CYBERSECURITY SELF-ASSESMENT Step 1 of 7 14% How secure are your IT systems? Fill out the assessment below to find out!Name(Required) First Last Company Name(Required) Email(Required) InfrastructureWe maintain an inventory of all workstations, servers and network equipment and we have implemented a sustainable hardware refresh cycle. No Somewhat Yes We utilize an incident ticketing system, we provide our management team with regular response and resolution time reports and the results of those reports are meeting the organization's expectations. No Somewhat Yes Our wireless network prevents guests from accessing our internal network and employees have unique usernames and passwords assigned for wireless access. No Somewhat Yes Our office locations utilize redundant internet service provider connections, and our firewall or router automatically swaps connections in the event of an outage. No Somewhat Yes Our servers and network equipment are protected with uninterruptible power supply units that maintain a minimum of 10 minutes runtime and automatically power down servers hosting critical data. No Somewhat Yes CybersecurityI am confident that we have the proper cybersecurity software deployed to protect personal and corporate data from attacks such as phishing and ransomware. No Somewhat Yes We engage with all organization employees and properly train them to identify ransomware, phishing and social engineering attacks coming from email, text message and web sites. No Somewhat Yes All organization IT systems and devices that contain PII or sensitive company information are encrypted to protect against loss or left. No Somewhat Yes We use single sign on and two-factor authentication across all critical line of business applications such as Office 365, our ERP system and remote access. No Somewhat Yes The level of cybersecurity insurance carried by our business is adequate to protect our organization and our clients from financial loss. No Somewhat Yes ComplianceWe apply regular server and workstation security patches and updates across our technology infrastructure. No Somewhat Yes We have a properly segmented corporate network (meaning workstations, servers, phones and guests are kept in separate logical networks). No Somewhat Yes We perform a regular network vulnerability scan and have archived all historical scan data for reporting and compliance purposes. No Somewhat Yes We have a written information security policy (WISP) that has been agreed to by all employees. No Somewhat Yes We are meeting all state and federal compliance requirements such as HIPAA, PCI DSS, FINRA and we are confident we would pass an audit. No Somewhat Yes Backup and Disaster RecoveryWe proactively monitor our server and cloud infrastructure for failures and performance issues so that business affecting problems can be prevented. No Somewhat Yes We regularly review our backup strategy, and we adhere to a documented process for backup frequency, retention and location. No Somewhat Yes We perform regular backup recovery testing, and we have a clear time objective for restoring critical systems and data. No Somewhat Yes Along with our management team, we understand how our technology infrastructure supports our key business processes and we have calculated our costs of technology infrastructure downtime. No Somewhat Yes We have a well-defined disaster response team with clearly defined roles, responsibilities and communication protocols. No Somewhat Yes Business StrategyThe organization's management team views technology as an investment, not a cost and they agree to implement best practices when recommended by the IT team. No Somewhat Yes We perform a regular technical alignment assessment to identify areas of our technology infrastructure that do not meet best practices. No Somewhat Yes We meet regularly as a team to assess risk, discuss strategy and perform IT budget planning for our organization. No Somewhat Yes We have a clear process for making IT related decisions in our organization, a project plan is agreed upon before implementation and communication within our organization is clear and consistent. No Somewhat Yes We consistently bring advances in technology to the attention of our management team, which increase employee productivity and gives us an edge over our competitors. No Somewhat Yes Cloud ServicesDo you use any cloud services, such as cloud-based email or file storage? Yes No We utilize a secure cloud-based email solution like Microsoft 365 or Google Workspace. No Somewhat Yes Our cloud services are configured according to service provider recommended best practices. No Somewhat Yes Our cloud-based email and file services are configured with data loss prevention policies and alerting to prevent data breaches. No Somewhat Yes All users are provided with training on applicable cloud services and are required to understand and agree to a written company Cloud Usage and Security Policy. No Somewhat Yes We utilize a security information and event management (SIEM) system that monitors and alerts on our network, cloud services and critical data systems. No Somewhat Yes HiddenNumberNameThis field is for validation purposes and should be left unchanged.