| Checklist Item | Compliant | Notes |
|---|---|---|
| Information Security Policy established and regularly reviewed | ||
| Regular risk assessments conducted | ||
| Incident response plan in place |
| Checklist Item | Compliant | Notes |
|---|---|---|
| Multi-factor authentication enabled for all systems | ||
| Access rights reviewed and updated regularly | ||
| Password policy enforced |
| Checklist Item | Compliant | Notes |
|---|---|---|
| Firewalls configured and monitored | ||
| Intrusion detection and prevention systems in place | ||
| Network segmentation implemented |
| Checklist Item | Compliant | Notes |
|---|---|---|
| Anti-virus and anti-malware tools deployed and updated | ||
| Endpoints regularly patched and updated | ||
| Removable media usage controlled |
| Checklist Item | Compliant | Notes |
|---|---|---|
| Data encryption (at rest and in transit) enabled | ||
| Data retention and destruction procedures in place | ||
| Data loss prevention systems implemented |
| Checklist Item | Compliant | Notes |
|---|---|---|
| Staff receive regular cybersecurity training | ||
| Regular phishing simulations conducted | ||
| Clear reporting process for suspicious activity |
| Checklist Item | Compliant | Notes |
|---|---|---|
| Third-party security assessments conducted | ||
| Service-level agreements cover cybersecurity expectations | ||
| Vendors monitored for ongoing compliance |
| Checklist Item | Compliant | Notes |
|---|---|---|
| Continuous monitoring for suspicious activities | ||
| Established incident response process | ||
| Regular review and updates of monitoring procedures |
| Checklist Item | Compliant | Notes |
|---|---|---|
| Regular backups performed and tested | ||
| Backup data is encrypted and securely stored | ||
| Disaster recovery plan established |