Organization Information

Organization Name

Contact Person

Email

Governance

Does your organization have a documented cybersecurity policy?

How often is the policy reviewed and updated?

Has your organization performed a cybersecurity risk assessment in the past 12 months?

Please describe your risk assessment process:

Do you maintain an up-to-date inventory of hardware and software assets?

How often is the inventory updated?

Are access rights to systems and applications reviewed periodically?

Describe the process for onboarding and offboarding users:

Is there a documented incident response plan?

When was the last incident response exercise performed?

Does your organization conduct regular cybersecurity training for employees?

How is training effectiveness measured?

Are antivirus and anti-malware solutions implemented?

Are security patches applied in a timely manner?

How do you track and remediate identified cybersecurity gaps?

Describe methods used to stay updated on new cybersecurity threats and solutions: