Operating Model

We Are Your IT Department

Feedwire is not just a vendor sending invoices and solving tickets; we are a department in your organization that happens to sit outside your walls. Your internal departments do not operate in silos (hopefully), and neither should we. Marketing does not launch campaigns without talking to Sales. Finance does not set budgets without input from Operations. And IT should not make technology decisions (tactical or strategic) without understanding your business goals and strategy.

Defining responsibilities is not about drawing lines in the sand. It defines how we dance together. It clarifies who leads, who follows, and where we move in sync. We all need to know our parts before we can successfully play together.

This document maps out how Feedwire integrates with your Leadership, HR & Operations, Finance, and Legal teams. We need the same things any internal IT department needs: visibility into your strategy, inclusion in planning, authority to execute, and trust that we are all moving in the same direction toward the same goals.

The magic happens when everybody understands their role. You would not expect your CFO to configure firewalls, and you should not expect your IT Service Provider to declare a legal breach. But when a security incident happens, we both need to know precisely how we will work together. When you are planning to double your workforce, we need to know before the job postings go live. When we spot a risk, you need to trust us enough to listen, even when the news is not what you want to hear.

This model sets expectations for a healthy, productive relationship where information flows freely, decisions get made quickly, and nobody is surprised when something needs to happen. We have learned these patterns from hundreds of client relationships. Let's skip most of the missteps and pitfalls so we can get straight to what works for both of us.

This model applies exclusively to Feedwire's proactive service plans: Managed, Secured, and Prepared. These tiers represent a true IT department partnership where Feedwire participates in strategy and operations surrounding your technology environment.

This model does not apply to:

  • Enrolled tier: Our reactive support offering, where customers retain primary IT responsibility
  • Time and materials engagements: Project-based or hourly support without ongoing management
  • Legacy break-fix arrangements: Traditional "IT Guy" relationships focused on responding to requests
  • Consultation Services: Strategic advice without ongoing operational responsibility
  • Scoped Support: engagement to support a slice of your systems, but not to act as your IT department

Shared Responsibilities

Realm Topic Responsible Party
Strategic Technology Planning Advise on technology roadmap Feedwire
Recommend emerging technologies
Assess technical feasibility
Provide industry best practices
Share business strategy Client Leadership Team
Include Feedwire (IT Department) in planning sessions
Approve technology investments
Elect a Feedwire point of contact within the Client Leadership team
Communicate workforce changes Client HR and Operations Teams
Share hiring plans
Identify operational needs
Elect a Feedwire point of contact within the HR and Operations teams
Share budget and financial forecasts Client Finance Team
Include Feedwire (IT Department) in budget planning
Elect a Feedwire point of contact within the Finance team
Share compliance roadmap Client Legal Team
Identify a Feedwire point of contact within the Legal team
Access Control and Identity Configure directory services and MFA Feedwire
Execute provisioning, changes, and deprovisioning
Manage privileged accounts
Recommend access models
Deploy and manage identity protection
Approve access policies Client Leadership Team
Authorize exceptions
Submit onboarding, change, and offboarding requests Client HR and Operations Teams
Communicate role changes
Manage physical access
Approve finance system access Client Finance Team
Define compliance and regulatory requirements Client Legal Team
Infrastructure Configure firewalls and network Feedwire
Deploy and manage endpoint protection
Manage patching and encryption
Advise on architecture decisions
Approve architecture changes Client Leadership Team
Fund infrastructure upgrades and maintenance
Share growth projections to inform architecture recommendations
Communicate device policies Client HR and Operations Teams
Report lost or stolen devices
Coordinate facility needs
Approve purchases and contracts Client Finance Team
AI, SaaS, and Cloud Applications Vet SaaS vendors and their security Feedwire
Configure SSO and integrations
Monitor SaaS usage and shadow IT
Advise on AI/ML governance
Own and adopt SaaS policies Client Leadership Team
Own and adopt AI policies and ethical guidelines
Approve new applications
Train staff on approved tools and policies Client HR and Operations Teams
Monitor usage compliance
Define operational requirements
Budget for SaaS subscriptions Client Finance Team
Track application spending
Review terms of service Client Legal Team
Ensure AI and data compliance
Data Protection and Backup Implement backup systems Feedwire
Test restoration procedures
Configure encryption and DLP
Advise on data architecture
Own and adopt data policies including retention and classification Client Leadership Team
Share data growth forecasts to inform architecture advice
Manage employee data lifecycle Client HR and Operations Teams
Identify critical operations data
Define financial retention Client Finance Team
Define legal holds Client Legal Team
Incident Response Provide 24/7 SOC monitoring Feedwire
Execute technical containment
Support the forensics team
Advise on response strategy
Lead Crisis Management Team Client Leadership Team
Make breach determinations
Keep IT informed of decisions
Manage internal communications Client HR and Operations Teams
Support business continuity
Handle cyber insurance Client Finance Team
Manage breach notifications Client Legal Team
Coordinate with law enforcement
Compliance and Audit Provide technical evidence Feedwire
Maintain audit logs
Advise on technical compliance
Define compliance scope Client Leadership Team
Approve audit responses
Share compliance calendar
Track training compliance Client HR and Operations Teams
Support operational audits
Manage financial audits Client Finance Team
Identify regulatory applicability Client Legal Team
Interpret legal requirements
Ensure regulatory compliance
Security Training Deploy training platform Feedwire
Run phishing simulations
Recommend training topics
Mandate training requirements Client Leadership Team
Enforce completion Client HR and Operations Teams
Track certifications
Onboard new employees into training
Define compliance training needs Client Legal Team
Vendor Management Assess technical security Feedwire
Review security attestations
Advise on vendor selection
Approve critical vendors Client Leadership Team
Share vendor strategy
Define business requirements Client HR and Operations Teams
Manage vendor relationships
Manage contracts Client Finance Team
Track spending
Maintain updated payment information to prevent service suspension and data loss
Review agreements Client Legal Team
Business Continuity Maintain DR capabilities Feedwire
Test continuity systems
Advise on continuity planning
Own BCDR strategy Client Leadership Team
Set recovery priorities
Include IT in planning
Define business priorities Client HR and Operations Teams
Coordinate alternate sites
Maintain emergency contacts
Manage insurance policies Client Finance Team
Ensure continuity targets comply with obligations and regulations Client Legal Team
Physical Security Integrate access control systems Feedwire
Configure surveillance systems
Manage server room access
Approve security budgets Client Leadership Team
Manage facility security Client HR and Operations Teams
Coordinate guard services
Manage visitor protocols
Privacy (GDPR, CCPA, etc.) Implement technical controls Feedwire
Support data subject requests
Advise on privacy technology
Approve privacy policies Client Leadership Team
Manage employee privacy Client HR and Operations Teams
Train staff on privacy
Own privacy program Client Legal Team
Handle privacy and data subject requests
Risk Management Conduct vulnerability scans Feedwire
Coordinate penetration tests
Provide risk metrics
Recommend mitigations
Participate in risk committees
Define risk appetite Client Leadership Team
Accept residual risks
Include IT in risk planning
Assess personnel risks Client HR and Operations Teams
Assess operational risks
Assess financial risks Client Finance Team
Maintain risk register Client Legal Team
Assess legal risks

Partnership Commitments

Client Commitments to Feedwire
  • Trust: We have seen and made many mistakes. Let's skip those now.
  • Authority: When we say something needs to happen, back us up.
  • Transparency: Share business plans quarterly and provide 30-day notice for major changes so we can prepare technology.
  • Patience: The first 90 days are rough. The next 90 years won't be.
  • Budget: Not blank checks, but reasonable investment in your business and enabling its people.
  • Lifecycle: Keep hardware reasonably capable and under 5 years old. Keep software licenses appropriate (Business with SSO) and current.
  • Risk Transfer: Carry cyber insurance covering incidents, disasters, and disruptions.
  • Planning Inclusion: Include Feedwire in annual planning, budget cycles, and monthly syncs.
Feedwire Commitments to Client
  • Honesty: We'll tell you what you need to hear, not what you want to hear.
  • Expertise: We've seen every IT disaster. You won't surprise us.
  • Accountability: When we own it, we own it completely.
  • Responsiveness: Your IT emergency is our IT emergency.
  • Results: Measurable improvement in security, efficiency, and reliability.
  • Incentive Alignment: Your growth and success drives ours!
  • Strategic Advisory: Technology roadmap development, risk identification, and innovation guidance.
  • Compliance Support: Technical compliance advisory (not legal advice).

Critical Boundaries

Feedwire Client Shared
Technical implementation and configuration Business decisions and strategy Technology roadmap planning
Security controls and monitoring Risk acceptance and appetite Risk identification and assessment
Honest recommendations (even when uncomfortable) Final approval authority Trust and transparent communication
Incident technical response Breach declarations and notifications Crisis coordination and recovery
Compliance technical controls Legal compliance and determinations Compliance gap identification
Innovation recommendations Innovation adoption decisions Innovation impact assessment
24/7 emergency response Budget allocation and spending Budget planning and prioritization
Vendor technical vetting Vendor business decisions Vendor selection process
 

Final Clarifications

  1. Strategic Partnership Success requires client transparency about business direction and challenges.
  2. AI Governance is a shared responsibility requiring both technical controls (Feedwire) and policy decisions (Client).
  3. Proactive vs Reactive: The more Feedwire knows about your business strategy, the more proactive our support becomes.
  4. Advisory ≠ Decision: Feedwire is opinionated and strongly advises, but client leadership retains all decision authority.