Home > Digital security > Digital security audits

Digital security audits

Cyber security audits

Open Briefing understands the digital security threats that NGOs and other social change agents face from governments, corporations and criminals. We also understand the internal vulnerabilities and lack of resources that place us at risk in today’s interconnected world. A digital security audit from Open Briefing can identify the things that you need to do to:

  • Improve your cyber security posture
  • Harden your IT systems
  • Develop your cyber security policies
  • Make your digital communications secure and private
  • Protect your website

The four stages of a digital security audit from Open Briefing are:

Cyber security audit

Stage 1: Initiate

We will work with you to understand your needs and agree the most appropriate standards against which to audit your organisation. Audit frameworks to consider include:

We create a system map from the controls in the agreed audit framework. We then and add additional modules relevant to your organisation, which we audit against cyber security standards and good practice, such as Security in-a-Box and NIST’s Small Business Information Security guide. These additional modules can include:

  • Digital communications (email, VOIP and IM)
  • Social media
  • Website
  • Sensitive digital information assets
  • Travel cyber security
  • Information security

Stage 2: Assess

We will gather evidence for the audit from several sources depending on the framework that we are using:

  • Document review
  • Workshops
  • Interviews
  • Surveys
  • Self-assessment questionnaire
  • External vulnerability scan
  • Internal vulnerability scan and on-site assessment
  • Digital information inventory
  • Technology inventory

Using a RAG traffic light system, we will record in the system map whether a control is implemented (green), partially implemented (amber), not implemented (red) or not applicable. We will do this for both paper and practice. In other words, we will assess what is written down in policies and handbooks and assess what staff are actually doing.

RAG status for cyber security audit

Stage 3: Report

We will provide you with a clear and concise findings report and gap analysis, including a summary traffic light dashboard of the audit system map. We will explain in non-technical language the changes that your organisation should make in order to meet the standards that we are auditing you against. This will include recommendations for policies and trainings as well as the controls that you should effect to protect your IT systems, digital communications and website (if included in scope).

Stage 4: Implement

We will work with you for an agreed number of days to implement any recommendations that you need our help with. This might include on-site or remote consultancy, staff training and preparing documentation, for example. If we are auditing you against an accredited standard, such as Cyber Essentials, you can choose to be assessed and receive your certification. We can then provide ongoing IT support and training to ensure that you stay cyber secure.

Cyber security audits that work for NGOs and charitiesClick To Tweet

In addition to our UK-based digital security team, Open Briefing works with a national network of vetted consultants and trainers in the United States through our civil society partner the Digital Security Exchange (DSX).

Please contact us to discuss your digital security needs.


Open Briefing is a certified social enterprise and a member of
the International NGO Safety and Security Association and CIVICUS