We Are Your IT Department
Feedwire is not just a vendor sending invoices and solving tickets; we are a department in your organization that happens to sit outside your walls. Your internal departments do not operate in silos (hopefully), and neither should we. Marketing does not launch campaigns without talking to Sales. Finance does not set budgets without input from Operations. And IT should not make technology decisions (tactical or strategic) without understanding your business goals and strategy.
Defining responsibilities is not about drawing lines in the sand. It defines how we dance together. It clarifies who leads, who follows, and where we move in sync. We all need to know our parts before we can successfully play together.
This document maps out how Feedwire integrates with your Leadership, HR & Operations, Finance, and Legal teams. We need the same things any internal IT department needs: visibility into your strategy, inclusion in planning, authority to execute, and trust that we are all moving in the same direction toward the same goals.
The magic happens when everybody understands their role. You would not expect your CFO to configure firewalls, and you should not expect your IT Service Provider to declare a legal breach. But when a security incident happens, we both need to know precisely how we will work together. When you are planning to double your workforce, we need to know before the job postings go live. When we spot a risk, you need to trust us enough to listen, even when the news is not what you want to hear.
This model sets expectations for a healthy, productive relationship where information flows freely, decisions get made quickly, and nobody is surprised when something needs to happen. We have learned these patterns from hundreds of client relationships. Let's skip most of the missteps and pitfalls so we can get straight to what works for both of us.
This model applies exclusively to Feedwire's proactive service plans: Managed, Secured, and Prepared. These tiers represent a true IT department partnership where Feedwire participates in strategy and operations surrounding your technology environment.
This model does not apply to:
- Enrolled tier: Our reactive support offering, where customers retain primary IT responsibility
- Time and materials engagements: Project-based or hourly support without ongoing management
- Legacy break-fix arrangements: Traditional "IT Guy" relationships focused on responding to requests
- Consultation Services: Strategic advice without ongoing operational responsibility
- Scoped Support: engagement to support a slice of your systems, but not to act as your IT department
Shared Responsibilities
Realm | Topic | Responsible Party |
Strategic Technology Planning | Advise on technology roadmap | Feedwire |
Recommend emerging technologies | ||
Assess technical feasibility | ||
Provide industry best practices | ||
Share business strategy | Client Leadership Team | |
Include Feedwire (IT Department) in planning sessions | ||
Approve technology investments | ||
Elect a Feedwire point of contact within the Client Leadership team | ||
Communicate workforce changes | Client HR and Operations Teams | |
Share hiring plans | ||
Identify operational needs | ||
Elect a Feedwire point of contact within the HR and Operations teams | ||
Share budget and financial forecasts | Client Finance Team | |
Include Feedwire (IT Department) in budget planning | ||
Elect a Feedwire point of contact within the Finance team | ||
Share compliance roadmap | Client Legal Team | |
Identify a Feedwire point of contact within the Legal team | ||
Access Control and Identity | Configure directory services and MFA | Feedwire |
Execute provisioning, changes, and deprovisioning | ||
Manage privileged accounts | ||
Recommend access models | ||
Deploy and manage identity protection | ||
Approve access policies | Client Leadership Team | |
Authorize exceptions | ||
Submit onboarding, change, and offboarding requests | Client HR and Operations Teams | |
Communicate role changes | ||
Manage physical access | ||
Approve finance system access | Client Finance Team | |
Define compliance and regulatory requirements | Client Legal Team | |
Infrastructure | Configure firewalls and network | Feedwire |
Deploy and manage endpoint protection | ||
Manage patching and encryption | ||
Advise on architecture decisions | ||
Approve architecture changes | Client Leadership Team | |
Fund infrastructure upgrades and maintenance | ||
Share growth projections to inform architecture recommendations | ||
Communicate device policies | Client HR and Operations Teams | |
Report lost or stolen devices | ||
Coordinate facility needs | ||
Approve purchases and contracts | Client Finance Team | |
AI, SaaS, and Cloud Applications | Vet SaaS vendors and their security | Feedwire |
Configure SSO and integrations | ||
Monitor SaaS usage and shadow IT | ||
Advise on AI/ML governance | ||
Own and adopt SaaS policies | Client Leadership Team | |
Own and adopt AI policies and ethical guidelines | ||
Approve new applications | ||
Train staff on approved tools and policies | Client HR and Operations Teams | |
Monitor usage compliance | ||
Define operational requirements | ||
Budget for SaaS subscriptions | Client Finance Team | |
Track application spending | ||
Review terms of service | Client Legal Team | |
Ensure AI and data compliance | ||
Data Protection and Backup | Implement backup systems | Feedwire |
Test restoration procedures | ||
Configure encryption and DLP | ||
Advise on data architecture | ||
Own and adopt data policies including retention and classification | Client Leadership Team | |
Share data growth forecasts to inform architecture advice | ||
Manage employee data lifecycle | Client HR and Operations Teams | |
Identify critical operations data | ||
Define financial retention | Client Finance Team | |
Define legal holds | Client Legal Team | |
Incident Response | Provide 24/7 SOC monitoring | Feedwire |
Execute technical containment | ||
Support the forensics team | ||
Advise on response strategy | ||
Lead Crisis Management Team | Client Leadership Team | |
Make breach determinations | ||
Keep IT informed of decisions | ||
Manage internal communications | Client HR and Operations Teams | |
Support business continuity | ||
Handle cyber insurance | Client Finance Team | |
Manage breach notifications | Client Legal Team | |
Coordinate with law enforcement | ||
Compliance and Audit | Provide technical evidence | Feedwire |
Maintain audit logs | ||
Advise on technical compliance | ||
Define compliance scope | Client Leadership Team | |
Approve audit responses | ||
Share compliance calendar | ||
Track training compliance | Client HR and Operations Teams | |
Support operational audits | ||
Manage financial audits | Client Finance Team | |
Identify regulatory applicability | Client Legal Team | |
Interpret legal requirements | ||
Ensure regulatory compliance | ||
Security Training | Deploy training platform | Feedwire |
Run phishing simulations | ||
Recommend training topics | ||
Mandate training requirements | Client Leadership Team | |
Enforce completion | Client HR and Operations Teams | |
Track certifications | ||
Onboard new employees into training | ||
Define compliance training needs | Client Legal Team | |
Vendor Management | Assess technical security | Feedwire |
Review security attestations | ||
Advise on vendor selection | ||
Approve critical vendors | Client Leadership Team | |
Share vendor strategy | ||
Define business requirements | Client HR and Operations Teams | |
Manage vendor relationships | ||
Manage contracts | Client Finance Team | |
Track spending | ||
Maintain updated payment information to prevent service suspension and data loss | ||
Review agreements | Client Legal Team | |
Business Continuity | Maintain DR capabilities | Feedwire |
Test continuity systems | ||
Advise on continuity planning | ||
Own BCDR strategy | Client Leadership Team | |
Set recovery priorities | ||
Include IT in planning | ||
Define business priorities | Client HR and Operations Teams | |
Coordinate alternate sites | ||
Maintain emergency contacts | ||
Manage insurance policies | Client Finance Team | |
Ensure continuity targets comply with obligations and regulations | Client Legal Team | |
Physical Security | Integrate access control systems | Feedwire |
Configure surveillance systems | ||
Manage server room access | ||
Approve security budgets | Client Leadership Team | |
Manage facility security | Client HR and Operations Teams | |
Coordinate guard services | ||
Manage visitor protocols | ||
Privacy (GDPR, CCPA, etc.) | Implement technical controls | Feedwire |
Support data subject requests | ||
Advise on privacy technology | ||
Approve privacy policies | Client Leadership Team | |
Manage employee privacy | Client HR and Operations Teams | |
Train staff on privacy | ||
Own privacy program | Client Legal Team | |
Handle privacy and data subject requests | ||
Risk Management | Conduct vulnerability scans | Feedwire |
Coordinate penetration tests | ||
Provide risk metrics | ||
Recommend mitigations | ||
Participate in risk committees | ||
Define risk appetite | Client Leadership Team | |
Accept residual risks | ||
Include IT in risk planning | ||
Assess personnel risks | Client HR and Operations Teams | |
Assess operational risks | ||
Assess financial risks | Client Finance Team | |
Maintain risk register | Client Legal Team | |
Assess legal risks |
Partnership Commitments
- Trust: We have seen and made many mistakes. Let's skip those now.
- Authority: When we say something needs to happen, back us up.
- Transparency: Share business plans quarterly and provide 30-day notice for major changes so we can prepare technology.
- Patience: The first 90 days are rough. The next 90 years won't be.
- Budget: Not blank checks, but reasonable investment in your business and enabling its people.
- Lifecycle: Keep hardware reasonably capable and under 5 years old. Keep software licenses appropriate (Business with SSO) and current.
- Risk Transfer: Carry cyber insurance covering incidents, disasters, and disruptions.
- Planning Inclusion: Include Feedwire in annual planning, budget cycles, and monthly syncs.
- Honesty: We'll tell you what you need to hear, not what you want to hear.
- Expertise: We've seen every IT disaster. You won't surprise us.
- Accountability: When we own it, we own it completely.
- Responsiveness: Your IT emergency is our IT emergency.
- Results: Measurable improvement in security, efficiency, and reliability.
- Incentive Alignment: Your growth and success drives ours!
- Strategic Advisory: Technology roadmap development, risk identification, and innovation guidance.
- Compliance Support: Technical compliance advisory (not legal advice).
Critical Boundaries
Feedwire | Client | Shared |
---|---|---|
Technical implementation and configuration | Business decisions and strategy | Technology roadmap planning |
Security controls and monitoring | Risk acceptance and appetite | Risk identification and assessment |
Honest recommendations (even when uncomfortable) | Final approval authority | Trust and transparent communication |
Incident technical response | Breach declarations and notifications | Crisis coordination and recovery |
Compliance technical controls | Legal compliance and determinations | Compliance gap identification |
Innovation recommendations | Innovation adoption decisions | Innovation impact assessment |
24/7 emergency response | Budget allocation and spending | Budget planning and prioritization |
Vendor technical vetting | Vendor business decisions | Vendor selection process |
Final Clarifications
- Strategic Partnership Success requires client transparency about business direction and challenges.
- AI Governance is a shared responsibility requiring both technical controls (Feedwire) and policy decisions (Client).
- Proactive vs Reactive: The more Feedwire knows about your business strategy, the more proactive our support becomes.
- Advisory ≠ Decision: Feedwire is opinionated and strongly advises, but client leadership retains all decision authority.