Name Of The Organisation *
Organisation Point of Contact *
Email Address for Result *
Q1. What level of IT and Cyber Support do you have in place? * Dedicated team of IT Staff that support everything External IT Provider that supports everything Ad-Hoc Support by an External IT Provider Self-Help only
Q2. How many users have access to your IT systems? *
Q3. How many of these users are Remote or Home users? *
Q4. Are your users aware of cyber security threats? * Please select one of the following...... Yes – with regular cyber user awareness training Yes – through company updates IT Staff are, but users are generally not Some awareness through own knowledge
Q5. Do users know how to respond to attempted or actual cyber attacks? * Please select one of the following...... Yes – a incident response process is followed Yes – the IT staff are notified User will respond on their own No
Q6. Are users restricted to what information and business systems they can access? * Please select one of the following...... Yes - Users are members of groups that restrict access to only the systems and data they require Yes - Users manage access to their own data personally Yes - Access to sensitive data is restricted to select users No - We allow our users access to all systems and data No
Q7. Do you have and maintain a list of IT and information assets? * Please select one of the following...... Yes – fully automated asset discovery and inventory system Yes – manual asset and inventory system Yes – updated paper/software asset register Only have an ad-hoc register covering certain areas No record of assets
Q8. Are your devices regularly updated (Patched)? * Please select one of the following...... Yes – fully managed system for everything Yes – automatic vendor updates for everything User responsible for allowing vendor updates No
Q9. Do you allow users to use their own devices? * Please select one of the following...... No Yes via a guest/dedicated network (includes wifi) Yes shared with the business network (includes wifi) Our users mainly work on their own devices
Q10. Do you have company wide policies for IT and cyber security? * Please select one of the following...... Yes – full set of policies that everyone reads annual and annually Limited information in a staff handbook or equivalent No
Q11. How are risks managed within your organisation? * Please select one of the following...... We have a detailed risk register which is regularly reviewed, and issues addressed where possible We have a risk register that is reviewed We manage identified risks on an ad-hoc basis We have no formal method of managing risk We are not aware of any risks to our business
Q12. How does your company connect to the Internet? * Please select one of the following...... ISP issued Router/Firewall (Without WIFI) ISP issued Router/Firewall (With WIFI) Dedicated Firewall Shared building connection Unknown
Q13. Are your devices protected from viruses and other malicious software? * Please select one of the following...... Centrally managed endpoint security suite (e.g. Sophos Central) Un-managed endpoint security suite Commercial Anti-virus software Free anti-virus software Unknown
Q14. Are your systems regularly checked for vulnerabilities? * Please select one of the following...... Regular external and internal penetration tests and Vulnerability assessments Irregular external and internal penetration tests and Regular Vulnerability assessments Regular vulnerability assessments Irregular vulnerability Assessments Occasionally
Q15. Is your data backed up? * Please select one of the following...... Yes - we have a tested offsite backup process in place Yes - we have an offsite backup process Yes - we take regular backups of our data All of our data is stored in the cloud No
Q16. Are your systems monitored for threats and potential cyber attacks? * Please select one of the following...... Yes – provided an external provider Yes – in house protection from our IT Team No
Q17. Do you have Data Protection Policies and Privacy Notices? * Please select one of the following...... Yes Yes - Partial No
Q18. Do you have a nominated individual responsible for data protection? * Please select one of the following...... Yes – in house Data Protection Officer Yes – Virtual service from another office No – Not required No
Q19. Do you have a register of all your personal data Information assets? * Please select one of the following...... Yes Yes – Partial No
Q20. Do you have a formalized data subject access request process? * Please select one of the following...... Yes No
Further Comments or Areas of Concern
