The Australian Technical Analysts Association’s Board needed to regain control of their digital infrastructure. The platform served 2,550 members across multiple chapters, handling membership subscriptions, event bookings, document libraries, forums and newsletters – but proper governance oversight was missing. A technical assessment in April 2018 revealed both security vulnerabilities and a governance structure that put the organisation at risk.
The Challenge
The assessment revealed compounding problems. The platform (Joomla) was 14 versions behind current release. Multiple extensions were outdated, including two specifically identified on the Joomla Vulnerable Extensions List with known security vulnerabilities. The live website had been used as a test environment, leaving unused software in place that created additional security risks.
In June 2018, the site was compromised. Members couldn’t log in. Unauthorised content appeared on the homepage. The hosting environment had been breached and backup files were potentially compromised.
Beyond the immediate security crisis, the Board had no proper oversight of their own systems. Administrator access was concentrated with a single individual. Documentation was minimal. The organisation had no continuity plan if that knowledge walked out the door.
The Approach
Emergency stabilisation: Working with security specialists to clean the malware and consulting global Joomla experts on the hosting breach, the site was migrated from the compromised self-managed environment to commercially managed hosting. This emergency migration delivered immediate cost savings alongside the security improvements.
Governance structure: Proper administrator access was established, giving the Board oversight of their own infrastructure while maintaining professional technical management. Documentation and access protocols ensured organisational continuity regardless of future personnel changes.
Platform rebuild: The existing architecture – built up over years with different vendors and approaches – was too fragile to patch. A Proof of Concept demonstrated a strategic consolidation approach, which the Board approved in August 2019.
- Single-vendor integration: A single-vendor suite replaced fragmented systems from multiple vendors, eliminating interoperability issues and the common problem of vendors blaming each other when things broke. The membership system, event bookings and document libraries were all off-the-shelf solutions from one vendor, with full interoperability with a separate EDM solution.
- Streamlined access control: 35 different permission groups were consolidated into a role-based structure that matched how the organisation actually worked, rather than the historical complexity that had accumulated over years.
- Proper development practices: Template overrides ensured future updates wouldn’t break customisations – a fundamental problem with the previous implementation.
The new platform required process changes and user training. Some workflows changed. The investment in training delivered better long-term outcomes than attempting to replicate every quirk of the previous system.
All 2,550 member accounts and subscription histories were migrated. The rebuilt platform launched October 2019.
The Outcome
The three-year engagement (2018–2021) delivered both crisis resolution and sustainable operations.
75% reduction in annual operating costs. Streamlined architecture requiring less maintenance, elimination of vendor lock-in pricing, and a move from self-managed to commercially managed hosting all contributed.
Restored organisational independence. The Board regained proper oversight and control. Documentation and access protocols meant the organisation was no longer dependent on any single individual’s knowledge.
Maintainable platform. The previous environment required an estimated 50+ hours quarterly for updates due to improper implementation. The rebuilt platform reduced routine maintenance to hours, not days.
Professional governance structure. Clear separation between Board oversight and technical management, with proper handover protocols in place.
The engagement continued until 2023, when a new Board made the strategic decision to migrate to a SaaS platform as part of broader organisational changes. The transition was straightforward and professionally managed – exactly what a well-governed digital environment enables.
Lessons Learned
Mid-sized organisations need proper oversight of their own digital infrastructure, even when technical management is delegated to professionals. Single points of control – whether a person, a system or a vendor – create organisational risk that eventually surfaces as a crisis.
Strategic vendor consolidation can reduce both complexity and cost. Choosing integrated solutions from a single vendor eliminated interoperability problems and vendor finger-pointing, even when it required process changes and user training to get there.
Well-structured professional relationships should enable organisational flexibility, not prevent it. When the new Board decided to move to SaaS two years later, the transition was clean. That outcome was a direct result of how the engagement had been structured from the start.
