CSF Leak Association

Case Study
The Organisation

CSF Leak Association is a UK-based charity that provides support, awareness and resources for individuals affected by cerebrospinal fluid leaks. The organisation operates through a network of trustees and volunteers working remotely in a fully bring your own device environment. Microsoft 365 underpins communication, collaboration and document management, alongside a third-party managed website supporting membership and online services.

The Challenge

CSF Leak Association relied on a small number of trustees to manage day-to-day IT requirements. As reliance on Microsoft 365 increased, delays in routine tasks such as account creation, password resets and authentication support began to impact productivity and continuity.
The organisation had no formal IT support structure in place, resulting in inconsistent response times and a lack of accountability. Volunteer availability varied, creating risk where timely access to systems was essential.
In addition, the charity was managing a mixed Microsoft 365 licensing estate, along with password management and security requirements, without proactive oversight. Backup arrangements were limited, increasing concern around data protection and retention.
The existing website platform, while stable, required specialist expertise and added further administrative burden. Trustees recognised the need for a more structured, reliable and scalable support model to improve resilience and reduce dependence on individuals.

The Approach

A structured onboarding process was implemented to establish a stable and secure foundation for ongoing IT support. This included a detailed review of the Microsoft 365 environment, covering configuration, licensing, security settings and existing backup arrangements. From this, a prioritised roadmap of improvements was created to align the environment with best practice while remaining proportionate to the charity’s needs.
Support was transitioned to a service desk model, providing trustees and authorised volunteers with direct access to experienced engineers. Clear service expectations were introduced, including immediate acknowledgement of requests and resolution of routine issues within agreed timeframes. This ensured consistent and reliable support, independent of trustee availability.
Security and data protection were key areas of focus. Guidance was provided around identity management, authentication controls and secure access within a fully remote environment. Backup solutions were implemented to protect Microsoft 365 data, ensuring critical information could be recovered if required.
Dashlane password management remained in place, with practical support provided to ensure it continued to be used securely and consistently. Ongoing account management reviews were introduced to monitor licensing, support user changes and maintain efficiency as trustees and volunteers rotate.
While the existing website platform remained outside of support scope, strategic guidance was provided to explore alternative options that could simplify administration, improve usability and reduce reliance on specialist developers, while maintaining full ownership and control.

The Results

CSF Leak Association now benefits from a reliable and structured IT support model that ensures consistent access to Microsoft 365 services. Trustees and volunteers are able to resolve issues quickly, reducing disruption and improving productivity across the organisation.
The introduction of a centralised service desk has removed reliance on individual trustees, significantly improving resilience and ensuring continuity regardless of volunteer availability. Defined service expectations provide confidence that requests will be handled efficiently and within agreed timeframes.
Improved oversight of licensing and security has reduced operational risk. The Microsoft 365 environment is now better aligned with best practice, with proactive reviews ensuring it continues to meet the organisation’s needs. Backup solutions provide reassurance that critical data is protected and recoverable.
With a clear roadmap in place and ongoing account management support, the charity is well positioned to adapt and grow. Trustees can focus on delivering their core services with confidence, supported by a stable and secure IT environment.

Key Outcomes