Contextual Assessment Requirements


Understand the history of the organization and its mission

How did your organization form? What are its objectives?

  • Mission:
  • Year established:
  • Brief history:
  • Summary of current programs?
  • Upcoming campaigns?


Understand the assets used to achieve the organization’s goals


Where are you headquartered?

  • Address(es):
  • Reason for chosen location(s):
  • Do you share this space with anyone outside the organization?
  • Do you rent, own, borrow this space?

What other facilities do you own or occupy?

  • E.g. Satellite offices, warehouses, intermittent environments (temporary workspaces, conferences, workshops)

What equipment do you rely on? (Will be explored more deeply in Device Inventory)

  • Devices (computers, phones, tablets, routers, TVs, any other IoT like thermostat, alexa, etc.)
    • Provided to employees? Or do employees use their own?
  • Vehicles
    • Own, rent?

What other physical infrastructure does the organization depend upon?

  • Power
    • What is the regular system for providing power to the organization? On-grid, generator, solar?
    • What backup power systems are available to the organization?
  • Travel
    • Are employees allowed to travel with organization-owned devices? What devices are they likely to travel with?
    • Are "travel devices" available for employees to use? What is the organizational expectation of their use?
    • Are employees likely to travel to locations where device theft is common?
    • Are employees travelling through checkpoints (government, private, bandits, international)?
  • Trash removal and other janitorial services & recycling
    • How does the organization dispose of trash?
    • How does the organization dispose of sensitive documents?
    • How does the organization manage janitorial services for their workspace?
    • How does the organization perform cleaning their offices or other workspace?
    • Who conducts maintenance of physical infrastructure (plumbing, electricity)?


How are you structured?

  • Leadership team (executives):
  • Board:
  • Management structure:

What politics are in play within the organization?

  • What are the political affiliations of its board members and leaders? (in general, or any heavily political advisors)
  • What are current political aspirations of current employees? Is anyone running for office?
  • What are the internal relationships between members?
  • Describe past and current internal conflicts -- organizational changes, layoffs & firing
  • Immigration/Citizenship/Refugee status:
    • Staff:
    • Beneficiaries:


What is your business model?

  • Corporate Structure (Non-profit, for-profit, hybrid)
  • Dependencies
    • Who are your Clients / Customers / Beneficiaries?
    • Who are your Donors?
    • Who are your other Funders (Grantors, Governments)?
    • Who are your partners for Contracted Services?
  • Current Financial Situation
    • Describe your organization’s Financial Health including inputs/outputs
  • What is your Financial Infrastructure - Where/How are funds stored?
    • Do you use Formal banking?
    • Do you keep Cash on hand?
    • Do you use Informal value transfer?
  • Seasonality
    • Are there specific times of year where you conduct certain programs or when fundraising or operations will intensify?
  • Advertising and Publicity Operations (Avenues for advertising, press, publicity - how is your organization known?)
  • Current Financial Situation
    • What is your Internal Cash Flow & Funding Streams?
    • What are your sources of Funding, grants, & Initiatives?


Who keeps your organization running?

  • Number of employees:
  • Types of employees:
    • Full-time, part-time, intern, volunteer, contractor
    • Occupations & Salaries paid
  • Demographics (ages, genders, ethnicities, tribes):
    • Staff:
    • Beneficiaries:
  • Education
    • Formal education of staff members
    • Literacy of staff members
    • Technological knowledge and proficiency
  • Living Situations
    • Geographic dispersal - where do staff live in relation to work?
    • Where do they live in relation to beneficiaries?
    • In relation to their family (Diaspora?)?
    • Living conditions - what are the living conditions for staff?

What is your organization’s culture?

  • Organizational Practices (of Staff or Beneficiaries)
    • Which languages are used?
    • What perspectives on Security exist?
    • What perspectives on Privacy exist?
  • Working environment
    • Office bound?
    • Remote workers?
    • “Work from home” culture?
  • Organizational Practices (of Staff or Beneficiaries)
    • What norms are realized?
    • What taboos exist?
  • Hiring Practices
    • Describe current hiring practices. How are people screened before employment?
    • Describe current recruiting initiatives. How are people recruited?
  • Leisure Activities
  • Health Conditions
    • Current issues
    • Clinic / Medical Care Providers
    • Insurance Providers


  • See Device Inventory and Technical assessment
  • Do you currently have organizational policies for...
    • Technology Use?
    • System Access?
    • Privacy or data protection?
  • What are your future plans...
    • For acquiring replacement technologies or solutions?
    • For digitization of paper records or other assets?
    • For conducting software upgrades?
  • Do you have an internal legal team or rely on outside counsel?
  • What are your statutory & regulatory commitments for...
    • Business / Financial?
    • Ethical?
    • Environmental?
    • Data protection regulations (GDPR, etc)?
    • Others?
  • What are your current contractual obligations?
    • Have there been past breaches of contract?
  • Describe your organization’s lawsuits & legal challenges in the...
    • Past?
    • Present?
    • Future (Expected/Planned)?



  • Organized Crime
  • Nation State
  • Professional Hacker (Individual / Collective)
  • Hacktivists
  • Corporations
  • Terrorism
  • Criminal (Scammer / Opportunist)
  • Who were your past threats?
    • What persons, groups, or organizations have threatened, attacked, or harmed your organization, its employees, or beneficiaries in the past?
      • Cyberattacks
      • Physical harms
      • Other Crimes
    • What prior attacks has your organization experienced in the past?
      • Cyberattacks
      • Physical harms
      • Other Crimes
  • Who are your current threats?
    • What persons, groups, or organizations are your current threats to your organization?
      • Cyberattacks
      • Physical harms
      • Other Crimes
    • Which persons, groups, or organizations do you feel may harm your organization in the future?


Factors beyond the organization’s Control, but that are highly relevant to their functioning


  • Support from Government Leadership of Organization’s Missions or Causes
    • Who are their supporters?
    • Who are their opponents?
  • Government Stability
    • Any recent shifts of power or structure?
    • Is there turmoil expected turmoil in the future?
    • Are there ongoing or nascent insurgencies?
  • External Stakeholders in Organization’s Mission
    • What other politicians or political groups are involved or impacted by the organization’s work?
    • What home pressure groups / lobbyists are for / against the organization’s work?
    • What international pressure groups / lobbyists are for / against the organization’s work?
  • Corruption in Government
    • What is the country’s general propensity & accountability for bribery, graft, etc?
    • Are there past or current corruption scandals involving the above stakeholders?


  • Home economic situation
    • Describe the general economic conditions in the home country.
    • Are there ongoing crises related to recession, hyperinflation, or other decline?
    • What is the unemployment rate?
  • Trade Agreements
    • What other countries are relevant trade partners?
    • Are any countries involved in an ongoing trade war with the home country?


  • Cultural Practices
    • What other languages are used in the area of interest?
    • Are there any prevalent perspectives on Security in this area?
    • Are there any prevalent perspectives on Privacy in this area?
    • What cultural norms are relevant?
    • What cultural taboos are relevant?
  • Ethnic issues
    • Are there any ethnic groups that suffer from discrimination?


  • Law Enforcement
    • What means do the area’s law enforcement use to access private digital systems?
    • What technologies do law enforcement or other government forces use to monitor or collect information on the populace?
  • Supply chains for Information-sharing
    • How is information transmitted between community members?
  • Are there any prevalent attitudes towards online security tools in this area?
  • What protections exist for Freedom of Speech?
  • What are the relevant Privacy Laws?
  • What are the relevant Data Protection Laws? (GDPR, etc)
  • What are the relevant Cybersecurity Laws?
  • Criminality
    • Who are the major organized crime groups?
    • What other crimes may be relevant?


  • What are current or recent local conflicts? Include terrorism.
  • Are there any international conflicts involving home country or partners’ home countries?
  • Are there nearby Installations and bases to the organization’s work?
    • What capabilities or equipment for collection or intercept may be present?

Last update: May 26, 2020