Contextual Assessment Informational Requirements


Understand the history of the organization and its mission

How did your organization form? What are its objectives?

  • Mission:

  • Year established:

  • Brief history:

  • Summary of current programs?

  • Upcoming campaigns?


Understand the assets used to achieve the organization’s goals


Where are you headquartered?

  • Address(es):

  • Reason for chosen location(s):

  • Do you share this space with anyone outside the organization?

  • Do you rent, own, borrow this space?

What other facilities do you own or occupy?

  • E.g. Satellite offices, warehouses, intermittent environments (temporary workspaces, conferences, workshops)

What equipment do you rely on? (Will be explored more deeply in Device Inventory)

  • Devices (computers, phones, tablets, routers, TVs, any other IoT like thermostat, alexa, etc.)

    • Provided to employees? Or do employees use their own?

  • Vehicles

    • Own, rent?

What other physical infrastructure does the organization depend upon?

  • Power

    • What is the regular system for providing power to the organization? On-grid, generator, solar?

    • What backup power systems are available to the organization?

  • Travel

    • Are employees allowed to travel with organization-owned devices? What devices are they likely to travel with?

    • Are "travel devices" available for employees to use? What is the organizational expectation of their use?

    • Are employees likely to travel to locations where device theft is common?

    • Are employees travelling through checkpoints (government, private, bandits, international)?

  • Trash removal and other janitorial services & recycling

    • How does the organization dispose of trash?

    • How does the organization dispose of sensitive documents?

    • How does the organization manage janitorial services for their workspace?

    • How does the organization perform cleaning their offices or other workspace?

    • Who conducts maintenance of physical infrastructure (plumbing, electricity)?


How are you structured?

  • Leadership team (executives):

  • Board:

  • Management structure:

What politics are in play within the organization?

  • What are the political affiliations of its board members and leaders? (in general, or any heavily political advisors)

  • What are current political aspirations of current employees? Is anyone running for office?

  • What are the internal relationships between members?

  • Describe past and current internal conflicts -- organizational changes, layoffs & firing

  • Immigration/Citizenship/Refugee status:

    • Staff:

    • Beneficiaries:


What is your business model?

  • Corporate Structure (Non-profit, for-profit, hybrid)

  • Dependencies

    • Who are your Clients / Customers / Beneficiaries?

    • Who are your Donors?

    • Who are your other Funders (Grantors, Governments)?

    • Who are your partners for Contracted Services?

  • Current Financial Situation

    • Describe your organization’s Financial Health including inputs/outputs

  • What is your Financial Infrastructure - Where/How are funds stored?

    • Do you use Formal banking?

    • Do you keep Cash on hand?

    • Do you use Informal value transfer?

  • Seasonality

    • Are there specific times of year where you conduct certain programs or when fundraising or operations will intensify?

  • Advertising and Publicity Operations (Avenues for advertising, press, publicity - how is your organization known?)

  • Current Financial Situation

    • What is your Internal Cash Flow & Funding Streams?

    • What are your sources of Funding, grants, & Initiatives?


Who keeps your organization running?

  • Number of employees:

  • Types of employees:

    • Full-time, part-time, intern, volunteer, contractor

    • Occupations & Salaries paid

  • Demographics (ages, genders, ethnicities, tribes):

    • Staff:

    • Beneficiaries:

  • Education

    • Formal education of staff members

    • Literacy of staff members

    • Technological knowledge and proficiency

  • Living Situations

    • Geographic dispersal - where do staff live in relation to work?

    • Where do they live in relation to beneficiaries?

    • In relation to their family (Diaspora?)?

    • Living conditions - what are the living conditions for staff?

What is your organization’s culture?

  • Organizational Practices (of Staff or Beneficiaries)

    • Which languages are used?

    • What perspectives on Security exist?

    • What perspectives on Privacy exist?

  • Working environment

    • Office bound?

    • Remote workers?

    • “Work from home” culture?

  • Organizational Practices (of Staff or Beneficiaries)

    • What norms are realized?

    • What taboos exist?

  • Hiring Practices

    • Describe current hiring practices. How are people screened before employment?

    • Describe current recruiting initiatives. How are people recruited?

  • Leisure Activities

  • Health Conditions

    • Current issues

    • Clinic / Medical Care Providers

    • Insurance Providers


  • See Device Inventory and Technical assessment

  • Do you currently have organizational policies for...

    • Technology Use?

    • System Access?

    • Privacy or data protection?

  • What are your future plans...

    • For acquiring replacement technologies or solutions?

    • For digitization of paper records or other assets?

    • For conducting software upgrades?


  • Do you have an internal legal team or rely on outside counsel?

  • What are your statutory & regulatory commitments for...

    • Business / Financial?

    • Ethical?

    • Environmental?

    • Data protection regulations (GDPR, etc)?

    • Others?

  • What are your current contractual obligations?

    • Have there been past breaches of contract?

  • Describe your organization’s lawsuits & legal challenges in the...

    • Past?

    • Present?

    • Future (Expected/Planned)?



  • Organized Crime

  • Nation State

  • Professional Hacker (Individual / Collective)

  • Hacktivists

  • Corporations

  • Terrorism

  • Criminal (Scammer / Opportunist)

  • Who were your past threats?

    • What persons, groups, or organizations have threatened, attacked, or harmed your organization, its employees, or beneficiaries in the past?

      • Cyberattacks

      • Physical harms

      • Other Crimes

    • What prior attacks has your organization experienced in the past?

      • Cyberattacks

      • Physical harms

      • Other Crimes

  • Who are your current threats?

    • What persons, groups, or organizations are your current threats to your organization?

      • Cyberattacks

      • Physical harms

      • Other Crimes

    • Which persons, groups, or organizations do you feel may harm your organization in the future?


Factors beyond the organization’s Control, but that are highly relevant to their functioning


  • Support from Government Leadership of Organization’s Missions or Causes

    • Who are their supporters?

    • Who are their opponents?

  • Government Stability

    • Any recent shifts of power or structure?

    • Is there turmoil expected turmoil in the future?

    • Are there ongoing or nascent insurgencies?

  • External Stakeholders in Organization’s Mission

    • What other politicians or political groups are involved or impacted by the organization’s work?

    • What home pressure groups / lobbyists are for / against the organization’s work?

    • What international pressure groups / lobbyists are for / against the organization’s work?

  • Corruption in Government

    • What is the country’s general propensity & accountability for bribery, graft, etc?

    • Are there past or current corruption scandals involving the above stakeholders?


  • Home economic situation

    • Describe the general economic conditions in the home country.

    • Are there ongoing crises related to recession, hyperinflation, or other decline?

    • What is the unemployment rate?

  • Trade Agreements

    • What other countries are relevant trade partners?

    • Are any countries involved in an ongoing trade war with the home country?


  • Cultural Practices

    • What other languages are used in the area of interest?

    • Are there any prevalent perspectives on Security in this area?

    • Are there any prevalent perspectives on Privacy in this area?

    • What cultural norms are relevant?

    • What cultural taboos are relevant?

  • Ethnic issues

    • Are there any ethnic groups that suffer from discrimination?


  • Law Enforcement

    • What means do the area’s law enforcement use to access private digital systems?

    • What technologies do law enforcement or other government forces use to monitor or collect information on the populace?

  • Supply chains for Information-sharing

    • How is information transmitted between community members?

  • Are there any prevalent attitudes towards online security tools in this area?


  • What protections exist for Freedom of Speech?

  • What are the relevant Privacy Laws?

  • What are the relevant Data Protection Laws? (GDPR, etc)

  • What are the relevant Cybersecurity Laws?

  • Criminality

    • Who are the major organized crime groups?

    • What other crimes may be relevant?


  • What are current or recent local conflicts? Include terrorism.

  • Are there any international conflicts involving home country or partners’ home countries?

  • Are there nearby Installations and bases to the organization’s work?

    • What capabilities or equipment for collection or intercept may be present?

Last updated