Security Auditing Framework and Evaluation Template for Advocacy Groups

SAFETAG is a professional audit framework that adapts traditional penetration testing and risk assessment methodologies to be relevant to smaller non-profit organizations based or operating in the developing world.


SAFETAG audits serve small scale civil society organizations and independent media houses who have digital security concerns by working with them to identify the risks they face and providing capacity-aware, pragmatic next steps to address them.

Traditional security audits are based upon the assumption that an organization has the time, money, and capacity to aim for perfect security. Low-income at-risk groups have none of these luxuries. SAFETAG combines assessment activities from the the security auditing world with best-practices for working with small scale at-risk organizations.

SAFETAG auditors lead a risk modeling process that helps staff and leadership take an institutional look at their digital security problems, expose vulnerabilities that impact their critical processes and assets, and provide clear reporting and follow up to help the organization strategically move forward and identify the support that they need.

The SAFETAG Methods

Explore all Safetag Methods


SAFETAG resources are available under a Creative Commons Attribution-ShareAlike (CC BY-SA 3.0) License.

Check out the Credits and Licensing page for content attribution and a usage guide to referring to the SAFETAG wordmark.

The SAFETAG Community of Practice is governed by the SAFETAG Code of Conduct.

Get in touch

[email protected]

We have a global network of auditors trained in the SAFETAG framework available for independent work with small NGOs.

For updates or suggestions for the framework, please submit an issue.