OSINT Blog / Post

July 17, 2024

Maximizing the Value of OSINT with a Corporate Policy Template

Investigators around the world within law enforcement, government, insurance, private investigations, finance, healthcare, and more are increasingly relying on the power of open-source intelligence (OSINT) to drive better decision-making. However, the management and application of OSINT can vary widely across these industries, leading to potential inconsistencies, confusion, and legal risks.

To help address these challenges, Skopenow has developed a template for a formal OSINT policy that organizations can use as a starting point to standardize their OSINT processes and minimize risk.

The Need for a Formal OSINT Policy

The risks arising from a lack of documented, standardized OSINT practices are numerous: they include legislative breaches, ethical conflicts, and failures to capture digital evidence in a court-compliant manner. And yet, Skopenow's own research shows that less than 20% of organizations have a formal OSINT policy in place, with many relying on either an investigator's individual discretion or informally agreed upon standards set by in-house OSINT teams. Having a formal OSINT policy can help ensure regulatory compliance, provide consistent guidance for decision-making, and streamline internal processes across departments and organizations.

The Benefits of Implementing a Policy

Regulating internet investigation activities through a formal OSINT policy is essential to protect both the public interest and investigation teams themselves. A policy sets strategic standards that ensure investigations are conducted based on the highest ethical and legal standards, with substantial consideration also given to the rights of individuals and the appropriate preservation of digital evidence.

Operational Consistency: An OSINT policy establishes expected standards of behavior and conduct during internet investigations, providing clear governance and oversight. It should outline the level or depth of OSINT activities permitted, who can be investigated online, and what tools are required to execute an investigation.

Operational Integrity: Internet investigations can leave traces of digital activity that reveal the identities of the investigator or employer, potentially jeopardizing ongoing or future investigations. An OSINT policy can limit risk to employees, investigations, and the organization itself by regulating investigative activity.

Investigator Security: The exposure of an internet investigation can also result in harm to an investigator, particularly when investigating criminal activity. By regulating tools and techniques through an OSINT policy, investigators can conduct their activities in an approved and anonymous way that minimizes the risk of discovery of the investigation and the investigator.

Legislative Protection: Internet investigation policies protect investigators and the subjects of their investigations from the inherent risks involved with the handling of personal data. A good policy can ensure that internet research only occurs when an investigation is justified and lawful, bolstering privacy and reducing risk for all parties involved.

Evidential Admissibility: Internet intelligence must be gathered in a way that will hold up in court. By implementing an OSINT policy, investigators can conduct activity in line with official standards and highlight there were no tactical red flags or abuses of power, making it easier to demonstrate that the activity performed was appropriate and legally admissible.

Why the Industry Should Come Together

Currently, organizations are free to set their own standards in executing investigative OSINT activities. However, there exists a strong argument for establishing a formal, industry-wide OSINT policy at the national or international level. While each organization has unique needs, a standardized policy framework would create a clear understanding among investigators and the public regarding what investigative activity is allowable under any given set of circumstances. It would also help safeguard legal protections for investigators and the public regardless of jurisdictional boundaries.

Skopenow's Role in Developing a Standard Policy

As a leading provider of OSINT solutions, Skopenow works with organizations that leverage OSINT across a range of industries and is well-positioned to recognize and develop a set of best practices as an initial foundation. While Skopenow is not a regulatory body, our team of investigation specialists has compiled their decades of experience and knowledge to establish a proposed baseline of standards that organizations can consider and build on.

Our policy outlines investigation levels, training requirements, equipment usage, internet intelligence handling, and much more. It provides a comprehensive framework that organizations can use to guide their OSINT activities. With this policy draft, Skopenow hopes to spark dialogue and collaboration that will empower investigators to do their best work while mitigating legal and ethical pitfalls.

Customizing the Policy Template to Organizational Requirements

Introducing a formal OSINT policy similar to the one proposed by Skopenow can help ensure that internet-based investigations have appropriate guardrails and potential risks are minimized. However, again, Skopenow's draft policy is intended to serve only as a starting point for organizations rather than an off-the-shelf, one-size-fits-all solution. It is also critical to underline that this policy template is not legal advice. Skopenow is a leading provider of comprehensive threat intelligence and OSINT solutions, but is not a regulatory body, and therefore cannot guarantee that the template is sufficient to meet all regulatory requirements.

Each organization faces unique requirements and circumstances. Skopenow encourages industry stakeholders to collaborate on and develop a proposed set of best practices while tailoring organization-wide policies to their specific needs.

Download Skopenow’s OSINT policy template here now.

With or without a formal OSINT policy, automated OSINT solutions can help organizations standardize their approach to investigations and achieve higher levels of quality and consistency in their operational activities. Workbench, Skopenow’s investigation product, provides comprehensive reports on individuals and companies, including their social media presence and history. Grid, Skopenow’s situational awareness solution, delivers real-time information and alerts on critical events and incidents that may impact operations. Additionally, Skopenow offers a link analysis module that enables organizations to visualize and analyze complex relationships between entities, helping to identify potential vulnerabilities and threats. 

Start unlocking the power of open-source intelligence with a free trial today: www.skopenow.com/try.