The SAFETAG Audit Framework Core
The SAFETAG audit consists of multiple information gathering and confirmations steps as
well as research and capacity-building exercises with staff organized in a collection of
objectives, each of which supports the core goals of SAFETAG, creating a risk assessment
while also building the capacity of the organization.
These objectives provide collections of approaches and activities to gather and verify
information in both technical and interactive/social methods, assess and build capacity, and
targeted exercises with walk-through instructions for many of these.
These are not meant to be a "checklist" or even a prescribed set of actions -- indeed,
experienced auditors will deviate strongly from many of the specific activities. These
provide a focused "minimal set" of activities only.
Indeed, many objectives and their specific exercises overlap or can be done together -- onsite interviews with staff can coincide with assessing their devices and keeping one's eyes
open for physical security issues. The data assessment exercises may provide enough
information that other staff engagements are unnecessary.
Page 4 of 240