Technology Capacity Assessment

This survey will take anywhere from 20 to 40 minutes to complete. We recommend you complete this survey as a group, working with your leadership, IT, operations and other personnel as appropriate. The discussions you may have in responding to these questions can have value in thinking about your organization's current technology capacity. 

Organization

1

Organization Name

Information

This section contains basic information about your organization and technology. 

3

Organization website

?

Please provide the URL of your organization's primary website

4

Total number of staff

The number of staff (approximation is fine), both full-time and part-time, that use technology at your organization. 

5

Who is most responsible for your organization's technology management and support?

6

What is the annual operating budget of your organization?

7

IT spending

What is your (approximate) annual budget for IT?

8

Which of the following could you easily provide?

Use control+click to select multiple values.

9

What do you use for email and calendars?

10

What do you use for file sharing?

Use control+click to select multiple values.

11

Central data system

Does your organization use a central CRM (Constituent Relationship Management) or data system for tracking constituents?

?

Central data systems are those that serve as a "single source of truth" for multiple staff across the agency. This does not include spreadsheets that may be maintained by individual staff members.

Use control+click to select multiple values.

12

What area(s) of technology represent the greatest challenges for you?

Use control+click to select multiple values.

13

For the area(s) that you identified as needing improvement, please tell us a little bit about why you identified those areas.

Management

14

Technology Planning

The organization engages in regular technology planning that is informed by strategic and operational goals.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
15

IT Performance

Information Technology staff or vendors provide reporting to management regarding the performance and status of IT. 

?

Example: Reporting on the volume of support requests, uptime, pending projects, or performance and status of IT resources is given.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
16

Technology documentation

The organization's technology is documented.

?

Example: Optimally, IT staff verify and update the documentation periodically for network diagrams, credential management, vendor lists, and inventory lists.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
17

Onboarding and offboarding

There is a documented process and policy in place regarding the onboarding and offboarding of staff accounts.

?

Example: Which accounts are created when new staff come in, how access is revoked and information is protected when staff leave, the timeframe of when onboarding/offboarding requests must be made, and when staff leave, data or accounts are transferred to the appropriate stakeholder.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
18

Project ownership

All technology projects have a designated project lead who is responsible for managing resources and ensuring that projects stay in scope, on time and within budget. 

?

A Project Lead is a single individual who is accountable for a project from beginning to end. This need not be the same person for every project that is implemented in the organization.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
19

Project management practice

We have a project management process to support project planning, collaboration and oversight through a project's lifecycle. 

?

Having a defined project management process can include the use of a tool, such as Asana or Basecamp. 

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
20

Change management

Our organization addresses both the human and the technical side of adopting new technologies by defining a change management plan as part of any major technology implementation that has the potential to affect staff in their day-to-day work.

?

Change management refers to the process of managing the people-side of change in order to achieve a successful implementation. 

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
21

Training program

New staff, interns and volunteers receive training on the organization's systems as part of a new hire orientation and the organization provides ongoing training to staff as part of their professional development.

?

Training is offered to staff on a regular basis as scheduled sessions or on-demand services. Training is given with larger-scale system changes such as program updates or product changes.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
22

Available support

Staff, volunteers and interns have a clear process for submitting support requests and a clear expectation for response time. 

?

There is a formalized system for support requests either via a ticketing system, support email or other processes.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree

Infrastructure

23

Staff Workstations

Staff have workstations that are reliable and well-performing. Staff are not hindered in their work by slow or unreliable workstations. 

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
24

Internet bandwidth and Networking

Internet and networking is fast and reliable throughout the organization, both via wireless (wi-fi) and wired networking. 

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
N/A
 
25

Remote working

Staff are able to work remotely and are able to access email, documents, applications and data as appropriate to their role and within organizational policies. 

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
26

Replacing critical hardware and software

Workstations, servers and other hardware is replaced before going out of support from its manufacturer. 

?

Especially important for mission-critical hardware such as servers, firewalls and mission-critical software. 

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
27

Backup and restore

Our organization's important information is backed up securely and restore tests are performed.

?

Backup systems should be both physically and logically distinct from primary systems. For example, if sensitive data exists on an in-house server, the backup should be offsite and on a separate system (such as a cloud-based backup). Restores should also be performed, at a minimum, once every three months (quarterly). 

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
28

Software upgrades

Software is upgraded before reaching end-of-life and/or before productivity is impacted.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
29

Firewall

A firewall is installed with active subscriptions for Unified Threat Management (UTM).

?

Unified Threat Management (UTM) monitors inbound and outbound network traffic for malware and signs of intrusion or attempted intrusion. Only applies to organizations with networks used by multiple staff. Not applicable to organizations that are completely distributed. 

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
N/A
 
30

Business continuity

Leadership demonstrates an understanding of its most critical technology services and how those services may be impacted by various disruptive events.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree

Data

31

Data leader

There is an identified owner, or Data Leader,  for the organization's data system(s).

?

A Data Leader for an organization takes ownership for leading the organization toward being data-driven. This role includes helping various departments and staff better understand their systems and their data and how it can inform decision-making. A Database Administrator can fulfill this role, especially if they perform a leadership function for the organization or regularly interact with leadership.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
N/A
 
32

Data inventory

The organization has an inventory of data systems and data collection sources, and we have documented where data resides across all departments.

?

Optimally, data systems and sources are reviewed annually to keep the inventory up-to-date. 

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
N/A
 
33

Centralized decision-making

The organization has a framework for centralized, cross-departmental decision-making regarding data systems.

?

For example, the organization works to break down silos between departments and information within departments and encourages working collaboratively to select systems and integrate different systems where appropriate. 

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
N/A
 
34

Data collection process and management

There is a clear framework in place and established standards on agency-wide data collection and management.

?

The organization maintains central oversight on all sources of data. This includes any systems or personal processes (e.g. spreadsheets) that may be exist alongside any central systems. Data collection forms are developed to ensure that required data is gathered in the correct format, and that a central system serves as a "single source of truth" for the organization.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
N/A
 
35

Relevant reports

Staff are able to access relevant and timely reports directly from the system(s).

?

Staff are able to access up-to-date data and reports on a self-service basis. Staff do not rely on exports that are generated and then provided in an external format (e.g. Excel).

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
N/A
 
36

Success metrics

Staff identify metrics to measure progress and success in their department(s) or area(s).

?

Staff have been involved in a process of identifying KPI (key performance indicators) by which their progress in their specific areas can be measured. KPIs are used by staff to track progress as well as indicate when a process may need to change.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
N/A
 
37

Data Culture

Staff at all levels understand the significance of and buy in to the importance of data as an organizational resource.

?

Staff view data as an organizational resource. People responsible for entering data understand the importance of reliable data, and have an understanding of how data fits into the "bigger picture" of the organization's success.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
N/A
 
38

Process improvements

Staff use data for decision-making, and regularly review metrics to gain insights, inform planning, and identify process improvements. 

?

Leaders and staff engaging in conversations about data and seek to learn and adapt based on insights gained from data. Data insights become a means of conducting "small experiments" to test assumptions or re-engineer existing processes.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
N/A
 

Cybersecurity

39

Risk assessment

Our organization has performed a basic risk assessment that includes threat modeling and review of existing safeguards. 

?

A cybersecurity risk assessment looks at threats to confidentiality, integrity and availability of information managed by the organization, and compares these threats against the in-place safeguards to determine which risks to expend effort on mitigating. Threat modeling looks at specific threats to the organization that may be unique based on culture, nature of work, or other criteria. 

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
40

Cybersecurity plan

Our organization has an active cybersecurity plan.

?

An effective cybersecurity plan is done annually, at a minimum, and includes a timeline for implementation of any changes, a plan for communicating and supporting the change and support for new security measures. 

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
N/A
 
41

Cybersecurity awareness training

All staff at our organization have received cybersecurity awareness training within the past year. 

?

There is an ongoing security awareness training program in place for staff to help them with best practices for information security.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
42

Cyber liability Insurance

Our organization has reviewed options for cyber liability insurance and is confident the appropriate coverage is in place. 

?

Cyber liability insurance can help mitigate financial risk and provide additional resources should your organization suffer a breach or other cybersecurity-related incident. 

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
43

Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) is required for access to all systems, services and applications that support 2FA and contain sensitive information.

?

For example, two-factor authentication (2FA) is required for access to organizational email. Two-factor authentication applies two security steps to login processes.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
44

Vulnerability scanning

Our organization performs annual vulnerability scanning of our website, external and internal networks to detect vulnerabilities.

?

Vulnerability scanning is software which scans computers, networks and applications for weaknesses.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
N/A
 
45

Incident Response Plan

The organization has a complete incident response plan in place. 

?

An effective incident response plan includes, at a minimum:

  1. Guidelines for declaration of an incident and activation of the incident response
  2. A defined incident response team with contact information
  3. A communications plan
  4. A recovery plan
  5. Lessons learned and changes 
Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
46

Password Management

The organization provides staff with a password manager and/or Single Sign-On (SSO) tool. 

?

Some examples of Password Management and SSO systems include LastPass, 1Password, Okta & OneLogin. 

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
47

Patch Management

The organization uses a patch management system to keep endpoints patched with current software versions. 

?

Ideally, a patch management solution that addresses Windows and Macs, servers, desktops and laptops and also handles third-party applications such as Adobe, Java & MS Office. 

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
48

Phish Testing

The organization periodically "phishes" its staff to determine vulnerability to common phishing tactics. 

?

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. 

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree

Digital Communications

49

Communications plan

A communications plan is in place (including goals, objectives, audiences, key messaging, timelines, measurement/tracking and budget).

?

Example: communication practices are strategically integrated and central to organizational planning. If you do not have a communications plan, please select 1 from the scale.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
50

Dynamic Website

The organization maintains a dynamic website, and appropriate organizational staff are able to update the website with new content.

?

Example: Staff can easily add/edit/delete page content, pictures, videos, and add/remove entire pages as needed.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
51

Style Guide

The organization maintains a style guide and logo library that houses examples of the proper usage of the organization's fonts, colors, logos, etc.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
52

Intentional Social Media

The organization maintains a plan and guidelines for intentional use of social media as appropriate.

?

Example: Social media channels are considered and selected thoughtfully, and there are clear guidelines for using organizational versus personal social media accounts.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
53

Social Media Goals

The organization has defined measurable goals for social media impact, and has a schedule for reviewing metrics to understand progress toward goals.

?

Example: Organizations who get the most out of their social media data regularly gather and evaluate the data, and then review and reflect on the data, and adjust their strategy as necessary in accordance with the findings. 

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
54

Email communications practices

The organization uses appropriate practices for e-communications to comply with the CAN-SPAM Act.

?

Example: Opt-in and opt-out guidelines are followed.  The sender of the email is indicated clearly. A valid physical address of the sender is posted, and the subject line of the email accurately represents the contents of the email. 

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
55

Segmenting email list

The organization's email list is segmented to allow groups to be targeted with relevant messages.

?

Example: List recipients are tagged as "donors", "volunteers", "event attendees", etc. or with specific issue tags.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree
56

Email communications metrics

The organization conducts regular analysis of their e-communications activities.

?

Example: The organization tracks open rates on their emails and knows what type of content best engages their various constituents.

Strongly Disagree
1
 
2
 
3
 
4
 
5
 
 Strongly Agree

One Last Thing

57

Anything Else?

Please provide any addtional information you would like to share with us about the technology capacity at your organization.

* Answer required