Skip to main content

Pilot Pack & Data Readiness Guide

Version: 1.0
Status: Draft
Date: 2025-10-10
Estimated Reading Time: 45-60 minutes

Table of Contents

  1. Introduction
  2. Minimum Viable Dataset (MVD)
  3. Data Gathering Workflow
  4. Taxonomy Crosswalk
  5. Data Gathering Templates
  6. Validation Checklist
  7. Import/Export Guidance
  8. Pilot Workshop Facilitation
  9. Self-Service Instructions
  10. Success Indicators
  11. Feedback Collection
  12. Troubleshooting Guide

1. Introduction

1.1 Purpose

This Pilot Pack & Data Readiness Guide enables GISF facilitators and NGO practitioners to prepare data for the NGO SRM ROI Calculator and conduct pilot workshops independently, without requiring constant consultant support. Target Audience:
  • Primary: GISF pilot facilitators running NGO pilot workshops
  • Secondary: NGO security managers, finance staff, and operations coordinators preparing data independently

1.2 What’s Included

This guide provides:

Minimum Viable Dataset (MVD)

Minimum Viable Dataset (MVD): Clear criteria for what constitutes sufficient data

Step-by-step data gathering workflow

Step-by-step data gathering workflow: From identifying sources to importing validated data

Taxonomy crosswalk

Taxonomy crosswalk: Mapping common NGO terminology to calculator categories

Validation checklist

Validation checklist: 20-item quality control checklist

Facilitation tips

Facilitation tips: Agendas, talking points, and anticipated questions for pilot workshops

Self-service instructions

Self-service instructions: Enable NGOs to use the calculator without external support

1.3 Time Estimates

ActivityEstimated TimeNotes
Data Preparation1-2 daysGathering incidents, costs, and assumptions
Pilot Workshop2-3 hoursFacilitated session with NGO team
Follow-up & Refinement1 dayAddressing questions, refining inputs
Total Pilot Effort3-5 daysFrom initial contact to final results
Note: Times vary based on data availability and NGO team readiness.

1.4 Key Success Factors

For Facilitators:
  • Clear communication of MVD requirements before pilot session
  • Structured agenda with defined milestones
  • Anticipation of common questions and edge cases
For NGO Participants:
  • Access to historical incident and cost data (≥12 months)
  • Multi-stakeholder team (security, finance, operations)
  • Openness to discussing qualitative outcomes (access, continuity, acceptance, wellbeing)

2. Minimum Viable Dataset (MVD)

2.1 MVD Definition

Minimum Viable Dataset (MVD): The smallest set of data required to produce a credible ROI estimate using the calculator’s simplified historical cost baseline approach. Criteria:
ComponentMinimum RequirementRecommended
Historical Costs≥1 year of total incident costs OR scenario preset selection2-3 years of incident cost data for better accuracy
Historical Window≥12 months of incident cost data24-36 months for stable baseline estimates
Costs≥3 cost line items (initial investment + at least 2 years of ongoing costs)≥5 cost items with CAPEX/OPEX distinction
AssumptionsTime horizonConfigure qualitative weights (defaults 0.25 each) and capture short evidence notes in the Qualitative step
Qualitative (Optional)Not required for basic ROIRecommended for comprehensive business case

2.2 MVD Validation Examples

✅ PASS: Meets MVDScenario A: Urban Office (Low Risk)
  • Historical Costs: 2024 = $15,000 (evacuation, equipment replacement, program delays)
  • Baseline EAL: $15,000 (single year average)
  • Costs: 3 items (Basic Training 3,000CybersecurityTools3,000 | Cybersecurity Tools 6,000 | Annual Maintenance $4,000 x 2 years)
  • Assumptions: Time horizon 3 years (discounting fixed at 0%)
  • Result: Sufficient data for credible ROI estimate
✅ PASS: Meets MVDScenario B: Field Operations (Moderate Risk)
  • Historical Costs: 2024 = 52,0002023=52,000 | 2023 = 48,000 | 2022 = $55,000
  • Baseline EAL: $51,667 (3-year average)
  • Costs: 9 items across 3 years
  • Assumptions: Time horizon 3 years (discounting fixed at 0%)
  • Qualitative: Weights and scores provided
  • Result: Comprehensive dataset exceeding MVD
✅ PASS: Meets MVDScenario C: No Historical Data (Scenario Preset)
  • Historical Costs: None available
  • Scenario Preset: Medium-risk conflict-affected context ($75,000 baseline EAL)
  • Costs: 5 items (Physical security upgrades, training, personnel)
  • Assumptions: Time horizon 3 years
  • Result: Sufficient data using evidence-based preset
❌ FAIL: Does NOT meet MVDScenario D: Insufficient Data
  • Historical Costs: None available, no scenario preset selected
  • Costs: 1 item (Security Guard $15,000 in Year 1 only)
  • Result: No baseline EAL available; must provide historical costs or select scenario preset

2.3 When to Defer a Pilot

Defer pilot if:
  • NGO has less than 12 months of operational history in current location
  • No documented incident costs AND no scenario preset applicable to context
  • Insufficient financial records to estimate SRM costs
  • Key stakeholders (security, finance, operations) unavailable for workshop
Mitigation:
  • Use scenario presets when historical cost data unavailable
  • Partner with similar NGOs to share anonymized cost data for benchmarking
  • Conduct cost estimation workshop using insurance claims, incident reports, and program disruption records

3. Data Gathering Workflow

3.1 Overview

5-Step Data Gathering Process:
1

Identify Data Sources

  1. Identify Data Sources ↓
2

Gather Historical Costs OR Select Scenario Preset

  1. Gather Historical Costs OR Select Scenario Preset ↓
3

Categorize Costs (budgets, invoices)

  1. Categorize Costs (budgets, invoices) ↓
4

Define Assumptions (time horizon)

  1. Define Assumptions (time horizon) ↓
5

Validate Completeness (MVD checklist)

  1. Validate Completeness (MVD checklist)

3.2 Step 1: Identify Data Sources

Historical Cost Data Sources:
  • Financial records (incident response costs, evacuation expenses, equipment replacement)
  • Insurance claims (theft, damage, medical evacuation, ransom payments)
  • HR records (staff injuries, evacuations, kidnappings, medical costs)
  • IT security logs (cyberattacks, data breaches, recovery costs)
  • Program disruption records (delays, cancellations, reputational response costs)
  • Regional security databases (GISF, INSO, EISF) for scenario preset validation
Cost Data Sources:
  • Annual budgets (security line items)
  • Procurement records (equipment, training, assessments)
  • HR payroll data (security personnel salaries)

3.3 Step 2: Gather Historical Costs OR Select Scenario Preset

Option A: Historical Cost Data (Recommended) Gather total incident costs for 1-3 recent years: What to Include:
  • Direct Costs: Equipment replacement, medical expenses, ransom payments, evacuation costs
  • Indirect Costs: Program delays, reputational response, legal fees, staff replacement
  • Recovery Costs: IT system restoration, facility repairs, security assessments
What to Exclude:
  • Routine security costs (guarding, training, equipment maintenance)
  • Insurance premiums (unless specifically for incident response)
  • General operational costs not directly related to incidents
Data Gathering Worksheet: 
Year 2024 Total Incident Costs: $________
- Direct costs: $________
- Indirect costs: $________
- Recovery costs: $________

Year 2023 Total Incident Costs: $________ (if available)
Year 2022 Total Incident Costs: $________ (if available)
Option B: Scenario Preset Selection (Fallback) When historical cost data is unavailable, select the operational context that best matches your organization: Low-Risk Stable Environment ($15,000 baseline EAL)
  • Stable governance, urban operations
  • Less than 2 security incidents per year
  • Strong state security presence
Medium-Risk Conflict-Affected Context ($75,000 baseline EAL)
  • Mixed stability, sporadic violence
  • Remote programming, local partners
  • Limited infrastructure, supply chain fragility
High-Risk Active Conflict Environment ($200,000 baseline EAL)
  • Persistent insecurity, frequent incidents
  • Armed actor presence in program areas
  • Regular evacuations, high staff turnover risk
Custom Adjustment: If your costs differ significantly from the preset, you can override with a custom baseline EAL.

3.4 Step 3: Categorize Costs (budgets, invoices)

Cost Data Sources:
  • Annual budgets (security line items)
  • Procurement records (equipment, training, assessments)
  • HR payroll data (security personnel salaries)
  • Financial reports (CAPEX/OPEX categorization)
  • Grant proposals (donor-funded security programs)

3.5 Step 4: Define Assumptions (time horizon)

Assumptions Data Sources:
  • Strategic planning documents (multi-year program timelines)
  • Previous cost-benefit analyses (social impact proxies, SROI precedents)

3.6 Step 5: Validate Completeness (MVD checklist)

Facilitation Tip: Schedule a pre-pilot data gathering call (30-45 minutes) to identify data sources and assign data collection responsibilities (security focal point for historical costs, finance staff for investment costs).

3.7 Worked Example: Historical Cost Baseline

Organization: Mid-sized NGO with field operations in conflict-affected region Step 1: Gather Historical Incident Costs 2024 Incident Costs:
  • Vehicle theft and equipment replacement: $25,000
  • Staff evacuation due to security threat: $15,000
  • Office break-in and equipment damage: $8,000
  • Cyberattack recovery costs: $12,000
  • Total 2024: $60,000
2023 Incident Costs:
  • Vehicle accident and medical costs: $18,000
  • Office burglary and equipment theft: $6,000
  • Staff kidnapping ransom and evacuation: $45,000
  • Total 2023: $69,000
2022 Incident Costs:
  • Vehicle theft: $20,000
  • Office break-in: $5,000
  • Cyberattack: $8,000
  • Total 2022: $33,000
Step 2: Calculate Baseline EAL 
Baseline EAL = (2024 + 2023 + 2022) / 3
Baseline EAL = ($60,000 + $69,000 + $33,000) / 3
Baseline EAL = $162,000 / 3 = $54,000
Step 3: Select Intervention and Reduction Rate
  • Intervention Type: Comprehensive SRM Program
  • Estimate Type: Moderate (50% reduction)
  • Expected Annual Savings: 54,000×0.5=54,000 × 0.5 = 27,000
Step 4: Enter Investment Costs
  • Year 1: Physical security upgrades (25,000),Training(25,000), Training (8,000), Personnel (30,000)=30,000) = 63,000
  • Year 2: Ongoing training (5,000),Personnel(5,000), Personnel (32,000) = $37,000
  • Year 3: Ongoing training (5,000),Personnel(5,000), Personnel (34,000) = $39,000
  • Total Investment: $139,000
Step 5: Calculate ROI
  • Total Benefits (3 years): 27,000×3=27,000 × 3 = 81,000
  • ROI: ((81,00081,000 - 139,000) / $139,000) × 100 = -41.7%
  • Payback Period: Not achieved within 3 years
Result: This investment shows negative ROI in the short term but provides significant qualitative benefits (improved access, continuity, acceptance, wellbeing) that may justify the investment from a mission perspective.

4. Taxonomy Crosswalk

4.1 Historical Cost Categories

Common NGO terminology mapped to calculator categories:
NGO TermCalculator CategoryWhat to Include
”Security incident response”Historical CostEvacuation, medical, equipment replacement
”Break-in costs”Historical CostEquipment theft, facility damage, recovery
”Carjacking expenses”Historical CostVehicle replacement, medical, ransom
”Cyberattack recovery”Historical CostIT restoration, data recovery, legal fees
”Program disruption”Historical CostDelays, cancellations, reputational response
”Staff evacuation”Historical CostTransportation, accommodation, medical
”Kidnapping response”Historical CostRansom, negotiation, family support

4.2 Cost Category Taxonomy

Standardized categories for security risk management costs:
CategoryTypeExamples
PersonnelOPEXSecurity Personnel, Security Manager, Security Focal Point
TrainingOPEXSecurity Training (Staff), Security Awareness Workshop, HEAT
AssessmentsOPEXSecurity Assessment, Security Audit, Risk Assessment
Physical SecurityCAPEXPhysical Security Upgrades, Perimeter Fencing, CCTV Installation
CybersecurityCAPEX/OPEXCybersecurity Tools, Firewall Software, Antivirus Licenses
VehiclesCAPEXArmored Vehicles, Security Escort Vehicles, GPS Tracking
EquipmentCAPEXCommunications Equipment, Satellite Phones, Two-way Radios
InsuranceOPEXKidnap & Ransom Insurance, Security Insurance Premium

5. Data Gathering Templates

5.1 Historical Cost Data Worksheet

Organization: ________________________
Data Collection Period: ________________________ Year 2024 Total Incident Costs:
  • Direct costs (equipment, medical, ransom): $________
  • Indirect costs (delays, reputation, legal): $________
  • Recovery costs (IT restoration, repairs): $________
  • Total 2024: $________
Year 2023 Total Incident Costs:
  • Direct costs: $________
  • Indirect costs: $________
  • Recovery costs: $________
  • Total 2023: $________
Year 2022 Total Incident Costs:
  • Direct costs: $________
  • Indirect costs: $________
  • Recovery costs: $________
  • Total 2022: $________
Calculated Baseline EAL: $________ (average of available years)

5.2 Scenario Preset Selection Worksheet

If historical cost data is unavailable, select the operational context that best matches your organization: Low-Risk Stable Environment ($15,000 baseline EAL)
  • Stable governance, urban operations
  • Less than 2 security incidents per year
  • Strong state security presence
Medium-Risk Conflict-Affected Context ($75,000 baseline EAL)
  • Mixed stability, sporadic violence
  • Remote programming, local partners
  • Limited infrastructure, supply chain fragility
High-Risk Active Conflict Environment ($200,000 baseline EAL)
  • Persistent insecurity, frequent incidents
  • Armed actor presence in program areas
  • Regular evacuations, high staff turnover risk
Custom Baseline EAL (if costs differ significantly): $________

5.3 Investment Cost Worksheet

Organization: ________________________
Investment Period: ________________________ Year 1 Costs (Initial Investment):
  • Personnel: $________
  • Training: $________
  • Physical Security: $________
  • Technology: $________
  • Assessments: $________
  • Other: $________
  • Total Year 1: $________
Year 2 Costs (Ongoing):
  • Personnel: $________
  • Training: $________
  • Maintenance: $________
  • Other: $________
  • Total Year 2: $________
Year 3 Costs (Ongoing):
  • Personnel: $________
  • Training: $________
  • Maintenance: $________
  • Other: $________
  • Total Year 3: $________
Total Investment: $________

6. Validation Checklist

6.1 Pre-Pilot Data Quality Check

Historical Cost Data:
  • At least 1 year of incident cost data available OR scenario preset selected
  • Direct costs included (equipment, medical, ransom, evacuation)
  • Indirect costs included (delays, reputation, legal)
  • Recovery costs included (IT restoration, repairs)
  • Routine security costs excluded (guarding, training, maintenance)
Investment Cost Data:
  • At least 3 cost line items identified
  • Initial investment costs captured (Year 1)
  • Ongoing operational costs captured (Years 2-3)
  • CAPEX/OPEX categorization completed
  • Cost categories match taxonomy (see Section 4.2)
Assumptions:
  • Time horizon defined (recommended: 3 years)
  • Stakeholders identified (security, finance, operations)
  • Data sources documented

6.2 MVD Compliance Check

Minimum Requirements:
  • Historical costs ≥$5,000 OR scenario preset selected
  • Investment costs ≥3 line items
  • Time horizon ≥1 year
  • Key stakeholders available for pilot
Recommended Enhancements:
  • 2-3 years of historical cost data
  • 5+ investment cost line items
  • Qualitative impact assessment included
  • Multi-stakeholder team (security, finance, operations)

7. Pilot Workshop Facilitation

7.1 Workshop Agenda (2-3 hours)

Opening (15 minutes)
  • Welcome and introductions
  • Review objectives and expected outcomes
  • Confirm data availability and MVD compliance
Data Entry (60-90 minutes)
  • Step 1: Enter historical costs OR select scenario preset
  • Step 2: Select intervention type and reduction rate
  • Step 3: Enter investment costs
  • Step 4: Define assumptions (time horizon)
  • Step 5: Complete qualitative assessment (optional)
Results Review (30 minutes)
  • Review ROI calculation and breakdown
  • Discuss qualitative impact index
  • Identify areas for refinement
Next Steps (15 minutes)
  • Export results (PDF/Excel)
  • Schedule follow-up for questions
  • Plan for implementation or refinement

7.2 Facilitation Tips

Before the Workshop:
  • Send data gathering templates 1 week in advance
  • Confirm MVD compliance via pre-workshop call
  • Prepare backup scenario presets for organizations without historical data
During the Workshop:
  • Start with historical cost data (most reliable)
  • Use scenario presets as fallback when needed
  • Encourage discussion of qualitative impacts
  • Document assumptions and rationale
After the Workshop:
  • Send exported results within 24 hours
  • Schedule follow-up call for questions
  • Collect feedback on calculator usability

8. Self-Service Instructions

8.1 Quick Start Guide

For organizations with historical incident cost data:
  1. Gather Historical Costs
    • Collect total incident costs for 1-3 recent years
    • Include direct, indirect, and recovery costs
    • Exclude routine security costs
  2. Select Intervention Type
    • Choose: Physical Security, Training, Technology, or Comprehensive
    • Select confidence level: Conservative, Moderate, or Optimistic
  3. Enter Investment Costs
    • List initial investment (Year 1)
    • Include ongoing costs (Years 2-3)
    • Categorize as CAPEX or OPEX
  4. Review Results
    • Check ROI calculation and breakdown
    • Review qualitative impact index
    • Export results for stakeholders
For organizations without historical data:
  1. Select Scenario Preset
    • Choose operational context that best matches your organization
    • Low-risk, Medium-risk, or High-risk environment
    • Override with custom baseline if needed
  2. Follow Steps 2-4 above

8.2 Common Questions

Q: What if I don’t have 3 years of historical data? A: Single-year data is acceptable. The calculator will use whatever data you provide. Q: How do I know which scenario preset to choose? A: Consider your operational context: stable governance, conflict level, incident frequency, and security infrastructure. Q: What if my costs don’t fit the standard categories? A: Use the “Other” category and add descriptive notes in the cost item. Q: Can I change the reduction rate? A: Yes, you can override the evidence-based rates with custom values, but document your rationale.

9. Success Indicators

9.1 Pilot Success Criteria

Data Quality:
  • Historical cost data OR scenario preset selected
  • Investment costs captured with appropriate detail
  • Assumptions documented and justified
Process Quality:
  • Multi-stakeholder team engaged (security, finance, operations)
  • Data sources identified and validated
  • Assumptions discussed and agreed
Output Quality:
  • ROI calculation completed successfully
  • Results exported and shared with stakeholders
  • Qualitative impact assessment included

9.2 User Experience Indicators

Ease of Use:
  • Calculator completed in less than 30 minutes
  • Historical cost approach understood and accepted
  • Scenario presets found useful when historical data unavailable
Confidence in Results:
  • ROI calculation considered credible
  • Qualitative impact index valued
  • Results suitable for decision-making
Adoption Potential:
  • Organization would use calculator independently
  • Results would be shared with donors/leadership
  • Calculator would be recommended to other NGOs

10. Feedback Collection

10.1 Post-Pilot Feedback Form

Organization: ________________________
Pilot Date: ________________________
Facilitator: ________________________ Data Gathering Experience:
  • How easy was it to gather historical cost data? (1-5 scale)
  • Were the scenario presets helpful? (Yes/No)
  • How long did data preparation take? (hours)
Calculator Usability:
  • How easy was the calculator to use? (1-5 scale)
  • How long did the calculation take? (minutes)
  • Were the results clear and understandable? (1-5 scale)
Results Quality:
  • How confident are you in the ROI calculation? (1-5 scale)
  • Was the qualitative impact index valuable? (Yes/No)
  • Would you use these results for decision-making? (Yes/No)
Recommendations:
  • What would improve the calculator?
  • What additional features would be helpful?
  • Would you recommend this tool to other NGOs? (Yes/No)

10.2 Feedback Analysis

Key Metrics to Track:
  • Average completion time
  • User satisfaction scores
  • Data quality issues
  • Feature requests
  • Adoption potential
Success Thresholds:
  • Completion time less than 30 minutes
  • User satisfaction ≥4/5
  • Confidence in results ≥4/5
  • Recommendation rate ≥80%

11. Troubleshooting Guide

11.1 Common Issues and Solutions

Issue: No historical cost data available
  • Solution: Use scenario presets based on operational context
  • Alternative: Conduct cost estimation workshop using incident reports and insurance claims
Issue: Historical costs seem too high/low
  • Solution: Verify data includes all incident types (direct, indirect, recovery costs)
  • Alternative: Use scenario preset as validation check
Issue: Investment costs don’t fit standard categories
  • Solution: Use “Other” category with descriptive notes
  • Guidance: Focus on capturing all costs rather than perfect categorization
Issue: ROI calculation shows negative results
  • Solution: This is normal for many security investments
  • Guidance: Emphasize qualitative benefits and long-term risk reduction
Issue: Stakeholders question reduction rate estimates
  • Solution: Use conservative estimates and document rationale
  • Alternative: Allow custom reduction rates with justification

11.2 Data Quality Issues

Missing Historical Data:
  • Use scenario presets as fallback
  • Document data limitations in assumptions
  • Consider partial cost estimation
Incomplete Investment Costs:
  • Focus on major cost items first
  • Add detail in follow-up sessions
  • Use estimates for minor items
Unclear Assumptions:
  • Default to conservative estimates
  • Document all assumptions
  • Review with stakeholders

12. References

12.1 Methodology References

  • Methods Note: NGO Security Risk Management ROI Calculator (Section 3: Historical Cost Baseline)
  • Data Schema: Data Schema & Codebook (Sections 3.2-3.4: New Entity Schemas)
  • Scenario Presets: Evidence-based baseline EAL estimates by operational context
  • Reduction Rates: Evidence-based risk reduction ranges by intervention type

12.2 Supporting Documentation

  • Pilot Pack: This document - Data readiness and facilitation guide
  • Quick Start Guide: Step-by-step instructions for self-service use
  • Validation Report: Formula validation and baseline testing results
  • Focus Group Plan: User feedback collection methodology

12.3 External References

  • ISO 31000:2018: Risk Management Guidelines
  • GISF Research: Member survey results and incident data
  • Humanitarian Outcomes: AWSD trend analysis and benchmarks
  • FAIR Framework: Factor Analysis of Information Risk (adapted for NGO context)
End of Document This Pilot Pack & Data Readiness Guide supports the NGO Security Risk Management ROI Calculator’s simplified historical cost baseline approach. For technical support or questions, contact the development team.