I would say Win7 should be fine - just keep in mind they most likely have a domain set up currently (or maybe not, I shouldn't assume) and client configuration is most likely in your future as well. As far as configuration, I would rather see RAID1 with 2 drives and a third drive used with full-image or other time of bare-metal backup recovery solution. This doesn't sound mission-critical enough for double-redundant drive failure protection and a three drive RAID1 doesn't protect you very well from the "Ooops" of the world. It sounds like they probably have less than 500GB of storage being used if it's a 3 drive RAID5 with 250GB drives, so with a $5k budget I think you could have (2) 500GB SSDs in RAID1 with a mechanical 1TB+ drive for local backups (I would go at least 3TB for expandability in the future). Also, look into Dell for a cheap server as a starting point for your build - you can get ECC memory for reliability and you can always add drives in the future. I build all my own machines but ended up going with a Dell for our new server because cost was comparable and trying to find a good Server motherboard to use was an exercise in futility for me at least. The T20 starts at $299 minus drives and OS and supports ECC.
I would say run daily W7 image backups to the mechanical drive, and use something like Crashplan to take backups of the Data. For $5 a month, you could also add Crashplan central for cloud backups and as frequently as every minute backups of the data. Owner could even run it on her home computer for a "local" offsite backup to protect from theft/fire/natural disaster without having to wait forever to download from the cloud should the worst happen.
i7-4790K | Asus Z97-A | 16GB DDR3-1600 | GTX 760 2GB | 256GB CRUCIAL MX100 | 3x500GB RAID0 5400RPM 2.5" DRIVES | 27" ACHIEVA 2560x1440 LED | Define R4 | CORSAIR CS450M GOLD | Win7 Pro x64.