Skip to content
BlueStone Tech
Vertical · NFPs · 5–50 staff

IT support for Melbourne not-for-profits.

ACNC-registered charity, mission-driven team, mostly part-time, with a board that suddenly cares about cyber. We do the IT layer underneath — and we'll claim your Microsoft 365 NFP licensing while we're at it.

Get a free quote — by email See pricing

Recommended for NFPs

Essential + NFP licensing

$79 / user / mo · GST inc.

  • M365 Business Premium NFP licensing
  • Joiner-Mover-Leaver volunteer automation
  • DMARC enforcement against impersonation
  • Quarterly board-pack-ready summary

The five problems specific to NFPs

We've already done the homework on your governance & licensing stack.

01

Microsoft 365 Business Premium for NFP — almost free

Most Australian NFPs qualify for heavily discounted M365 (Business Premium ~$3.50/user/mo) but never claim it because the paperwork is fiddly. We do the application and provision properly.

02

Donor data + payment information needs proper storage

CRMs like Raisely, Salesforce NPSP, Donorbox, Funraisin store sensitive donor data. M365 SSO + conditional access is the right way to gate them. We configure the auth layer.

03

Volunteers, board members, contractors — everyone needs different access

NFPs run on shifting teams. Joiner-Mover-Leaver automation pack ($1,200) means a new volunteer gets the right access on day one and loses it the day they leave — without you remembering.

04

Board governance reports cover IT now

AICD-accredited board members are increasingly asking IT-risk questions. We provide a quarterly board-pack-ready summary: incidents, MFA coverage, backup tests, and any open risks.

05

Phishing aimed at finance and CEO impersonation

NFP CFOs and EAs are top targets for invoice fraud. DMARC enforcement, phishing-resistant MFA on finance roles, and email impersonation training close the loop.

Compliance overlay · who expects what

Four regulators. One stack of evidence.

ACNC · Charities Act 2013

Governance Standard 5 (responsible persons), reasonable financial controls, conflict-of-interest policies.
Privileged access cleanup · documented approval workflows · admin-role review.

Privacy Act 1988 · APP

Donor data protection, supporter consent records, marketing communications consent.
M365 DLP · access logging · CRM integration with documented retention.

OAIC · Notifiable Data Breaches

Eligible data breach notification within 30 days. Donor financial data triggers the threshold.
NDB runbook · breach response retainer · annual tabletop exercise.

DGR / TFN handling obligations

Receipt records retained 5 years, tax file number protection if collected.
M365 immutable backup (7-year retention available) · DLP policy on TFN patterns.

NFP FAQ

Common questions.

Are we eligible for Microsoft 365 NFP licensing?
Most ACNC-registered Australian charities are. The Microsoft NFP program offers free Business Basic for up to 300 users, plus heavily discounted Business Premium (~$3.50/user/mo vs $30 list). We handle the eligibility verification with Microsoft and provision the licences. If you're already paying full price, we typically pay back the migration cost in licensing savings within the first quarter.
Can you help us prepare an IT board paper?
Yes — Secure+ plan includes a quarterly board-ready summary: incident count, MFA coverage by role, patching SLA compliance, backup test results, and a written risk register update. AICD-aligned format. The vCIO walks the board through it once a year if useful.
Our board chair is worried about cyber insurance — we don't have a policy yet.
Reasonable concern. We can broker an introduction to NFP-friendly cyber insurers (Solidaritas, Emergence, BHSI), and provide the controls evidence pack so you can answer the underwriting questionnaire honestly. Premiums for a 10–30 person NFP typically land in the $2,500–$6,000/year range with documented Essential 8 ML1 controls.
We're a 8-staff NFP with 40 volunteers. Are we too small?
No. NFPs are a deliberate vertical for us. Essential plan ($79/user/mo) covers paid staff; volunteers usually use shared logins or visitor licences with documented access. We help you design the model that matches your actual workflow.
Same-business-day email reply · no sales calls

Want a quote for IT support for Melbourne not-for-profits? It takes 2 minutes.

We'll email back with a tailored proposal — no calls, no follow-ups you didn't ask for.

Get a free quote Book a call