This recipe executes a full Organizational Immune System Audit engagement from initial scoping through monitoring retainer setup. It produces a composite health score report covering network topology, autoimmune patterns, and resilience gaps — plus a deployed monitoring architecture (WBC agents) that provides ongoing organizational health signals. [src1, src4]
Which path?
├── Client has Microsoft 365 enterprise
│ └── PATH A: Viva Insights — automated ONA, built-in dashboards
├── Client has Slack Enterprise + any email
│ └── PATH B: Slack Export + Custom Python — full control, lower cost
├── Client has mixed/smaller platforms
│ └── PATH C: API Integration + NetworkX — flexible, requires developer
└── Client has no API access (privacy-restricted)
└── PATH D: Survey-Only — limited but compliant| Path | Tools | Cost | Speed | Output Quality |
|---|---|---|---|---|
| A: Viva Insights | Microsoft Viva Insights | $5K-$10K | 3-4 weeks | Excellent |
| B: Slack + Python | Slack Admin Export, NetworkX, Gephi | $0-$500 | 4-5 weeks | Good |
| C: API + NetworkX | Custom API scripts, NetworkX | $0-$1K | 4-6 weeks | Good |
| D: Survey-Only | Surveys, interviews, manual mapping | $0-$200 | 3-4 weeks | Adequate |
Duration: 1 hour · Tool: Video call + structured intake form
Conduct initial scoping call with executive sponsor and key stakeholders. Define engagement scope, specific concerns, timeline, and success criteria.
Verify: Signed scope document with departments, timeline, and budget confirmed. · If failed: Reschedule within 3 business days.
Duration: 2-5 days · Tool: Legal/IT coordination
Negotiate access to communication metadata across all platforms. Draft data processing agreement specifying metadata-only scope, anonymization protocol, and data retention period.
Verify: All data feeds confirmed — admin credentials or export schedules in place. · If failed: Escalate to executive sponsor.
Duration: 3-5 days · Tool: Microsoft Viva Insights or Python NetworkX
Execute organizational network analysis from communication metadata. Build directed weighted graph, calculate centrality measures, overlay formal org chart. [src2, src4]
Verify: Network topology validated with client — top 10 bottlenecks identified. · If failed: Expand data sources or extend collection period.
Duration: 3-5 days · Tool: Log analysis + survey + structured interviews
Detect compliance bypass patterns, shadow workarounds, and security fatigue indicators. Classify each friction point as protective or paralyzing. [src1]
Verify: Pattern severity scored — each autoimmune pattern classified. · If failed: Extend survey window, add interview slots.
Duration: 2-3 days · Tool: Network centrality analysis + stress test scenarios
Identify SPOFs, hero dependencies, and recovery capacity gaps. Design and execute tabletop stress test scenarios. [src2]
Verify: Stress test scenarios completed, resilience score calculated. · If failed: Run async scenario assessment.
Duration: 3-5 days · Tool: Architecture specification document
Design White Blood Cell monitoring architecture: monitoring signals, alert thresholds, escalation paths, integration points.
Verify: Client reviews and approves monitoring scope. · If failed: Narrow to top 5 signals initially.
Duration: 1-2 days · Tool: Presentation + structured report
Produce and present OIA Health Score Report: composite health score, network topology visualization, autoimmune pattern inventory, resilience gap analysis, prioritized remediation roadmap.
Verify: Client acceptance of findings. · If failed: Offer to re-run specific analyses.
Duration: 2-3 days · Tool: Slack/email integration + monitoring dashboard
Deploy initial WBC monitoring agents. Configure baseline metrics, set alert thresholds, establish monthly reporting cadence. [src3]
Verify: Agents operational — first test alerts triggered and verified. · If failed: Fall back to manual monthly check-in.
{
"output_type": "oia_health_report",
"format": "PDF + JSON",
"sections": [
{"name": "health_score", "type": "number", "description": "Composite 0-100 organizational health score"},
{"name": "network_topology", "type": "object", "description": "Graph data with centrality scores per node"},
{"name": "autoimmune_patterns", "type": "array", "description": "Bypass/workaround patterns with severity"},
{"name": "resilience_gaps", "type": "array", "description": "SPOFs, hero dependencies, recovery gaps"},
{"name": "remediation_roadmap", "type": "array", "description": "Prioritized actions"},
{"name": "wbc_architecture", "type": "object", "description": "Monitoring agent specification"}
]
}| Quality Metric | Minimum Acceptable | Good | Excellent |
|---|---|---|---|
| Data coverage (% of in-scope employees) | > 70% | > 85% | > 95% |
| Network analysis accuracy (client-validated) | > 60% confirmed | > 80% | > 90% |
| Autoimmune pattern detection rate | > 5 patterns | > 10 | > 15 |
| Stress test scenario coverage | 3 scenarios | 4 scenarios | 5+ scenarios |
| Client satisfaction | > 3.5/5 | > 4.0/5 | > 4.5/5 |
If below minimum: Extend engagement by 1 week, add additional data sources, or narrow scope.
| Error | Likely Cause | Recovery Action |
|---|---|---|
| Data access blocked by IT | Security policy or legal review pending | Escalate to executive sponsor, proceed with available data |
| Low survey response rate | Survey fatigue or lack of communication | Executive sponsor sends personal message, extend deadline |
| Disconnected network graph | Incomplete data or departmental silos | Verify data completeness, document silos as finding |
| Client disputes findings | Findings challenge assumptions | Present raw data, offer to re-run with different parameters |
| Monitoring integration fails | IT security blocking bot | Fall back to manual monthly data export |
| Component | Focused ($15K-$25K) | Comprehensive ($25K-$50K) | Enterprise ($50K+) |
|---|---|---|---|
| Scoping + data access | $2K-$3K | $3K-$5K | $5K-$8K |
| Network analysis | $3K-$5K | $5K-$10K | $10K-$15K |
| Autoimmune scan | $2K-$4K | $4K-$8K | $8K-$12K |
| Resilience assessment | $2K-$3K | $3K-$6K | $6K-$10K |
| Report + WBC design | $3K-$5K | $5K-$10K | $10K-$15K |
| Monitoring setup | $2K-$3K | $3K-$5K | $5K-$8K |
| Total engagement | $15K-$25K | $25K-$50K | $50K-$70K |
| Monthly retainer | $2K/month | $3K-$4K/month | $5K+/month |
Jumping straight into network mapping without proper legal sign-off. Result: engagement halted when legal discovers unauthorized data access. [src1]
Spend 2-5 days upfront negotiating data access with legal and IT. This prevents mid-engagement stalls.
Delivering the OIA report without first validating key findings. Result: false positives destroy client confidence. [src2]
Share preliminary findings with 2-3 client stakeholders before the formal report.
Setting up WBC monitoring for every possible signal. Result: alert fatigue within 30 days. [src3]
Begin with top 5 signals only. Calibrate thresholds during first 30 days. Expand after demonstrating value.
Use when an agent needs to plan or execute a full OIA consulting engagement. This is the master recipe — it orchestrates sub-recipes for data collection, network analysis, autoimmune scanning, and stress testing into a cohesive engagement lifecycle.