Capacity Assessment
Summary
In this component the auditor engages with staff through interviews and conversations to identify the organization's strengths and weakness (expertise, finance, willingness to learn, staff time, etc.) to adopting new digital and physical security practices. The auditor uses this information to modify the audit scope and recommendations accordingly.
Purpose
Knowing an organization's strengths and weaknesses allows the auditor to provide more tailored recommendations that an organization will be more likely to attempt and achieve. The auditor will use this assessment in preparing for the audit itself as well as when evaluating the difficulty of a recommendation. This information also provides a starting place for understanding the organization's current use and understanding of technology, digital security, and current threat landscape, as well as revealing elements of an organization's workflow, infrastructure and even vulnerabilities that you might otherwise have overlooked.
The Flow Of Information
Guiding Questions
- What is the organization's ability to adopt new technologies or practices?
- What resources does the organization have available to them?
- What is the environment that the organization works within like? What barriers, threat actors, and other aspects influence their work?
- Are there any specific considerations for the audit that would require modifying the overall approach, tools, preparation steps, or timeline?
Approaches
- Conduct pre-audit interviews with key managerial and technical staff to identify organizational areas of strength and weakness (expertise, finance, staff time, etc.).
- Have informal conversations with staff during the course of the audit to further gather capacity and historical "stories" of technology adoption.
Outputs
- Organization's ability to:
- Adopt new technology
- Learn from others
- Organization's resources (financial, time, buy-in, expertise...) available for technological adoption
- The availability and quality of communications and electronic infrastructure.
- Threats posed to the digital and physical security of the organization and its staff, and past security issues encountered by the organization and its partners.
- Priority security concerns.
- Technological hardware and software in use for protecting the physical and digital security of organizations and their staff.
- Past, current, or desired use of websites, blogs, social media and other web-based tools and platforms to conduct outreach, manage information, advocate or engage with specific groups.
- Past, current, or desired use of mobile telephony and related software and hardware for activities such as sms management and data collection.
Operational Security
Preparation
- Review or create a set of interview questions to keep you on track
- Have a secure note-taking process ready
Resources
Questionnaire: Context Analysis Questionnaire - pg. 76 - Workbook on Security (Front Line Defenders)
Guide: Assessing Context, Priorities and Learning Styles (Integrated Security)
Background Interview Approaches
Project: Tech Scape (the engine room)
Guide: Individual Depth Interviews: Design Research for media development (Internews)
Guide: Develop an Interview approach - pg. 58 - HCD Toolkit (IDEO)
Guide: Interview Guide - pg. 57 - Development Impact & You (IDEO.org)
Guide: Conducting key informant Interviews - 1996, Number 2 (USAD Center for Development Information and Evaluation)
Questionnaire: Context Analysis Questionnaire - pg. 76 - Workbook on Security (Front Line Defenders)
Guide: Assessing Context, Priorities and Learning Styles (Integrated Security)
Activities
undefined
