Simplified Organizational OSINT Maturity Assessment Step 1 of 60 1% The KeyNorth Group’s Organizational OSINT Maturity Assessment is a tool that will allow you to evaluate how your organization or department has incorporated practices, policies, procedures, and technology to successfully conduct Open-Source Intelligence (OSINT) operations. This tool is best suited to law enforcement agencies, regulatory agencies, public safety organizations and corporate security groups that use OSINT to achieve their objectives. This questionnaire can be completed by any person within the agency or organization, engaged in a role that utilizes OSINT. The results of this assessment are intended to provide feedback on OSINT function by identifying operational strengths and opportunities for improvement. The assessment can be applied to the organization itself, or to a specific department(s). Please be sure to determine your focus prior to starting the survey. You may complete this assessment as many times as needed. You are encouraged to complete an assessment for each focus as it will provide you with more accurate results. The tool is intended to provide you with a snapshot view of your current organizational maturity as it relates to OSINT operations. The questions cover five topics, including best practices and capabilities, organizational structure, policy and law, technology, and OSINT training. It will take you approximately 30 minutes to complete the questions and access the feedback. At the end of the survey, you will access your general results which you can print to hard copy or to a PDF document, and keep for your own use. For each question you will be asked to select “agree” or “disagree”. There may be some instances where the question does not apply to your specific situation. If this is the case, please select “not applicable”. For questions where a topic does not apply, but you feel it should be addressed (ex. In the case of a deficiency or deficit) please select disagree, rather than “not applicable”. Please note that these answers are given the same grade as an “Agree” answer so that your final score will be more accurate. Your answers will remain anonymous unless you choose to identify yourself through the contact page at the end of the questionnaire. We do collect anonymized aggregated data to for the purposes of analyzing trends in OSINT. If you would like an off-line version of the assessment, please contact us and we will send you an electronic file containing the questions, which you can complete off the Internet. If you have any questions about this assessment or would like to discuss OSINT related management issues, please contact us.By clicking the "I Accept" button you are accepting the terms I accept Section A: Best Practices and Capabilities This section addresses best practices and capabilities which refers to the organization’s ability to conduct OSINT research effectively, support individual researchers, organize information and risk management. The following questions relate to the organization or department you work for. You should imagine that each question is prefaced with: “The organization or department I work for…” Uses a standardized file naming convention (FNC) for files. Agree Disagree Not applicable. This does not apply to my organization or department. Uses a standardized method to organize files to ensure information is organized and easy to find later. Agree Disagree Not applicable. This does not apply to my organization or department. Creates checksum reports for evidence capture files as a standard procedure. Agree Disagree Not applicable. This does not apply to my organization or department. Has instituted good note-taking practices for OSINT research. Agree Disagree Not applicable. This does not apply to my organization or department. Has implemented a standardized chain of custody process related to the transmission of electronic files; including using encryption to protect files when transferring them both internally or to third parties. Agree Disagree Not applicable. This does not apply to my organization or department. Has a written procedure guiding personnel on best practices to ensure electronic evidence is not corrupted. Agree Disagree Not applicable. This does not apply to my organization or department. Ensures that its operators/officers/analyst have an understanding of court procedures including giving testimony. Agree Disagree Not applicable. This does not apply to my organization or department. Provides regular updates relating to operator/officer/analyst safety, privacy and personal security when using the internet, mobile apps, social media platforms, etc. Agree Disagree Not applicable. This does not apply to my organization or department. Strictly prohibits the use of personal online accounts and personal devices for work-related research. Agree Disagree Not applicable. This does not apply to my organization or department. Has established a method of staying current on OSINT issues, techniques and case law such as subscribing to newsletters, regular attendance at conferences, regular update sessions from third-parties such as prosecutors, etc. Agree Disagree Not applicable. This does not apply to my organization or department. Has the resources to conduct research on the dark web if required. Agree Disagree Not applicable. This does not apply to my organization or department. Has a crypto-currency analysis capability. Agree Disagree Not applicable. This does not apply to my organization or department. Has the capability to analyze other forms of blockchain related technologies that are not strictly limited to currencies or coin tokens. Agree Disagree Not applicable. This does not apply to my organization or department. Has the capacity to capture OSINT research in real-time to assist with events such as active demonstrations, missing person investigations. etc. Agree Disagree Not applicable. This does not apply to my organization or department. Has the capability to conduct both tactical and strategic OSINT research. Agree Disagree Not applicable. This does not apply to my organization or department. Conducts practice reviews or audits of OSINT practices in the organization to ensure compliance with policies and standard operating procedures. Agree Disagree Not applicable. This does not apply to my organization or department. Ensures that personnel have the capability to perform research using mobile phone applications. Agree Disagree Not applicable. This does not apply to my organization or department. Section B: Organizational Structure This section addresses organizational structure, which refers to the way in which the department, agency or unit is organized to support efficient, effective and risk managed OSINT collection activities over the long term. The following questions relate to the organization or department you work for. You should imagine that each question is prefaced with: “The organization or department I work for…” Has defined a centre of excellence or responsible party for OSINT governance and best practices. Agree Disagree Not applicable. This does not apply to my organization or department. Has developed a strategic plan that includes a general mission statement, clearly defined objectives, the required initiatives and/ or resources to meet the objectives, key stakeholders, and the performance indicators that measure success. The plan can be at either the organizational level or at the unit specific level. Agree Disagree Not applicable. This does not apply to my organization or department. Has a method of data capture and statistical analysis that identifies strengths, weaknesses, and opportunities for improvement as it relates to OSINT capabilities. Agree Disagree Not applicable. This does not apply to my organization or department. Effectively uses the data it captures to provide input to command/senior management to inform strategic decisions such as organizational priorities, budgeting, public communications, etc. Agree Disagree Has developed job descriptions for specialist OSINT operators/officers/analysts OR has integrated OSINT skills into the job descriptions of other personnel who do OSINT as a part of their job. Agree Disagree Not applicable. This does not apply to my organization or department. Has job descriptions that refer to the appropriate level of OSINT knowledge and skill for the role. For example: “all personnel must have an interest safety awareness program”, “Level 1 analysts must have completed an introductory OSINT course or program”, and/ or “senior analysts must have an advanced program”, etc. Agree Disagree Not applicable. This does not apply to my organization or department. Has service level agreements between the producers of OSINT research and the users of OSINT research if appropriate. Agree Disagree Not applicable. This does not apply to my organization or department. Has a procurement strategy in place to ensure that units and personnel are able to obtain the equipment, training and other resources required to carry out their work. Agree Disagree Not applicable. This does not apply to my organization or department. Has the financial resources required to fulfill their mandate. Agree Disagree Not applicable. This does not apply to my organization or department. Has enough personnel trained in OSINT to keep up with the demand. Agree Disagree Not applicable. This does not apply to my organization or department. Has procedures in place to triage OSINT research requests. Note this may take place at the unit level rather than the organization level. Agree Disagree Not applicable. This does not apply to my organization or department. Has established clear mandates for its units and/or personnel to ensure that the work carried out by one group does overlap or interfere with the work carried out by other groups. Agree Disagree Not applicable. This does not apply to my organization or department. Section C: Policy and Law This section assesses whether the organization or unit has mechanisms in place to ensure that OSINT collection is done in accordance with laws applicable in its jurisdiction. The following questions relate to the organization or department you work for. You should imagine that each question is prefaced with: “The organization or department I work for…” Has policies and procedures in place that relate to the collection, use and storage of personally identifiable information of the individuals under investigation that are in accordance with applicable laws and best practices. Agree Disagree Not applicable. This does not apply to my organization or department. Has mechanisms in place to ensure that any OSINT policies at the unit level are aligned with the organization's general policies relating to the collection, use and storage of intelligence and evidence; and the organizations strategic objectives. Agree Disagree Not applicable. This does not apply to my organization or department. Has a policy that clearly defines what authorities specific roles must have to conduct different types of OSINT research. Agree Disagree Not applicable. This does not apply to my organization or department. Has created written policies and procedures for the creation and maintenance of online identities. Agree Disagree Not applicable. This does not apply to my organization or department. Has personnel who generally adhere to the organization's policies for managing online identities. Agree Disagree Not applicable. This does not apply to my organization or department. Ensures that its OSINT policy is flexible enough to allow for minor changes to standard operating procedures without having to seek senior management approval as if it were a change to the overall policy. Agree Disagree Not applicable. This does not apply to my organization or department. Effectively uses a mechanism to obtain stakeholder input for any policy changes that are considered. Agree Disagree Not applicable. This does not apply to my organization or department. Effectively incorporates stakeholder feedback into any policy changes. Agree Disagree Not applicable. This does not apply to my organization or department. Clearly distinguishes between OSINT techniques and other online investigative techniques such as under cover operations, in its policy. Agree Disagree Not applicable. This does not apply to my organization or department. Liaises regularly with its prosecution partners and/or litigation counsel (ex. Crown Prosecutor, District Attorney, Legal Counsel, etc.) to provide updates related to OSINT developments. This can include attended regularly scheduled meetings, forums or symposiums, and/ or inviting to legal counsel related to OSINT training. etc. Agree Disagree Not applicable. This does not apply to my organization or department. Section D: Technology This section of the assessment is to help participants understand how their organization has invested in technology to support OSINT research, information/evidence management and security. The following questions relate to the organization or department you work for. You should imagine that each question is prefaced with: “The organization or department I work for…” Has invested in a variety of evidence capturing tools to ensure that different types of OSINT content can be captured. Agree Disagree Not applicable. This does not apply to my organization or department. Has implemented a means of ensuring that its network is not identifiable to the websites that OSINT personnel visit. Agree Disagree Not applicable. This does not apply to my organization or department. Conducts attribution tests to ensure that its network continues to be anonymized or appropriately obfuscated. Agree Disagree Not applicable. This does not apply to my organization or department. Has a case management system that can handle OSINT captures and/or exhibits. Agree Disagree Not applicable. This does not apply to my organization or department. Has established service level agreements between the units that conduct OSINT research and its information technology (IT) group to ensure that IT services are available when required. Agree Disagree Not applicable. This does not apply to my organization or department. Coordinates efforts within the organization for the acquisition or development of tools to reduce overall costs, rather than each unit or individual acquiring or developing their own tools. Agree Disagree Not applicable. This does not apply to my organization or department. Maintains a centralized repository of tools, techniques and resources which might be of use to all OSINT personnel in the organization. Agree Disagree Not applicable. This does not apply to my organization or department. Section E: Training This section of the assessment is to help participants understand how their organization has invested in training to ensure that the personnel who conduct OSINT activities are appropriately trained for the work they do. The following questions relate to the organization or department you work for. Unless otherwise specified, you should imagine that each question is prefaced with: “The organization or department I work for…” Has a certification program in place for OSINT operators/officers/analysts. Agree Disagree Not applicable. This does not apply to my organization or department. In relation to question E1, the certification program is consistent with the tools available to capture and analyze information. Agree Disagree Not applicable. This does not apply to my organization or department. In relation to E1, the certification program covers both policy as well as technical skills. Agree Disagree Not applicable. This does not apply to my organization or department. Has developed case studies as a knowledge sharing tool to illustrate to new operators/officers/analysts how these personnel perform certain tasks. Agree Disagree Not applicable. This does not apply to my organization or department. Encourages on-going OSINT training by highlighting its strong correlation to professional development and career advancement. Agree Disagree Not applicable. This does not apply to my organization or department. How to Read Your Results Thank-you for completing the KeyNorth Organizational OSINT Maturity Assessment. Your results will be displayed in the next section. To read your results, consider that the maturity assessment is a scale between 1% to 100%, where 100% is an organization/department that has invested considerable effort and resources into its OSINT function. Look for responses with a zero (disagree) in the response. Those are the areas you may wish to give additional consideration to. Please note that the questions you marked as “Not applicable” will show as a correct answer. This is so that your overall answer is not artificially low. Notwithstanding you may wish to highlight these areas for future consideration. This was a summarized assessment and is a tool in our portfolio of assessment tools. If you would like to discuss your results with us or would like to more know about how the KeyNorth Group can support your organization’s OSINT function, please fill out the form below, one of our team members will respond to you shortly. If you would not like to contact us, please click the Done button, below the contact form.NameCompanyCity/TownState/ProvinceCountryEmail Address Phone NumberQuestion TitleYour Question or Comments
