Buy-in and strategy to implement, enforce, and inform policy
Branding practices and signatures
PGP usage, key storage, publishing keys, subject lines
Access control measures, levels of encryption, personal vs work usage
Data management policy
Where is stored? (cloud, local, etc)
Access control (new hires, employees leaving, different levels of access)
File naming and storage structure
Disposal of devices
When does training happen?
Funds for professional development
What to exptect when you leave the organization
Field Documentation and Reporting
by Michael Carbone
This is a draft of a resource that came out of envisioning the next iteration of the Responsible Data Forum's Organizational Security Atomized Plan, and reframing it as a guide towards implementation within a group. In this reframing I have relied heavily on the content of the Organizational Security Atomized Plan itself, Internews' SAFETAG organizational assessment framework, and other resources listed in the resources section.
The documents in this repository comprise a set of digital security checklists for use by US based non-profit organizations with a focus on human practice and organizational management. One checklist is oriented towards assessing an organization's readiness to take on this type of work. Additional documents represent framing information and a glossary.