The Security Auditing Framework and Evaluation Template for Advocacy Groups (SAFETAG) is a professional audit framework that adapts traditional penetration testing and risk assessment methodologies to be relevant to smaller non-profit organizations based or operating in the developing world.

Audit Framework

The SAFETAG audit framework has been re-built in a new framework built around open source tools, hosted at github - watch for compiled versions of the framework documents in the Releases. If you're on Linux, you can follow the installation process to build PDF files out of the collection of markdown text documents and prepare audit reports.

You can download the overview, the full guide and the process map of the SAFETAG audit here:

Download the Overview (PDF, English)

Download the full Guide (PDF, English)

Download the Overview (PDF, Español)

Download the full Guide (PDF, Español)

Download the SAFETAG auditor training curricula

View the SAFETAG audit process (SVG)


Self Assessment Checklist

The Self-Assessment Checklist has been deprecated and is no longer available. Please refer to Guide for System Administrators in At‐Risk Organizations, as well as reference the engine room's atomized policy checklist.



SAFETAG resources are available under a Creative Commons Attribution-NonCommercial (CC BY-NC 3.0) License

Please see the full license for content attribution and a usage guide to referring to the "SAFETAG" wordmark.


Contact the SAFETAG team.

We'd love to hear from you at info at

We have a global network of auditors trained in the SAFETAG framework available for independent work with small NGOs.

For updates or suggestions for the framework, please submit an issue.