Technology Health Check

The Technology Health Check will take you approximately 10 minutes to complete. If possible, we recommend working with your leadership, IT, operations and other personnel as appropriate to review these questions and determine your organization's response. The discussions you will have in responding to these questions can provide helpful insights and in thinking about your organization's current technology capacity. 

Organization

1

Organization Name

Survey

3

Organization website

?

Please provide the URL of your organization's primary website

4

Total number of staff

The number of staff (approximation is fine), both full-time and part-time, that use technology at your organization. 

5

Who is most responsible for your organization's technology management and support?

6

What is the annual operating budget of your organization?

7

Technology planning

The organization engages in regular technology planning that is informed by strategic and operational goals.

?

Response Guidelines:

  1. No strategic technology planning
  2. Informal, ad-hoc planning
  3. A strategic technology plan has been conducted within past 5 years
  4. Strategic technology planning is conducted annually (or ongoing)
  5. Technology is included in organizational strategic planning
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
8

Onboarding and offboarding

There is a documented process and policy in place regarding the onboarding and offboarding of personnel. This includes procedures for necessary hardware, accounts, training and support. 

?

Response Guidelines:

  1. No onboarding/offboarding procedures
  2. Informal onboarding/offboarding procedures
  3. Documented, but incomplete onboarding/offboarding procedures
  4. Documented and thorough onboarding/offboarding procedures
  5. Through onboarding/offboarding including feedback process for improvements
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
9

Project ownership

All technology projects have a designated project lead who is responsible for managing resources and ensuring that projects stay in scope, on time and within budget. 

?

Response Guidelines:

  1. Ad hoc project ownership
  2. Informal ownership for larger projects
  3. Ownership for all projects with a mix of processes 
  4. Ownership and clear processes in place for all projects
  5. Ownership, clear processes and all projects include continuous learning and improvement
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
10

Training program

New staff, interns and volunteers receive training on the organization's systems as part of a new hire orientation and the organization provides ongoing training to staff as part of their professional development.

?

Response Guidelines:

  1. No technology training provided
  2. Some basic training from staff
  3. Technology training overview
  4. Formal onboarding training provided
  5. Ongoing formal training offered to all staff
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
11

Available technology support

Personnel have a clear process for submitting technology support requests and are able to have clear expectations for response time on these requests. 

?

Response Guidelines:

  1. No technology support provided
  2. Reactive support provided by vendor
  3. Most support provided by internal resource or "accidental techie"
  4. Ongoing support provided by technology vendor 
  5. Ongoing support from technology service provider and internal resource
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
12

Complete this question: "In the area of technology management, our biggest challenge is..."

(Optional)

13

Staff workstations

Staff have workstations that are reliable and well-performing. Staff are not hindered in their work by slow or unreliable workstations. 

?

Response Guidelines:

  1. Many workstations are old, poor performing and unreliable
  2. Some workstations are slow and/or unreliable
  3. Few workstations are slow and/or unreliable
  4. Workstations meet meet staff needs with few exceptions
  5. Workstations are high quality and seldom cause staff any issues
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
14

Internet bandwidth and networking

Internet and networking is fast and reliable throughout the organization, both via wireless (wi-fi) and wired networking. 

NOTE: If you support work-from-home (WFH) or are a predominately remote work organization, this questions applies to the home/office networks from where your personnel work. 

?

Response Guidelines:

  1. Network, Internet and wireless are slow and/or highly unreliable
  2. Network, Internet and wireless are slow and/or somewhat unreliable
  3. Network, Internet and wireless are of reasonable speed and mostly reliable
  4. Network, Internet and wireless are fast and mostly reliable
  5. Network, Internet and wireless are fast and completely reliable
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
15

Remote working / work from home

Staff are able to securely and reliably work remotely and/or from home and are able to access email, documents, applications and data as appropriate to their role.

?

Response Guidelines:

  1. There is no ability to work effectively and securely outside the office
  2. There is limited ability to work effectively and securely outside the office
  3. There is some ability to work effectively and securely outside the office
  4. There is good ability to work effectively and securely outside the office
  5. There is near perfect support for working effectively and securely outside the office
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
16

Backup and restore

Our organization's important information is backed up securely and restore tests are performed.

?

Response Guidelines:

  1. Backup systems unknown
  2. There are backups, but limited documentation and no testing
  3. There are backups and documentation, but no testing
  4. Backups are documented and tested for integrity
  5. Backups are documented, tested, and backup requirements are reviewed annually 
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
17

Business continuity

Leadership demonstrates an understanding of its most critical technology services and how those services may be impacted by various disruptive events.

?

Response Guidelines:

  1. No business continuity planning 
  2. Some informal business continuity planning with limited documentation
  3. There is a business continuity plan, but not reviewed
  4. Business continuity plan exists and is reviewed/revised annually
  5. Business continuity plan is reviewed annually and tabletop exercises peformed
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
18

Complete this question: "In the area of infrastructure, our biggest challenge is..."

(Optional)

19

Data leader / administrator

There is an identified owner, such as a Data Leader or Database Administrator,  who is responsible for overseeing the organization's data system(s).

?

Response Guidelines:

  1. No organizational data systems
  2. Data is departmentally owned and managed
  3. Data is departmentally owned with informal organizational oversight
  4. Data team is responsible for overseeing data on organization-wide basis
  5. A data leader(s) is responsible for overseeing a data team
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
20

Centralized decision-making

The organization has a framework for centralized, cross-departmental decision-making regarding data systems.

?

Response Guidelines:

  1. No data systems in place
  2. Decision-making made at the individual or departmental level
  3. Decision-making is mostly departmental with some cross-departmental input or collaboration
  4. Decision-making is mostly made centrally with some processes for departmental input
  5. Consistent cross-organizational process exists for making all or most data-related decisions
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
21

Data collection process and management

There is a clear framework in place and established standards on agency-wide data collection and management.

?

Response Guidelines:

  1. No organizational data systems

  2. No data standards other than those that are system-required

  3. Some data standards based on organizational reporting needs

  4. Data standards are defined and socialized across staff

  5. Data standards are defined and data is routinely scrubbed

No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
22

Relevant reports

Staff are able to access relevant real-time reports directly from the system(s).

?

Response Guidelines:

  1. No organizational data systems
  2. Reports are not available or used by most staff
  3. Some reports are available to most staff
  4. Some reports available and process for staff to request reports
  5. Staff are able to generate relevant reports on demand
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
23

Success metrics

Data is used across the organization to evaluate performance, drive decision making and set departmental/organizational goals.

?

Response Guidelines:

  1. No data system 
  2. Metrics exist primarily to satisfy funder requests
  3. Metrics used by departmental leaders for internal evaluation 
  4. Metrics used by staff across the organization for evaluation and planning
  5. Metrics are a common organizational language for evaluating performance, identifying areas of growth and testing assumptions
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
24

Complete this question: "In the area of data, our biggest challenge is..."

(Optional)

25

Cybersecurity program

Our organization has an active cybersecurity program.

?

Response Guidelines:

  1. No cybersecurity program exists in any form
  2. Informal and inconsistent cybersecurity activities performed
  3. Cybersecurity assessment performed at some point within past 1-2 years
  4. Cybersecurity is part of ongoing strategic technology planning
  5. Documented cybersecurity plan in place with measurable goals and monitoring
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
26

Cybersecurity awareness training

All staff at our organization have received cybersecurity awareness training within the past year. 

?

Response Guidelines:

  1. No awareness training provided at any point 
  2. Some staff have sought out awareness training on their own
  3. Staff have been provided at least one security awareness training within past year
  4. Staff are provided awareness training as part of onboarding and ongoing. 
  5. Awareness training program is active and ongoing and measured for effectiveness
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
27

Cyber liability Insurance

Our organization has reviewed options for cyber liability insurance and is confident the appropriate coverage is in place. 

?

Response Guidelines:

  1. Unknown or no cyber liability
  2. N/A
  3. Cyber liability policy included, but not reviewed
  4. N/A
  5. Cyber liability policy included and reviewed annually to ensure adequate coverage
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
28

Two-factor authentication (2FA)

Multi-Factor Authentication (MFA) / Two-Factor Authentication (2FA) is required for access to all systems, services and applications that support MFA/2FA and contain sensitive information.

?
Guide to response
  1. No MFA/2FA encouraged or enforced on any systems/services
  2. Some staff use MFA/2FA on some systems/services
  3. MFA/2FA enforced for all staff email, at a minimum
  4. MFA/2FA enforced on most critical systems (email, CRM, file sharing & finance)
  5. MFA/2FA enforced on all systems containing sensitive information
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
29

Patch management

The organization uses a patch management system to keep endpoints patched with current software versions. 

?
Guide to response
  1. No patch management at all
  2. Staff are encouraged to patch their workstations
  3. Workstations are configured to receive automatic updates
  4. We have a patch management system, but do not review it regularly
  5. We have a patch management system and review it regularly

Ideally, a patch management solution that addresses Windows and Macs, servers, desktops and laptops and also handles third-party applications such as Adobe, Java & MS Office. 

No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
30

Complete this question: "In the area of cybersecurity, our biggest challenge is..."

(Optional)

31

Digital communications plan

A digital communications plan is in place (e.g. goals, objectives, audiences, key messaging, timelines, measurement/tracking and budget) and followed at our organization.

?

Response Guidelines:

  1. No communications plan
  2. Departmental communications are deployed and not coordinated 
  3. Departmental communications are deployed, and these efforts are coordinated and timed
  4. Organization-wide communications guidelines are in place and most follow it
  5. An organization-wide communications plan is in place, followed and reviewed regularly
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
32

Dynamic website

The organization maintains a dynamic website, and appropriate organizational staff are able to update the website with new content.

?

Response Guidelines:

  1. No organizational website
  2. Website is out-of-date and consists of static pages
  3. Website is functional but only an outside developer can make editorial changes
  4. Website utilizes a Content Management System (e.g. WordPress, Drupal, Joomla), is mobile optimized and content can be updated by staff with some coding skills
  5. Website utilizes a Content Management System, is fully mobile optimized and content is easily updated without coding skills
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
33

Social media strategy

The organization has social media strategy with defined measurable goals for impact, and has a schedule for reviewing metrics to understand progress toward goals.

?

Response Guidelines:

  1. No organizational social media accounts
  2. No guidelines exist regarding use of social media accounts
  3. Defined audience and goals for reach exist for social media accounts
  4. Engagement for social media account(s) is tracked
  5. Social media metrics are used to continuously improve engagement
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
34

Targeted email communications

The organization's email list is segmented to allow specific groups to be targeted with appropriate and relevant messages.

?

Guidelines:

  1. No email system exists for centralizing communications
  2. Email system is used to broadcast messages to a full list
  3. Email system is used to send emails to specific groups, but the data is not integrated
  4. Email system is used to send emails to specific groups and data is integrated and updated
  5. Email system is fully integrated with central data system and communications are highly personalized
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
35

Email communications metrics

The organization conducts regular analysis of their e-communications activities.

?

Response Guidelines:

  1. Communications metrics are not tracked
  2. Basic metrics such as open rates, click-through's are informally reviewed
  3. Basic metrics are formally reviewed 
  4. Engagement metrics, such as conversion rate, used informally reviewed
  5. Engagement metrics are regularly reviewed and provide insight on recipients
No Practice
1
 
2
 
3
 
4
 
5
 
 Best Practice
36

Complete this question: "In the area of digital communications, our biggest challenge is..."