# Contextual Assessment Informational Requirements #### BACKGROUND *Understand the history of the organization and its mission* **How did your organization form? What are its objectives?** * Mission: * Year established: * Brief history: * Summary of current programs? * Upcoming campaigns? #### INTERNAL FACTORS *Understand the assets used to achieve the organization’s goals* **PHYSICAL** **Where are you headquartered?** * Address(es): * Reason for chosen location(s): * Do you share this space with anyone outside the organization? * Do you rent, own, borrow this space? **What other facilities do you own or occupy?** * E.g. Satellite offices, warehouses, intermittent environments (temporary workspaces, conferences, workshops) **What equipment do you rely on? *****(Will be explored more deeply in Device Inventory)*** * Devices (computers, phones, tablets, routers, TVs, any other IoT like thermostat, alexa, etc.) * Provided to employees? Or do employees use their own? * Vehicles * Own, rent? **What other physical infrastructure does the organization depend upon?** * Power * What is the regular system for providing power to the organization? On-grid, generator, solar? * What backup power systems are available to the organization? * Travel * Are employees allowed to travel with organization-owned devices? What devices are they likely to travel with? * Are "travel devices" available for employees to use? What is the organizational expectation of their use? * Are employees likely to travel to locations where device theft is common? * Are employees travelling through checkpoints (government, private, bandits, international)? * Trash removal and other janitorial services & recycling * How does the organization dispose of trash? * How does the organization dispose of sensitive documents? * How does the organization manage janitorial services for their workspace? * How does the organization perform cleaning their offices or other workspace? * Who conducts maintenance of physical infrastructure (plumbing, electricity)? **POLITICAL** **How are you structured?** * Leadership team (executives): * Board: * Management structure: **What politics are in play within the organization?** * What are the political affiliations of its board members and leaders? (in general, or any heavily political advisors) * What are current political aspirations of current employees? Is anyone running for office? * What are the internal relationships between members? * Describe past and current internal conflicts -- organizational changes, layoffs & firing * Immigration/Citizenship/Refugee status: * Staff: * Beneficiaries: **ECONOMIC** **What is your business model?** * Corporate Structure (Non-profit, for-profit, hybrid) * Dependencies * Who are your Clients / Customers / Beneficiaries? * Who are your Donors? * Who are your other Funders (Grantors, Governments)? * Who are your partners for Contracted Services? * Current Financial Situation * Describe your organization’s Financial Health including inputs/outputs * What is your Financial Infrastructure - Where/How are funds stored? * Do you use Formal banking? * Do you keep Cash on hand? * Do you use Informal value transfer? * Seasonality * Are there specific times of year where you conduct certain programs or when fundraising or operations will intensify? * Advertising and Publicity Operations (Avenues for advertising, press, publicity - how is your organization known?) * Current Financial Situation * What is your Internal Cash Flow & Funding Streams? * What are your sources of Funding, grants, & Initiatives? **SOCIAL** **Who keeps your organization running?** * Number of employees: * Types of employees: * Full-time, part-time, intern, volunteer, contractor * Occupations & Salaries paid * Demographics (ages, genders, ethnicities, tribes): * Staff: * Beneficiaries: * Education * Formal education of staff members * Literacy of staff members * Technological knowledge and proficiency * Living Situations * Geographic dispersal - where do staff live in relation to work? * Where do they live in relation to beneficiaries? * In relation to their family (Diaspora?)? * Living conditions - what are the living conditions for staff? **What is your organization’s culture?** * Organizational Practices (of Staff or Beneficiaries) * Which languages are used? * What perspectives on Security exist? * What perspectives on Privacy exist? * Working environment * Office bound? * Remote workers? * “Work from home” culture? * Organizational Practices (of Staff or Beneficiaries) * What norms are realized? * What taboos exist? * Hiring Practices * Describe current hiring practices. How are people screened before employment? * Describe current recruiting initiatives. How are people recruited? * Leisure Activities * Health Conditions * Current issues * Clinic / Medical Care Providers * Insurance Providers **TECHNOLOGICAL** * See Device Inventory and Technical assessment * Do you currently have organizational policies for... * Technology Use? * System Access? * Privacy or data protection? * What are your future plans... * For acquiring replacement technologies or solutions? * For digitization of paper records or other assets? * For conducting software upgrades? **LEGAL** * Do you have an internal legal team or rely on outside counsel? * What are your statutory & regulatory commitments for... * Business / Financial? * Ethical? * Environmental? * Data protection regulations (GDPR, etc)? * Others? * What are your current contractual obligations? * Have there been past breaches of contract? * Describe your organization’s lawsuits & legal challenges in the... * Past? * Present? * Future (Expected/Planned)? #### THREATS Consider... * Organized Crime * Nation State * Professional Hacker (Individual / Collective) * Hacktivists * Corporations * Terrorism * Criminal (Scammer / Opportunist) * **Who were your past threats?** * **What persons, groups, or organizations have threatened, attacked, or harmed your organization, its employees, or beneficiaries in the past?** * Cyberattacks * Physical harms * Other Crimes * **What prior attacks has your organization experienced in the past?** * Cyberattacks * Physical harms * Other Crimes * **Who are your current threats?** * **What persons, groups, or organizations are your current threats to your organization?** * Cyberattacks * Physical harms * Other Crimes * **Which persons, groups, or organizations do you feel may harm your organization in the future?** #### EXTERNAL FACTORS *Factors beyond the organization’s Control, but that are highly relevant to their functioning* \####POLITICAL * Support from Government Leadership of Organization’s Missions or Causes * Who are their supporters? * Who are their opponents? * Government Stability * Any recent shifts of power or structure? * Is there turmoil expected turmoil in the future? * Are there ongoing or nascent insurgencies? * External Stakeholders in Organization’s Mission * What other politicians or political groups are involved or impacted by the organization’s work? * What home pressure groups / lobbyists are for / against the organization’s work? * What international pressure groups / lobbyists are for / against the organization’s work? * Corruption in Government * What is the country’s general propensity & accountability for bribery, graft, etc? * Are there past or current corruption scandals involving the above stakeholders? \####ECONOMIC * Home economic situation * Describe the general economic conditions in the home country. * Are there ongoing crises related to recession, hyperinflation, or other decline? * What is the unemployment rate? * Trade Agreements * What other countries are relevant trade partners? * Are any countries involved in an ongoing trade war with the home country? \####SOCIAL * Cultural Practices * What other languages are used in the area of interest? * Are there any prevalent perspectives on Security in this area? * Are there any prevalent perspectives on Privacy in this area? * What cultural norms are relevant? * What cultural taboos are relevant? * Ethnic issues * Are there any ethnic groups that suffer from discrimination? \####TECHNOLOGICAL * Law Enforcement * What means do the area’s law enforcement use to access private digital systems? * What technologies do law enforcement or other government forces use to monitor or collect information on the populace? * Supply chains for Information-sharing * How is information transmitted between community members? * Are there any prevalent attitudes towards online security tools in this area? \####LEGAL * What protections exist for Freedom of Speech? * What are the relevant Privacy Laws? * What are the relevant Data Protection Laws? (GDPR, etc) * What are the relevant Cybersecurity Laws? * Criminality * Who are the major organized crime groups? * What other crimes may be relevant? \####MILITARY * What are current or recent local conflicts? Include terrorism. * Are there any international conflicts involving home country or partners’ home countries? * Are there nearby Installations and bases to the organization’s work? * What capabilities or equipment for collection or intercept may be present?