Name *

First Name

Last Name

Phone

(###)

###

####

General Information

1. What is the size of your organization (number of employees)?

1-10

11-50

51-200

201-500

500+

2. Do you have a dedicated IT or cybersecurity team?

Yes, a full-time team

Yes, but part-time or outsourced

No

Security Policies and Procedures

1. Do you have a formal cybersecurity policy in place?

Yes, it is up-to-date and followed

Yes, but it is outdated or not strictly followed

No

2. Are employees required to follow any security guidelines or training?

Yes, mandatory training is conducted regularly

Yes, but training is optional or infrequent

No

Data Protection

1. What measures are in place to protect sensitive customer data? (Select all that apply)

Encryption

Access controls

Regular audits

None of the above

2. Do you follow any data protection regulations, such as GDPR or CCPA?

Yes, fully compliant

Working toward compliance

Not applicable

Incident Response

1. Do you have an incident response plan for managing data breaches or cyberattacks?

Yes, documented and tested regularly

Yes, but not tested recently

No

2. Have you experienced any significant security incidents in the past 12 months?

Yes

No

Access Control

1. Do you use multi-factor authentication (MFA) for accessing systems and accounts?

Yes, for all accounts

Yes, but for only critical accounts

No

2. How do you ensure employees have appropriate levels of access?

Role-based access control (RBAC)

Manual approvals by supervisors

No specific process

Application Security

1. Do you use secure development practices for any in-house software or applications?

Yes, fully implemented

Partially implemented

No

2. Are vulnerability scans or penetration tests conducted regularly?

Yes, at least annually

Yes, but irregularly

No

Network Security

1. What protections do you use for your network? (Select all that apply)

Firewalls

Intrusion detection/prevention systems (IDS/IPS)

Anti-virus/anti-malware software

None

2. How do you monitor your network for suspicious activity?

Dedicated security monitoring tools (e.g., SIEM)

Manual monitoring by IT staff

No monitoring in place

Vendor and Third-Party Security

1. Do you have a process for evaluating the security of vendors or third-party services?

Yes, with a formal evaluation process

Yes, but informally or ad hoc

No

2. Are contracts with third-party vendors aligned with your security standards?

Yes

No

Not applicable

Compliance and Certifications

1. Do you hold any security certifications (e.g., ISO 27001, SOC 2)?

Yes, multiple certifications

yes, one certification

No

2. Are your systems and processes regularly audited for compliance?

Yes, annually or more frequently

Yes, but less frequently

No

Additional Information

1. Do you need assistance improving any specific area of your security posture?

Yes

No