?

Too often in advancement, a data mart and a data warehouse are used as interchanged terms. But they are, in fact, two very different things.


Here’s the difference between a data mart and data warehouse and best use scenarios for your advancement needs.


Data Mart

A data mart is a curated subset of data often generated for analytics and business intelligence users—typically limited to holding warehouse data for a single purpose, such as serving the needs of a single line of business or company department. Data marts are often created as a repository of pertinent information for a subgroup of workers or a particular use case.


Data marts are a subset of a data warehouse. Organizations may use data marts to provide user access to those who cannot otherwise access data. Data marts may also be less expensive for storage and faster for analysis, given their smaller and specialized designs.


Other significant differences between a data mart and a data warehouse include the size, range, and sources.


  • Size: Data marts are typically less than 100 GB, whereas a data warehouse is typically larger than 100 GB and often a terabyte or more.
  • Range: Data marts are limited to a single focus for one line of business, whereas a data warehouse is typically enterprise-wide and ranges across multiple areas.
  • Sources: Data marts include data from just a few sources, whereas a data warehouse stores data from multiple sources.


In the context of your advancement CRM, a data mart is beneficial for creating a suite of reports—either from a daily operational standpoint or issues that may require information you need to make decisions. In addition, these reports enable you to see your progress or implement a course correction if needed.


Another case where you may want to leverage a data mart is to maintain “supplemental information.” Supplemental information may include a report you use on an infrequent basis. You can use your data mart to create a table or a couple of tables to house supplementary information to leverage reports that you can refer to once or twice a year.


This is beneficial because you may not want to build something special in your advancement CRM to hold the report because you use it infrequently.


Another use for a data mart may be to store what’s considered “frozen data”–a snapshot in time of your transactional data. Data marts enable you to store those exact numbers and easily reference when needed.


For example, you created a Voluntary Support of Education (VSE) report. Each year, you reported specific numbers to an external entity on how your institution was doing. But your transactional system is constantly changing.


This is because new data is being input and updated daily in the CRM application. If you were questioned on a previous fundraising year, would you be able to back it up? You may get the same data if you run the report out of your current application in your advancement CRM. The “frozen data” that was stored is needed to be a reference. A data mart enables you to maintain those transactions and tag them appropriately.


Software Platforms for Data Marts

When it comes to which software platform to use for a data mart, you should select the one that best aligns with your advancement CRM. Avoid using multiple vendors, as this creates confusion.


For example, you have one vendor for your advancement CRM and one for your data mart, and they don’t get along. But you need the transition of information from your advancement CRM to your data mart to be seamless.


Opt to use something from the same software vendor or choose another platform that has a very close partnership with the software vendor of your advancement CRM.


From a usability perspective, you want something user-friendly. On the other hand, you don’t want an overly technical solution for your data. This is because the audience for your data mart may be tech-savvy, but they’re not programmers, and they shouldn’t have to be. So instead, select something for more of an analyst-level ability to interact with the data mart. Save your heavy technical resources for something else.


Data Warehouse

A data warehouse is a relational database designed for analytical rather than transactional work, capable of processing and transforming data sets from multiple sources. It draws in data from disparate systems, taking on more of an enterprise view of data.


Data warehouses receive information across your organization. This is not fundraising or advancement specific; the data warehouse should be feeding information from all areas of your organization. Best usages for a data warehouse include:


  • Healthcare: A data warehouse combines information from advancement with a patient information system.
  • Higher Education: A data warehouse combines information from an advancement CRM with a student information system like the registrar’s office.


Software Platforms for Data Warehouses

Now is the time to leverage your central information technology (IT) resources. When it comes to the software platforms for your data warehouses, you want the combined support of the IT resources or expertise of individuals for the other systems.


For example, your experts in your advancement area are usually not the same as those in your patient area. So instead, use your central IT who has colleagues and expertise in all these different systems—that’s whom you want working on your data warehouse projects.


Select a platform they know best and can manage the data from these different systems. For example, your data mart needs to communicate well with your advancement CRM, but your data warehouse needs flexibility with many other systems.


Slow and overloaded data warehouses are often the underlying reason for creating data marts and frequently serve as their underlying data source. Often, as data volumes and analytics use cases increase, organizations cannot fill all analytics use cases without degrading the performance of their data warehouse, so they export a subset of data to the mart for analytics.

Data Validation Is a Critical Step in The CRM Process: Here’s What to Consider


Data validation is a critical step in your Constituent Relationship Management (CRM) implementation project. For the best results, you must get out of thinking that anything having to do with data conversion is a technical task or an activity that only requires the involvement of the technical team members.


Instead, consider using your Subject Matter Experts (SMEs). Using your SMEs in the advancement CRM implementation project adds value because they live and breathe the data daily. Of course, there are technical components and things the technical team will do, but for the best results, you must combine that with your SMEs.


Here’s how you can get your SMEs involved in the data validation process.


Step One: Establish a Framework

Establish the framework for how to involve regular business users in the process. Ensure the data validation compares what’s in your legacy system and your new advancement CRM.


  • Is the data there?
  • Did it land in the right place in your new advancement CRM?


As you evaluate the data accuracy, consider things like proper orientations, instructions, and available preparations for navigating to where the data lives in the legacy system.


Specifically, helping your business users to navigate the data’s “new home” in the advancement CRM. Navigation is vital because if you compare data and involve the business users, they must know how to navigate. Otherwise, they’re at a loss.


Step Two: Create a Validation Checklist

Involving your business users in the data validation process requires clear instructions on how they can (and should) participate. In many cases, decisions may have either changed it or left data behind when it moved from the old system to the new one.


From the business users’ perspective, they’re working within the system daily and may find themselves exploring beyond the project outline. While their input is valuable, you don’t want them to get lost in their exploration. To help deter this, create a validation checklist that outlines the minimum requirements they should perform that will be critical in giving feedback to your CRM project.


For example, create a list of 15-20 items of minimum requirements that must be met from an assignment perspective. Once those requirements are completed, then you can encourage further exploration. This helps your CRM project stay on track without losing sight of priority validation items that need to be completed.


The data validation checklist is one way to balance tasks getting done to move the project forward versus encouraging curiosity during a project.


Step Three: Determine the Records to Test

There are pockets of populations within your advancement CRM that have more data or are more prominent individuals and organizations that you need to pay attention to as you complete your data validation.


For example, if something went wrong with your VIP list in the legacy system—that would be very noticeable—and should be a part of the group of records you will test in the new advancement CRM.


Deciding what records are the most valuable to test requires prioritization. Consider these lists as you plan what to prioritize.


  • VIPs
  • Board members
  • Trustees
  • Major donors
  • Organizational partnerships
  • Foundations


Be thoughtful about building the test record population, as this is a necessary step toward effective data validation.


Step Four: Generate Guidelines for Reports

The final step toward involving your SMEs in the data validation process is to generate a particular framework on how they can report results. Your SMEs are a population of users that don’t do this regularly—these aren’t your technical team members who understand the testing methodology. Therefore, you must provide an easy-to-follow framework and instructions for how to report results, so you get meaningful information.


Having clear reporting strategies also helps to eliminate the back-and-forth communication or vague generalizations like, “This didn’t work.” Instead, generate guidelines for how users can report challenges. For example, include prompts to help identify specific issues and an explanation of the problem, “Which test record were you on and what happened?”


Encourage screenshots and videos so they can share what they experienced most efficiently.


Data validation provides accuracy, clearness, and completeness to your new advancement CRM dataset—avoiding errors and ensuring data is not corrupted. While data validation can be performed by your technical team, involving your SMEs adds significant value and enhances your CRM project.

Stronger Data Security for Cloud Vendors Becomes Standardized


Cloud technologies are becoming a significant investment for organizations of all sizes. Cloud computing increases efficiency, helps improve cash flow, and offers many more benefits. You’re likely aware of how beneficial cloud technology can be if you’ve recently purchased (or considering) a new advancement Constituent Relationship Management (CRM). This is because many of today’s advancement CRM options are cloud-based vendors.


How does cloud based technologies affect data security?


Data security has become more prevalent, especially for the advancement community. Choosing a cloud vendor with robust data security standards are vital. This is because CRM data security management is critical to creating and maintaining an effective CRM system.


Until recently, data security standards have only been consistently applied to companies that contract with the federal government. But many states have now taken notice of the importance of data security standards. Here’s what to consider.


Cybersecurity Laws

Texas Gov. Greg Abbott recently signed a cybersecurity law that will implement several new programs at the state’s Department of Information Resources, including a cloud-security certification system modeled on a longstanding federal program.


Under the new law, Texas will create a rubric for verifying that the cloud services that state agencies and higher-education institutions contract with meet specific data-security standards. The program went into effect in January 2022 and is modeled after the Federal Risk and Authorization Management Program (FedRAMP), which grades the security of federal vendors.


Other states are taking similar initiatives to enact data-security standards—namely Michigan and Ohio, with many others likely to follow suit.


U.S. Senator Gary Peters (Michigan), Chairman of Homeland Security and Governmental Affairs, announced he had introduced bipartisan legislation to update and make permanent the FedRAMP program to ensure federal agencies can quickly and securely adopt cloud-based technologies that improve government operations and efficiency. In addition, the bill will make FedRAMP more accountable to the American people and create private-sector jobs in companies that provide cloud services.


In a November 2021 press release, Senator Peters said, “This important bipartisan bill will ensure that agencies can procure cloud-based technology quickly while ensuring these systems—and the information they store—is secure. It will also help companies that provide these technologies grow and create jobs and incentivize them to provide innovative products to bolster our nation’s competitiveness in this space.”


FedRAMP and StateRAMP

FedRAMP provides a standardized approach to security authorizations for cloud service offerings. This standard empowers agencies to use modern cloud technologies, emphasizing security and protection of federal information—helping to accelerate the adoption of secure cloud solutions.


It consists of two primary entities: the Joint Authorization Board (JAB) and the Program Management Office (PMO). Members of the JAB include the chief information officers (CIOs) from the Department of Defense, Homeland Security, and General Services Administration. The JAB serves as the primary governance and decision-making body for FedRAMP.


FedRAMP has defined the responsibilities of federal agencies since 2012—when cloud technologies began to replace outdated tethered software solutions—to ensure cloud-based information technology is used appropriately. FedRAMP was born from the U.S. government’s “Cloud First” strategy. That strategy required agencies to look at cloud-based solutions as a first choice.


Getting FedRAMP authorization was (and is) no easy task. The level of security required is mandated by law. There are 14 applicable laws and regulations and 19 standards and guidance documents. It’s one of the most rigorous software-as-a-service certifications in the world.


All cloud services holding federal data require FedRAMP authorization.


StateRAMP is a nonprofit organization that launched in early 2021 with the intention to promote cybersecurity best practices through education, advocacy, and policy development to support members and improve cybersecurity.


StateRAMP is designed as a shared service for government and a streamlined service for suppliers who can verify their products one time and reuse that certification with each government agency they serve.

Preparing for Data Validation During Your Advancement CRM Implementation


Data validation checks the accuracy and quality of data before importing and processing during your advancement Constituent Relationship Management (CRM) implementation. Validating the accuracy, clarity, and data details are necessary to mitigate any project defects.


Without validation, you run the risk of using inaccurate data.


Additionally, having accurate data is an important step toward user adoption. If users cannot trust the data in the CRM, they may resist adoption of your new CRM. This is especially true if the promise of having accurate and reliable data is made as part of implementing a new CRM. Having reliable data is often a main motivation for doing a CRM project—and often one of the project goals.


Data validation is a form of data cleansing. It can be one of those things that can be a grueling process, but your institution must do it.


Here’s how you can prepare for data validation during your advancement CRM implementation.

Determine Your Data Validation Team

Having the right people as part of your CRM validation team is as important as conducting the data validation itself. Team members selected to validate data should be experienced in your new and old systems and keenly aware of the existing data.


When choosing who should be on your data validation team, engage users who are:


  • familiar with the data in your legacy system;
  • proficient in the new system and have participated in the CRM project;
  • expert navigators of your legacy system but also your new CRM system; and
  • known for their attention to detail.

Common Mistakes to Avoid

One of the most common mistakes organizations make during CRM data validation is assigning new staff members because they are available. Organizations may also try to hire temporary staff with the idea that getting more people to assist with the data validation is beneficial. In these scenarios, these individuals may essentially follow instructions, simply comparing the old system against the new. This will result in a limited ability to discern more nuanced issues, and more profound problems won’t be recognized because they are not familiar with the data.


Data validation is not a task for a newbie. Instead, the data validation team needs individuals with many years of institutional history and knowledge to effectively assess data and change the data quality.


Another common mistake organizations often make when it comes to data validation is they don’t define the effort. You could ultimately spend years on the tasks associated with data validation. Unfortunately, you don’t have that kind of time. Instead, define the goals and the amount of time your data validation team should have it completed.


For example, “X data needs reviewed and should be completed in two weeks.”


Institutions also forget to identify focus areas and assign tasks to specific team members.


Be explicit and intentional when identifying a focus and assigning tasks—only assigning the data validation to the folks who have willingly committed their time. Give detailed assignments with clear identifiers. This helps everyone fully understand how much work they need to achieve and guidelines, so they know when they’re “done.”


An example of identifying focus and assigning tasks includes, “we’re focusing on X area; here are your assignments that need to be completed in X weeks.”

How should we approach data validation?

There is a healthy amount of rigor to the process of data validation. “Looking” into the system is not appropriate data validation. Before beginning with your CRM implementation data validation, establish a set (or sets) of test data that can be validated during this process.


First, set a collection of test records—like board members, trustees, and major donors. Be intentional about the collection of data you’re validating.


Then, develop test cases or use scenarios. Outline what the user should be testing. Be very clear on what is considered success versus failure—it shouldn’t be a mystery to them. Your data validation team should have a deep understanding so they can look at the records and compare them. Once you’ve gathered all this information, assign a score of a pass, or fail—which should also be documented.


Finally, prioritize what you’re testing. At the outset, you might think you want all your data to be validated, but you usually don’t have enough people or time to do so. Instead, rank the data validation assignments in order of importance. This way if you run out of time to complete all your data validation, you’ve already completed your most important test cases.

Will a New Advancement CRM System Really Make a Difference?


A new Constituent Relationship Management (CRM) system can propel your fundraising efforts to new levels. But do you really need a new system?


A CRM is a hub for all donor-centric activities, and solutions exist for every organization regardless of size. With the right CRM, your institution can deliver timely, automated, targeted communications to donors to personalize the donation journey.


Leveraging new technology can help your development office stay competitive. But unless you first define your organizational goals and needs, it’s difficult to understand how any new technology meets those needs and achieves those goals. Especially when data quality is in question.


One of the first things organizations do when experiencing poor data quality, is start looking for a new CRM. But implementing new technology will not always solve the problems departments face with obtaining clean and accurate data.


A new CRM system may not be the answer to your problem, especially if your processes and procedures are the cause for your poor data. Your poor data quality will continue to be ineffective in a new system if you don’t correct procedures to ensure the current system is being fully optimized.


Can your organization relate to any of these common complaints when it comes to data quality and your CRM?


  • Teams are spending time and resources performing quality assurance and data cleanup, but these efforts are not focused on the most important to the users.
  • The CRM system includes a massive amount of data, but there aren’t enough resources to make a noticeable impact on donor-based efforts.
  • The information teams receive (either from the system or reports) is often misinterpreted by the users, making it ineffective.
  • Data is pulled from several resources, but there are no measures to interface the data, resulting in poor quality.
  • There is a lack of metrics and ongoing user education of the CRM system. As a result, users do not understand their responsibilities, the importance of data quality, and their role in the quality of that data.


If your organization can relate to any of these common complaints, it may benefit you to look internally and implement the following tactics before undergoing a new CRM implementation.


Perform a Data Quality Assessment

Your first task should be to assess the quality of the overall data your users are receiving. By using a quality data prioritization method, gauging the data usage and impact, you can obtain a quality rating. This also helps you determine the factors that increase or decrease that quality rating.


Incorporate Stakeholders

By identifying management stakeholders and stakeholders in different departments, you gain sponsorship of the data quality. This also helps to stress the importance of accurate data to the users responsible for the quality.


Establish a Strategic Data management Program

A comprehensive strategic data management program that reviews the overall quality of your data should:


  • evaluate if business definitions are standardized and comprehensive;
  • identify sources of data and the reliability of that data at each level of the process;
  • distinguish data entry workflows and determine which are susceptible to errors; and
  • review quality assurance procedures and determine if they are aligned with the highest priorities.


Consider these other measures that ensure you are obtaining the best data.


  • Use automated tools and routines to clean up your data.
  • Prioritize data cleanup at the user level.
  • Define a “master record” to ensure current data is used and duplicate information is eliminated—especially when integrating data from multiple resources.
  • Create reports that monitor the data quality.
  • Hold regular meetings with stakeholders to ensure the data meets quality expectations.
  • Illustrate how the quality of the data directly affects user efforts—stressing the importance of ownership of data at the user level.


After implementing these systems, you may find that you don’t need new CRM technology—alternatively, optimizing what you already have. High-quality data is the lifeblood of your fundraising initiatives. Every effort should be made to obtain quality data and fully use your CRM system.

Updating Your Legacy Database Documentation, What Are the Benefits?

You’ve decided to move your Constituent Relationship Management (CRM) system. You’re hoping for a clean break from your legacy system—the current system you’re on when you’ve decided to move on to a new software. However, you realize the transition will provide better data and ease of use once it’s finally up and running.

In the meantime, you might be considering if it’s worth updating your legacy database documentation. Doing so takes time and money, and you’re left wondering if it’s worth it.


Here’s a brief overview of how updating your legacy database documentation benefits your new CRM implementation.

Legacy System Review

Legacy systems are often based on an in-house client-server model. The database is running on a SQL Server or Oracle. There are Windows-specific applications. Users can access the system using a locally installed desktop client. Remote access is available through a Virtual Private Network (VPN) login and a Citrix remote desktop session.


The legacy system can also refer to an early generation, browser-based system. Compared to the previous category of legacy systems, the browser-based version may be easier to use and maintain. But they are not continually optimized to run on newer browser versions, subsequently relying on outdated versions to run smoothly.


But the question remains—do your legacy documents need to be addressed before transitioning your CRM solution?


In most cases, your legacy database either has little or outdated documentation. There is a standard argument that, if you’re leaving the system, why invest time and effort in bringing documents up to speed. Updating your documentation is not a waste of time and money. These critical elements will save your CRM project.

Misunderstood Processes

The original documents institutions have on hand about their legacy system are usually how the program was intended to be used. But business processes don’t always remain consistent as new users or institutional needs change.


For example, your users may have tried to establish business rules to accommodate a particular report. Many times, these workarounds to fill functional gaps in your legacy system can convolute your new CRM implementation.


It is beneficial to review the documentation on how your system was used and compare it to established business rules. Review the fields you’ve proposed, the areas the vendor set to use for one, and how it captured information—all that information matters and will be worth the investment.

Weird Data

The second thing to consider regarding your legacy database documentation is weird or strange data. When reviewing imported data, oftentimes the data doesn’t match what you expected to find. This could be a result of a requirement that wasn’t met by the system, and your users got creative. Many times, users find a way to use the system to get the information they want and need, and it doesn’t always align with your initial business processes.


If you don’t get to the bottom of the weird data in your legacy system database before the transition of your CRM application, the same thing will happen in your new system.


The top benefit of a new CRM implementation is the quality data. But if you transfer insufficient data into your new system and don’t have any documentation or understand where the guidelines exist, you’ll get good data from bad statistics.


Updating your data within your legacy database will allow you to spot the difference and pressure test the system. You’ll be aware of what portion complies and what does not. The only way to get quality data for your new plan is to ensure you’re transferring quality data from your existing database.


Examining your existing database will ease the transition to your new CRM—preventing failure, as well as costly and timely data issues later.

3 Documents You Should Maintain for Your Advancement CRM Platform


Constituent Relationship Management (CRM) is the set of processes and supporting technologies used to initiate and improve relationships with constituents. CRM is not just a technology that is brought into your institution. It helps you manage relationships with constituents and involves all of the workflows, processes, and reporting that your institution uses to achieve its mission.


When it comes to your Advancement CRM platform, document maintenance is vital. Here are three key documents you should revisit now.


#1—Master Configuration Document


The master configuration document tracks changes made to the software application to make it work for your organization—specifically site changes that enabled a certain workflow. In many cases, this document’s purpose becomes a part of your application support guidebook.


It can be a vital tool for your support team to reference when trying to help users with questions. It’s also used (or referenced) when contacting your software vendor for support due to a problem or issue. The information in your master configuration document is helpful to your software vendor and ensures you receive support as quickly as possible.


#2—Security Matrix for Staff


The security matrix for staff provides clear guidelines for how access is disseminated across the institution—indicating who has access to what information. Within your security matrix, include the justification of the access to make sure it is aligned with the staff’s job responsibilities.


Having a handle on your security at all times is an essential part of maintaining data security and data access policies.


#3—Data Management Business Rules


Your data management business rules define how a specific field should be used and provides guidelines to populate uniform information in that field. For example, you may identify data management business rules that require specific naming conventions or the structure in which you would input that information.


These business rules should be directions given to the user—explaining what to do if they do not have the given data at the time. The purpose of the data management business rules helps maintain data quality for accurate reporting and reliable decision making within the system.


Overall, your institution should review all three of these documents regularly. On an Ad Hoc basis, you should assess these documents for updates before rolling out any new initiatives using your advancement CRM system.


For periodic reviews, follow these guidelines.


Master configuration document: Yearly basis

Security matrix for staff: Twice per year

Data management business rules: Yearly basis

Data Privacy and Security—Classifying Data for Advancement


Data is a significant asset to your organization. It can provide a wealth of information about donors. A growing number of organizations are using data analytics to determine which supporters are most likely to make a significant gift or donate in response to their campaigns.


Data privacy is more important than ever before—especially in today’s digital economy—and organizations should review their data, privacy policies, and procedures. Here are different types of data privacy and security and how to classify data for advancement.


What is Confidential Data?


Any data or information that is protected by laws, regulations, or industry standards is considered confidential. Confidentiality is the need to strictly limit access to data to protect organizations and individuals from loss. Confidential data can also be defined as information that could cause harm to an individual or an organization if it is inappropriately accessed.


Data Privacy


Data privacy (information privacy) is a data security division that deals with the proper handling of data—more specifically, consent, notice, and regulatory obligations. Practical data privacy concerns are affected by several factors.


  • whether (or how) data is shared with third parties;
  • how information is legally collected or stored; and
  • regulatory restrictions


One important aspect of data privacy is transparency. Organizations must disclose how they request consent, abide by their privacy policies, and manage the data they’ve collected. Ask questions to understand your organization’s stance on data privacy.


  • What data is to be collected?
  • How long will it be kept, and does that comply with the laws?
  • Is there limited data access that is monitored, or is that data openly available?
  • What measures will be taken to protect data?
  • Is the planned use of the data aligned with why it was collected?


Data Security vs. Data Privacy


Simply keeping sensitive data secure may not be enough to comply with data privacy regulations. Data Security protects data from compromise, whereas data privacy governs how data is collected, shared, and used.


If you’ve worked to secure data—implementing encryption, restricting access, and overlapping monitoring systems—but your organization collected the data without proper consent, you could be violating data privacy regulations.


You can have data security without data privacy, but you cannot have data privacy without data security. Train employees to understand the difference. Include processes and procedures necessary to ensure the proper collection, sharing, and use of sensitive data as part of a data security portfolio.


Sensitive Data


Sensitive data is any information that needs to be protected—often dependent on the nature of the business conducted by an organization and, even more so, the responsible governing body.


What is Considered Sensitive Data?


The categories of sensitive data vary based on the privacy laws that apply to an organization.


For example, a healthcare organization will need to adhere to Health Insurance Portability and Accountability Act (HIPAA) privacy rules. In contrast, an educational institution will have to adhere to regulations such as the Family Educational Rights and Privacy Act (FERPA).


Sensitive data includes any information such as:


  • personal data, or data that can be used to identify an individual—including customer and employee data;
  • financial data such as bank account or credit card information; and
  • intellectual property or proprietary information such as software code.


Personal Data


Personal data, also known as Personally Identifiable Information (PII), is any information used to identify a specific individual. The protection of personal data has become increasingly important due to regulations that aim to protect individuals concerning their personal data processing. This has only become more prevalent as cyberattacks continue to evolve.


More frequently, organizations are being held responsible for how they process and secure sensitive data to prevent exposure and risk.


Cybersecurity Risk


Cybersecurity threats and data breaches have become the rule rather than an exception for organizations. Do you have data protection policies and the necessary procedures in place to guard against this threat?


Your organization must carefully handle sensitive data to avoid disclosure or data breach. The potential damage from a data breach goes beyond tarnishing your organization’s reputation. Your organization can be legally liable if you fail to comply with data privacy laws—which can come with exorbitant fines and penalties.


Protect sensitive data with cybersecurity best practices.


  1. Establish a data protection policy.
  2. Create a comprehensive and up-to-date inventory of sensitive data.
  3. Develop guidelines for assessing and maintaining privacy and confidentiality of data on all systems.
  4. Communicate your organization’s data security policies to staff members.


Go a step further and implement basic strategies for preventing data theft.


  1. Don’t open unsolicited email attachments or unknown files.
  2. Educate staff to identify and prevent phishing.
  3. Require strong passwords for each employee, and insist they are changed regularly.
  4. Establish processes to monitor your network for suspicious behavior.


Using Data for Advancement


Collected data is only valuable if it’s used for a purpose. One of the most popular uses of organizational data is for development. You can’t control people’s ability to give—but you can control how you use data to make decisions regarding your advancement.


Revamp your advancement strategy to focus on assessing your most connected donors and how you have engaged them.


Gauge donor giving capacity. Analyze alumni data and external sources, such as tax filings, home values, and other assets—then assign “wealth scores.” Once you’ve assembled data or scores on wealth and involvement, have staff members work on your top and bottom groups separately.


Look for differences. Organizations should record more than just donations in their fundraising databases. Review data to see which events your supporters attend, whether they volunteer or serve on committees, and how they give to other charities.


Identify loyal donors. The traits and behaviors that predict who is most likely to give a significant gift vary. Use data to identify loyal donors, even if their contributions aren’t substantial gifts.


Review of FERPA Regulations—Dos and Don’ts for Fundraising


Family Educational Rights and Privacy Act (FERPA) protects student education records’ privacy in the United States. The law applies to all schools that receive funds under the U.S. Department of Education’s applicable program. FERPA applies to any public or private elementary, secondary, or post-secondary school and any state or local education agency that receives funding under appropriate U.S. Department of Education programming.


FERPA allows “school officials” access to a student’s education records without consent if the official has “legitimate educational interests” in the information.


To prevent breaching FERPA, your organization’s disclosure should define “school official” and “legitimate educational interests” in a way that includes fundraising—disclosing types of information that are shared (name, address, date of birth, degree information, athletic team participation, etc.).


Fundraising departments are allowed to be in contact with campus partners, including admissions. These information transfers should happen only after a student has accepted their offer of admission. This is because parent prospecting and alumni fundraising are not problematic once the applicant is officially a student. But the data transfer should only include basic personally identifiable information.


Education Records


Education records include records—whether handwriting, print, computer, videotape, audiotape, film, microfilm, microfiche, or e-mail—of an institution that contains information directly related to the student.


Education records do not include:


  • medical records;
  • employment records (when employment is not contingent on being a student);
  • law enforcement records;
  • alumni records; and
  • parents’ or eligible students’ rights.


Schools must have written permission from the parent or eligible student to release any information from a student’s education record. Schools that fail to comply with FERPA risk losing federal funding.


How FERPA Helps


FERPA gives parents certain rights regarding their student’s education records. These rights transfer to the student when a student reaches the age of 18 or attends secondary education.


Current regulations exclude records with information about an individual once they become an alumnus. Schools must be cautious not to mistakenly interpret this provision to mean any document created or received by the institution after a student is no longer enrolled—regardless of the subject matter—because it is not an educated record under FERPA, whether they were created or received by the institution.


Parent Rights


Parents or eligible students have the right to inspect and review the student’s education records maintained by the school. Schools are not required to provide copies of records unless parents or eligible students can’t review them.


Schools must have written permission from the parent or eligible student to release any information from a student’s education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions:


  • school officials with legitimate educational interest;
  • other schools to which a student is transferring;
  • specified officials for audit or evaluation purposes;
  • appropriate parties in connection with financial aid to a student;
  • organizations conducting certain studies for or on behalf of the school;
  • accrediting organizations;
  • to comply with a judicial order or lawfully issued subpoena;
  • appropriate officials in health and safety emergencies; and
  • state and local authorities within a juvenile justice system.


Schools may disclose, without consent, “directory” information such as a student’s name, address, telephone number, date and place of birth, honors, awards, and attendance dates. But schools must tell parents and eligible students about directory information and allow them to refrain from disclosure.


Parents and eligible students must be notified annually of their rights under FERPA. Communication can be completed through a letter, school bulletin, student handbook, or newspaper article—the method of communication is at the school’s discretion.


Unintentionally Violating FERPA


Carelessly disposing of old student records indirectly violates FERPA.


Under FERPA, schools are responsible for how vendors use data. That means that if a vendor unintentionally misuses a student’s education records, the school will be found at fault. This also includes online fundraisers.


Know when to release and withhold records. It is a violation of FERPA if schools deny parents access to student records if they are under the age of 18.


Proceed with caution when talking about student-related information that you may have experienced indirectly. For example, teachers can speak about a student incident if they witness it firsthand. But if a senior administrator reads a report about that incident, the senior administrator cannot talk about it publicly. These concepts apply to social media usage.


Here are some other dos and don’ts when it comes to FERPA and fundraising.


Do understand the difference between a directory and non-directory information, but don’t make this information available to the public.


Do know students can grant written consent, but don’t disclose non-directory information without student written consent.


Do check for a FERPA restriction before communicating directory information, but don’t disclose the information if that student has a FERPA restriction.


Do understand parents can receive non-directory information in cases of emergencies, but don’t share non-directory or non-public directory information with parents if the student is over the age of 18 without written consent.


Do use blind carbon copy (bcc) when electronically communicating with multiple students, but don’t use carbon copy (cc) with numerous students, parents, or constituents.


To make sure your FERPA disclosures are inclusive, contact your admissions office or legal counsel.

Review of HIPAA Regulations—Dos and Don’ts for Fundraising


Health Insurance Portability and Accountability Act (HIPAA) aims to protect the confidentiality and security of information. The Privacy Rule component of the law establishes national standards to protect individuals’ records and other personal health information—setting limits and conditions on how organizations will use the information without a person’s authorization, including usage for fundraising.


Updated HIPAA regulations were released in 2013, clarifying the rules fundraisers must follow to comply with the statute. Fundraisers need to revisit these modifications to ensure proper adherence.


HIPAA requirements apply to different situations, and without the proper knowledge and approach, it’s easy to make common mistakes. Here is a review of the HIPAA regulations as it relates to the dos and don’ts fundraising.


Information Available to Fundraisers


Organizations can target their fundraising based on the nature of the services a person received or their physician’s identity. The personal health information that can be used for fundraising purposes includes:


  • patient demographic data (name, address, phone/email, date of birth, age, gender, etc.).
  • health insurance status;
  • dates of patient services;
  • general type of department in which a patient is serviced;
  • treating physician information;


Information requiring written authorization before fundraising use may include:


  • diagnosis;
  • nature of services; and
  • treatment.


The Rule for Supporting Foundations


If an institutionally related foundation conducts fundraising activity, a business associate agreement with its health care provider for the use of patient information is not required due to its direct supporting relationship.


Consultants on a retainer or other external fundraising vendors who will be granted access to patient information must agree with the health care provider on file.


Notification Practices


Before using information for fundraising purposes, a HIPAA-covered entity’s Notice of Privacy Practices must state organizations may contact the patient for fundraising efforts. The patient can opt-out of receiving any fundraising communications.


You must provide this Notice to the patient in advance of receiving care.


It is important to remember that patients have the right to opt out. Health care providers and supporting foundations legally must include a provision in all fundraising communications (including telephone and face-to-face solicitations). The provision must state the patient has the right to opt-out of future solicitations and must:


  • identify any conspicuous part of the materials sent to the patient;
  • describe how your organization may use information;
  • be written clearly, in plain language; and
  • include a simple, not burdensome means to opt-out from receiving further fundraising communications.


Segment your opt-out options so patients can elect to opt-out of campaign-specific or all future fundraising communications. It’s important to note that the opt-out does not lapse.


Here are some dos and don’ts of fundraising when it comes to HIPPA compliance.


Do: Conduct a Thorough Risk Analysis


Some of the most significant HIPAA penalties are because of failure to conduct a thorough risk assessment. Violations related to inadequate risk assessments fall under the most severe Willful Neglect tier of penalties. Every organization that creates, receives, maintains, or transmits private health information must conduct an accurate and thorough HIPAA risk assessment to comply with the HIPAA Security Rule.


Don’t: Ignore Social Media Usage.


Most people (if not all) are active on social media in some capacity. People use social media differently, especially regarding HIPAA’s primary objectives. Too often, social media encourages the careless sharing of data. HIPAA regulations strive to keep personal health information as confidential as possible.


Do: Perform Regular Self-Audits


Conduct periodic self-audits as recommended by the National Institute of Standards and Technology (NIST)—it’s proven to be one of the most effective HIPAA compliance tools.


Self-audits tend to focus on HIPAA Security Rule compliance—covering technical, administrative, and physical safeguards related to personal health information. Audits can include issues within the Privacy Rule.


Don’t: Forget Your Employees.


Internal issues related to HIPAA compliance are a common mistake when it comes to not-compliance. Often, employees fail to ensure that all third-party vendors, contractors, and business associates handle sensitive information appropriately. Third-party HIPAA compliance was a focus of the 2013 HIPAA Omnibus Rule. Entities should work with vendors to ensure that private health information is secure.


Do: Have a Training Plan


The HIPAA Privacy Rule and the HIPAA Security Rule have training requirements, including the mandate that both covered entities and business associates provide regular training to their workforce members who handle private health information.


HIPAA doesn’t specify the length and topics required, but the Privacy Rule states that training must be as necessary and appropriate for the workforce members to carry out their functions.


These functions can vary, especially regarding fundraising. Create a targeted training plan to ensure your organization remains HIPAA compliant.


Do: Have a Contingency Plan


Organizations and covered entities must ensure they have a current HIPAA contingency plan to prepare for adverse events that could affect private health information. Events could include a physical burglary, natural disaster, or cybersecurity attack.


Your contingency plan will depend on your risk assessment and analysis—addressing the most prominent threats to your private health information. Establish specific guidelines and procedures to follow, including things like systems and data recovery.


Don’t: Tackle Compliance Alone


You can’t achieve HIPAA compliance single-handily. If necessary, work with an outside expert or consultant to develop a comprehensive risk assessment, create an effective training plan, and identify potential cyber vulnerabilities.


At the very least, enlist a compliance partner at the beginning stages of the preparation for HIPAA compliance.

Data Security: A Primer for Advancement Leadership

Data security is critical to making sure that vital information from your organization is not easily accessible, but maintaining data security isn’t easy. In fact, there have been 540 data breaches this year.


That’s 163,551,023 people affected in 2020 so far by breaches in data security. Let’s dive into this critical topic as more and more workers and students sign in online every, single day.

Top 6 Causes of Data Breaches

To increase your knowledge about data security, here are the top causes of data breaches.

1. Weak and Stolen Credentials

Passwords that are cracked through brute force algorithms are a main cause of data breaches, but so are stolen passwords.


To keep your passwords safe, make sure that you’ve made them complex enough to render them “unhackable”. You can randomly generated passwords and manage them with tools like LogMeOnce or LastPass. Extra points for a combination of upper and lowercase letters, numbers, and special characters.

2. Application Vulnerabilities

Hackers find the technical vulnerability in a software and then exploit it. Before using or launching a new application, make sure your team tests it for vulnerabilities and finds ways to patch those security threats. This includes applications that house your constituent data, like your Advancement CRM database.

3. Malware

“Malware” is short for “malicious software.” It describes a variety of threatening methods that are designed to infiltrate and damage, disrupt, or hack a device. For example, think of viruses, worms, ransomware, and Trojan Horses. You don’t want to be on the receiving end of malware.

4. Malicious Insiders

Taking care of your employees so that they don’t become a future risk to your institution is important, but so is screening out those who seem predisposed to betraying their employer. Malicious insiders are the employees who have access to sensitive information and then purposefully commit a data breach to harm the institution. Better hiring and screening processes, along with maintaining a good organizational culture and robust employee training programs, can help prevent these insiders from coming on board and wreaking havoc from within the organization.

5. Insider Error

Employees who do not have malicious intent but commit a data breach by mistake are also a threat. These employees may not be aware they’ve done anything wrong, but one accidental keystroke can cause a serious data breach.


For these employees, it’s important to remind them to take more care with their work and to encourage them to be transparent when they’ve made an error. Employee training is a crucial step to prevent these errors. Together, you can grow and learn, ultimately stopping similar mistakes from happening.

6. Physical Theft

Theft of a device that holds your institution’s sensitive information falls under this category. To prevent these breaches, you may want to take extra care in where you physically store this information—consider using a safe or a security system.

Why Preventing Data Breaches Is Important

Data breaches are preventable. In fact, 4 of the 6 causes of data breaches can be prevented based on changing human behavior. This means that every staff member in Advancement can be a part of the solution.

How To Prevent Data Breaches

There are several measures you can take to prevent data breaches.

Security Policy Training and Education: Setting The Standard

When you’re creating your security policy training and pulling together your educational materials, it’s important to clearly set the standard. When you’re completing this step, it helps to ask yourself and your colleagues the following questions:

  • What is the policy?
  • Why is it beneficial to the organization?
  • How does a security breach impact Advancement?
    • By making a breach relevant to Advancement itself, you’re adding a sense of urgency for employees to comply.

You’ll also want to discuss examples of behaviors that adhere to the policy and examples of behaviors that would violate the policy. By giving employees clear examples, you’re ensuring that they’ll fully understand what does and does not constitute a data breach.

Advancement Leadership as Security Champions: Lead by Example

As a leader in your Advancement team, you must champion the cause to protect sensitive information and build confidence with your donors and supporters. Give periodic Executive Briefings on the key points below:

  • Know what data you have, including its:
    • Location (is it in an on-premise data center, is it vendor-hosted, is it in a storage room, or is it in Mike’s desk drawer?)
    • Format (is the data in a digital copy or a hard copy?)
    • Volume (how much data is there, really?)
    • Classification (whether the data is sensitive or confidential)
  • What potential vulnerabilities exist based on the data you have, the software you’ve used, and access you’ve given staff members?
    • Map these vulnerabilities out and identify them, before a breach occurs.
  • What plans are in place to reduce the vulnerabilities your company has? Are they working? (Tip: If they’re not working, brainstorm ways to improve.)

Communication Plan for Data Breach

Have your plan ready before a data breach occurs. Establish a communication plan such that you and your leadership team can be immediately informed if there is a threat or possible threat of a data breach. Creating a data breach task force or committee can also help streamline that process internally. Determine how you will communicate to your constituents.

Performance Evaluations: Enforce Security Policies

You can’t simply rely on IT to be the sole security watchdog for your organization. By the time they are even aware of staff behavior that has compromised the organization, that door may have been open for months. Staff should be evaluated on a consistent and measured basis.

Data Security: Final Thoughts

Assessment of your Advancement team’s Data Security requires a 360-degree look into how your institution is performing, the vulnerabilities that exist, and ways that existing processes can be refined to prevent future data breaches.


When you’re trusting employees with sensitive data, remember—human error can and will happen, but with the right precautions, you’re taking safeguards to prevent future accidental breaches from happening again.


Malicious actors also exist, but again—with the right measures, you’re taking steps to prevent them from hacking into or stealing your data.

A Promise of Accurate and Reliable Data – Learn How!


The promise of having accurate and reliable data is often made as a part of the implementation of a new CRM (constituent relationship management) software. It is that promise that often keeps every VP of Advancement/Development Services up at night trying to figure out how to miraculously transform over 10 years worth of information plagued by human error and evolving data entry procedures into something that is pristine, free of duplicates, and meaningful for all users. So why do we even take this on? Accurate and reliable data is critical to user adoption. There is no way of achieving all of the benefits that were listed in the project charter for this multi-million dollar system if no one uses it. So let’s take a look at how we can fulfill on this promise…


Continue reading “A Promise of Accurate and Reliable Data – Learn How!”