Case study ● Communities

Organisational Security

A series of meetings for practitioners convened by The Engine Room, Association for Progressive Communications (APC), and Front Line Defenders in 2016 led to the creation of the first public resource on organisational security by a community of leaders in the field.

Our first meeting

In February 2016, we co-hosted a meeting between fifteen organisational security practitioners in Prague, Czech Republic to identify best practices for guiding organisations on safety and digital security. Participants were from Engage Media, HURIDOCS, The ISC Project, Digital Society of Zimbabwe, Article 19, Internews and Access Now.

This first of many meetings served to combine our different approaches, and helped us develop a better sense of what we mean by “organisational security” in order to create a new framework for practitioners.

Connecting the dots

Defining main principles for organisational security support work

Compiling and sharing the beta resource with the larger security community.

Strategising how to share management of the resource and sustainability.

Our process

There are a myriad of existing toolkits on digital security, so it was crucial to meet in person and exchange knowledge before creating any new resource. In particular, we needed a definition that could help others recognise the difference between typical one-off digital security trainings and longer-term organisational support.

Online notes from the first workshop formed the basis of a new Organisational Security wiki. We designed it around the core components we agreed on (Discover, Strategise, Actualise and Create Space) and kept note of the topics that needed more attention. One month later, we shared the resource during the Internet Freedom Festival in Valencia, Spain and at RightsCon in San Francisco, California to gather feedback from a wider community.

We also held two online writing sprints (one on travel security and the other on password management) and migrated the wiki to our own secure infrastructure.

"Approaching this [organisational security] process as a community of practitioners brings together experiences from many contexts. In result, it grounds orgsec.community resources in factual knowledge. The Engine Room staff are great custodians and inspirators of this work. They provide solid structure, support and creativity to this process."

- Wojtek Bogusz, Front Line Defenders

Building a usable resource

The wiki will only stay relevant and up-to-date with careful and trustworthy management. We don’t want to create a ‘walled-garden’ where only a few busy people hold the keys for editing or adding content. So, we’re developing a strategy that balances inclusivity and security to invite new users to become co-managers of the wiki.

Many topics still remain to be addressed. The wiki provides guidance for practitioners, but does not currently support at-risk organisations. We are planning to develop more resources to help organisations assess their needs. If you are a security practitioner or a part of a group that needs this type of support, get in touch with us.

Related projects