Back to all activities

Remote Facilitation


This component suggests approaches to use if in-person facilitation is not possible, and to include participation from remote staff or offices when an organization has multiple locations. This supplements the Data Assessment, Process Mapping, and Threat Assessment exercises, enabling them to be conducted remotely.

This may not provide as deep results as in-person facilitation, but should provide adequate levels of expansion and verification of information needed, and even provide the secondary benefits in most cases of helping the organization build a shared understanding of its processes, risks, and riosk tolerances.


    Remote facilitation, if not done securely, can expose sensitive information from both the auditor and the organization. There are different ways to communicate and exchange information remotely. This can be by voice calls, emails, video conference, survey forms cloud storages and chat messages. Choose your tools based on ease of adoption for the organization, proven security, and open source, ideally audited code when possible.

Walk Through

    Selecting the most suitable approach requires understanding of the capacity and personel structure of the organization, including their ability to support communication technologies, and the availability of someone that can assist in facilitation.

    After selecting the most suitable approach, auditor should make sure to prepare for remote facilitation:

    • Work with the organization point of contact to select the most suitable approach.
    • Schedule calls/meetings and/or discuss timelines for survey preparation, sending, and deadlines for input.
    • Prepare any material to be sent and distributed beforehand.
    • Coordinate (including perhaps training) with on-site facilitator if ny.
    • Prepare at least one fallback communication channel.
    • Test communication channels.
    Approach 1, on-site facilitator, with video chat auditor

    Suitable when there is a person that can take a facilitation role on-site. Facilitator does not have to be a technical person, but should be able to manage the session, making sure that it is as inclusive and as productive as possible. Accommodates more participants than Approach 3 per session. If the auditor is able to join remotely, this provides an ideal substitute.

    • On-site facililtator assists in conducting the over all exercise, ensuring inclusion of all participants. Level of facilitator envolvement needs to be decided between the facilitator and auditor before the session, and if needed training may be provided to the facilitator
    • Auditor follows along via video chat through the full exercise and discussion, and is able to contribute or ask follow-up questions as needed.
    • Facilitator leads the session and managing note-taking, as well as secure sharing of notes post-session.
    • Follow up sessions may be arranged with selected groups of staff.
    Approach 2, hybrid online/synchronous

    Can be used with large group of participants, where it is possible to meet over multiple sessions with enough time to collect and analyse responses in between.

    • An introductory video chat is recommended as a starting point, this allows the auditor to introduce themselves, the exercise, and agree on communication rules. This will help in building rapport, and address any concerns participants may have, as well as allow for further testing of communication channel.
    • The auditor ask participants to fill in a template or survey to collect information needed (See Approach 4 for survey details), this stems directly from the activity, whether it is data assessment, process mapping, threat analysis, or any activity requiring facilitation.
    • Participants send their input to auditor, either through answering into and online questionnaire, or through any other media agreed on.
    • Auditor collect the information and arrange them for analysis and discussion.
    • Another video chat is conducted to discuss responses and expand and validate on information collected through the survey.
    • Follow up sessions may be arranged with selected groups of staff as needed.
    Approach 3, multiple small sessions

    Suitable for medium to large groups where it is possible to conduct multiple small video chats. It is recommended for sessions to be arranged to include people from the same organizational level, but different functions/teams/arms/departments of the organization. This approach scales to larger organizations and helps ensure voices at different levels of the organization are heard.

    • Auditor works with participants via video chat through the full exercise and discussion.
    • Follow up sessions may be arranged with selected groups of staff as needed.
    Approach 4, hybrid offline/asynchronous
    • Introductory email/session through local facilitator (may need to provide remote training on the activities).

    • Collect responses and input through a survey.

    • Discuss responses and finding via email or voice chat to expand and validate. Sample Questions: Data Mapping

    • Where does your organizational email live? Please select all devices where email is stored or accesses:

      • Email server / webmail
      • Backup server
      • Office computers
      • Office Laptops
      • Office cell phones
      • Backup drives
      • Personal laptops
      • Personal cell phones
      • Tablets
      • Designated Travel laptops/tablets
      • Other? __
    • Where does the organization share files?

      • Email
      • Shared drive at office
      • Box/Dropbox/OneDrive/etc.
      • Custom hosted (owncloud, etc.)
      • Google Drive/Docs
      • USB drives
      • Other? ___
    • What types of files does the organization track and use?

      • Financial records
      • HR / personal contracts (personal data, including ID and bank info)
      • Other personal data (passports, etc.)
      • Funding records
      • Sensitive / internal program records
      • Publications
      • Videos
      • Project proposals