Contextual Assessment Requirements

BACKGROUND

Understand the history of the organization and its mission

How did your organization form? What are its objectives?

  • Mission:
  • Year established:
  • Brief history:
  • Summary of current programs?
  • Upcoming campaigns?

INTERNAL FACTORS

Understand the assets used to achieve the organization’s goals

PHYSICAL

Where are you headquartered?

  • Address(es):
  • Reason for chosen location(s):
  • Do you share this space with anyone outside the organization?
  • Do you rent, own, borrow this space?

What other facilities do you own or occupy?

  • E.g. Satellite offices, warehouses, intermittent environments (temporary workspaces, conferences, workshops)

What equipment do you rely on? (Will be explored more deeply in Device Inventory)

  • Devices (computers, phones, tablets, routers, TVs, any other IoT like thermostat, alexa, etc.)
    • Provided to employees? Or do employees use their own?
  • Vehicles
    • Own, rent?

What other physical infrastructure does the organization depend upon?

  • Power
    • What is the regular system for providing power to the organization? On-grid, generator, solar?
    • What backup power systems are available to the organization?
  • Travel
    • Are employees allowed to travel with organization-owned devices? What devices are they likely to travel with?
    • Are "travel devices" available for employees to use? What is the organizational expectation of their use?
    • Are employees likely to travel to locations where device theft is common?
    • Are employees travelling through checkpoints (government, private, bandits, international)?
  • Trash removal and other janitorial services & recycling
    • How does the organization dispose of trash?
    • How does the organization dispose of sensitive documents?
    • How does the organization manage janitorial services for their workspace?
    • How does the organization perform cleaning their offices or other workspace?
    • Who conducts maintenance of physical infrastructure (plumbing, electricity)?

POLITICAL

How are you structured?

  • Leadership team (executives):
  • Board:
  • Management structure:

What politics are in play within the organization?

  • What are the political affiliations of its board members and leaders? (in general, or any heavily political advisors)
  • What are current political aspirations of current employees? Is anyone running for office?
  • What are the internal relationships between members?
  • Describe past and current internal conflicts -- organizational changes, layoffs & firing
  • Immigration/Citizenship/Refugee status:
    • Staff:
    • Beneficiaries:

ECONOMIC

What is your business model?

  • Corporate Structure (Non-profit, for-profit, hybrid)
  • Dependencies
    • Who are your Clients / Customers / Beneficiaries?
    • Who are your Donors?
    • Who are your other Funders (Grantors, Governments)?
    • Who are your partners for Contracted Services?
  • Current Financial Situation
    • Describe your organization’s Financial Health including inputs/outputs
  • What is your Financial Infrastructure - Where/How are funds stored?
    • Do you use Formal banking?
    • Do you keep Cash on hand?
    • Do you use Informal value transfer?
  • Seasonality
    • Are there specific times of year where you conduct certain programs or when fundraising or operations will intensify?
  • Advertising and Publicity Operations (Avenues for advertising, press, publicity - how is your organization known?)
  • Current Financial Situation
    • What is your Internal Cash Flow & Funding Streams?
    • What are your sources of Funding, grants, & Initiatives?

SOCIAL

Who keeps your organization running?

  • Number of employees:
  • Types of employees:
    • Full-time, part-time, intern, volunteer, contractor
    • Occupations & Salaries paid
  • Demographics (ages, genders, ethnicities, tribes):
    • Staff:
    • Beneficiaries:
  • Education
    • Formal education of staff members
    • Literacy of staff members
    • Technological knowledge and proficiency
  • Living Situations
    • Geographic dispersal - where do staff live in relation to work?
    • Where do they live in relation to beneficiaries?
    • In relation to their family (Diaspora?)?
    • Living conditions - what are the living conditions for staff?

What is your organization’s culture?

  • Organizational Practices (of Staff or Beneficiaries)
    • Which languages are used?
    • What perspectives on Security exist?
    • What perspectives on Privacy exist?
  • Working environment
    • Office bound?
    • Remote workers?
    • “Work from home” culture?
  • Organizational Practices (of Staff or Beneficiaries)
    • What norms are realized?
    • What taboos exist?
  • Hiring Practices
    • Describe current hiring practices. How are people screened before employment?
    • Describe current recruiting initiatives. How are people recruited?
  • Leisure Activities
  • Health Conditions
    • Current issues
    • Clinic / Medical Care Providers
    • Insurance Providers

TECHNOLOGICAL

  • See Device Inventory and Technical assessment
  • Do you currently have organizational policies for...
    • Technology Use?
    • System Access?
    • Privacy or data protection?
  • What are your future plans...
    • For acquiring replacement technologies or solutions?
    • For digitization of paper records or other assets?
    • For conducting software upgrades?
  • Do you have an internal legal team or rely on outside counsel?
  • What are your statutory & regulatory commitments for...
    • Business / Financial?
    • Ethical?
    • Environmental?
    • Data protection regulations (GDPR, etc)?
    • Others?
  • What are your current contractual obligations?
    • Have there been past breaches of contract?
  • Describe your organization’s lawsuits & legal challenges in the...
    • Past?
    • Present?
    • Future (Expected/Planned)?

THREATS

Consider...

  • Organized Crime
  • Nation State
  • Professional Hacker (Individual / Collective)
  • Hacktivists
  • Corporations
  • Terrorism
  • Criminal (Scammer / Opportunist)
  • Who were your past threats?
    • What persons, groups, or organizations have threatened, attacked, or harmed your organization, its employees, or beneficiaries in the past?
      • Cyberattacks
      • Physical harms
      • Other Crimes
    • What prior attacks has your organization experienced in the past?
      • Cyberattacks
      • Physical harms
      • Other Crimes
  • Who are your current threats?
    • What persons, groups, or organizations are your current threats to your organization?
      • Cyberattacks
      • Physical harms
      • Other Crimes
    • Which persons, groups, or organizations do you feel may harm your organization in the future?

EXTERNAL FACTORS

Factors beyond the organization’s Control, but that are highly relevant to their functioning

POLITICAL

  • Support from Government Leadership of Organization’s Missions or Causes
    • Who are their supporters?
    • Who are their opponents?
  • Government Stability
    • Any recent shifts of power or structure?
    • Is there turmoil expected turmoil in the future?
    • Are there ongoing or nascent insurgencies?
  • External Stakeholders in Organization’s Mission
    • What other politicians or political groups are involved or impacted by the organization’s work?
    • What home pressure groups / lobbyists are for / against the organization’s work?
    • What international pressure groups / lobbyists are for / against the organization’s work?
  • Corruption in Government
    • What is the country’s general propensity & accountability for bribery, graft, etc?
    • Are there past or current corruption scandals involving the above stakeholders?

ECONOMIC

  • Home economic situation
    • Describe the general economic conditions in the home country.
    • Are there ongoing crises related to recession, hyperinflation, or other decline?
    • What is the unemployment rate?
  • Trade Agreements
    • What other countries are relevant trade partners?
    • Are any countries involved in an ongoing trade war with the home country?

SOCIAL

  • Cultural Practices
    • What other languages are used in the area of interest?
    • Are there any prevalent perspectives on Security in this area?
    • Are there any prevalent perspectives on Privacy in this area?
    • What cultural norms are relevant?
    • What cultural taboos are relevant?
  • Ethnic issues
    • Are there any ethnic groups that suffer from discrimination?

TECHNOLOGICAL

  • Law Enforcement
    • What means do the area’s law enforcement use to access private digital systems?
    • What technologies do law enforcement or other government forces use to monitor or collect information on the populace?
  • Supply chains for Information-sharing
    • How is information transmitted between community members?
  • Are there any prevalent attitudes towards online security tools in this area?
  • What protections exist for Freedom of Speech?
  • What are the relevant Privacy Laws?
  • What are the relevant Data Protection Laws? (GDPR, etc)
  • What are the relevant Cybersecurity Laws?
  • Criminality
    • Who are the major organized crime groups?
    • What other crimes may be relevant?

MILITARY

  • What are current or recent local conflicts? Include terrorism.
  • Are there any international conflicts involving home country or partners’ home countries?
  • Are there nearby Installations and bases to the organization’s work?
    • What capabilities or equipment for collection or intercept may be present?

Last update: May 26, 2020