Back to all activities

Capacity Assessment Checklist


A monolithic, one-time interview with key staff is not always possible or advisable, but interacting with a variety of staff exposes valuable information about every aspect of the audit, from vulnerabilities to capacity to hidden barriers. This serves as a "cheat sheet" of some topics to explore both during the planning and preparation phase and throughout the audit process.

Walk Through


    • Basic contact and organizational information: name, org, org's stated mission
    • Contextual research Organizational
    • Size of staff
    • Key roles in org for tech and management
    • Structure: Management and Technical?
    • (Program size, activities, information)
    • (Change management)
    • Languages used in office Contextual / Background / Threat information
    • What (if any) threats have occured to the organization and its partners? (digital, physical)
      • Surveillance?
    • What other threats are you concerned about? What has happened to other organizations in the space?
    • Org responses to these threats - trainings, technical responses, organization process/change successes?
    • Specific programs or other work outside of publicly stated mission that are high-risk
    • Program use of technology (SMS surveys, blogs, facebook pages, other websites, media recording and broadcast ...?) Technical
    • Primary website
    • Additional websites
    • Website technologies (content management, hosting provider)
    • Technology in use:
      • Desktop software (OS, Office)
      • Desktop security tools (anti-virus, anti-malware, firewalls, vpns, disk encryption...)
      • Servers (email, shared file system, networking tools, backups)
      • Email, email hosts
      • Other communication tools - skype, facebook, chat, mobile...
      • Other less formal tools - external emails, dropbox...
      • Internal network - wired, wireless, type of wireless network, ISP Preparation Support
    • Infrastructure
      • How is the office connected to the Internet?
      • Power outages or other challenges?
    • Office setup and size
      • Shared office space, shared floor or building?
      • Physical security of the office? Practices and behaviors
    • Office access and location
    • Personal device usage
    • Transporation means used to get to and from home
    • Remote access to organizational resources (VPN, shared files)