Security Assessments and Consultation Report Template
This section provides a brief overview of the organization we are assisting. Please try to include the following information and add any relevant points as needed:
- Note the mission of the organization (1-3 sentences)
- How many individuals work in the organization?
- Where is the organization based?
- Is the team primarily in office or remote, and what devices are they accustomed to using?
- With whom does the organization communicate (note the countries and type of communication - financial support, technical support, advocacy etc.) ?
After an initial assessment by the Helpline during a call or emailed exchanges, note the digital security challenges and opportunities. This is an example list, but please include additional thoughts as appropriate:
- Are additional staff required?
- Digital security awareness training for staff
- Communication security needs (email, instant messaging…)
- Account security needs (sharing credentials, 2FA etc.)
- Safe traveling requirements (frequent travelers? Where to? What devices are brought with them?
- What assets are they trying to protect? (Data collected, emails, research, finances…)
- What vulnerabilities do they have?
- What risks do they face? Who may be trying to harm them?
- How will we, the organization, and potentially other partners coordinate to address the challenges found in the last section? Create a bulleted list addressing each concern individually.
- Plan to address the most pressing needs first. Be sure to list who will lead that effort, and how (if at all) our Helpline team will be involved. If there will be external partners involved, please note what their tasks and expectations are.
- Consider the following categories: Security Awareness, Secure Cloud Storage, Email Account Security, Social Media Account Security, Device Access and Encryption, Safe Travel Advice, DDoS Protection, [Advice] Physical Security
Order of Actions
- After providing the consultation report to the client, solicit their feedback on the remediation steps proposed and the prioritization of those steps.
- If the client agrees on them, then create the child cases and update the plan with those ticket numbers.
[Org Name] Security Assessment Report
Version 1 - [Date]
The following confidential document describes the initial assessment of digital security practices at [ORGANIZATION] as suggested by Access Now Digital Security Helpline. Within this document we present a brief background describing the current situation, followed by identified challenges and a proposed remediation plan.
[Background context of organization]
During an initial assessment performed by the Access Now Digital Security Helpline and tracked as [accessnow [$CASE NUMBER] ], the following digital security challenges and opportunities were identified:
- Challenge 1
- Challenge 2
- Challenge …
In order to address the challenges presented above, the Helpline is available to assist [$ORGANIZATION] with the design, prioritization, and implementation of a remediation plan. There may also be other implementing partners whom [$ORGANIZATION] would like assistance from instead.
We recommend [$ORGANIZATION] IT staff lead the implementation of the remediation plan, and ensure they have adequate buy-in and support from the rest of the organization to implement these new organizational practices.
If the plan is accepted, the Helpline will create dedicated threads with [$ORGANIZATION] staff for each remediation topic and include associated information to support implementation.
- TOPIC #1 [accessnow #CASE NUMBER]
- TOPIC #2 [accessnow #CASE NUMBER]
|Security Incident Handler||[$EMAIL]|
For more information, please visit: accessnow.org/help
Access Now Helpline Terms of Service: accessnow.org/terms-of-service