Administration Control

Computer and network security

Asset management

Please select all statements that apply to your organization:

1. Your business has identified, documented and classified its hardware and software assets and assigned responsibility for protection. *

YES

NO

NA

Management and organisational information security

Risk management

Please select all statements that apply to your organization:

1. Your business identifies, assesses, and manages information security risks. *

YES

NO

NA

Management and organisational information security

Information security policy

Please select all statements that apply to your organization:

1. Your business has an approved and published information security policy (This policy gives guidance and help to make sure information stays secure, following what the business needs and what the laws say.) and is regularly reviewed. *

Yes

NO

NA

Management and organisational information security

Information security responsibility

Please select all statements that apply to your organization:

1. Your business has created a framework to organise and monitor the information security implementation, as well as identified and assigned roles for information security. *

YES

NO

NA

Management and organisational information security

Outsourcing

Please select all statements that apply to your organization:

1. Your business has established written agreements with all third party service providers and processors that ensure the security and protection of any personal data they access and handle on your behalf. *

YES

NO

NA

Your staff and information security awareness

Training and awareness

Please select all statements that apply to your organization:

1. Your business has periodic information security awareness training for all staff (including temporary, locum or contracted employees) to make sure they understand their roles and carry them out. *

YES

NO

NA

Physical security

Secure areas

Please select all statements that apply to your organization:

1. To prevent unauthorised physical access, damage, and interference with personal data, your business has entry controls in place to restrict access to its premises and equipment. *

YES

NO

NA

Physical security

Secure storage

Please select all statements that apply to your organization:

1. Your business has safe storage arrangements in place to protect records and equipment against theft, damage, loss, and compromising of personal information. *

YES

NO

NA

Physical security

Secure disposal

Please select all statements that apply to your organization:

1. When records and equipment are no longer needed, your business has a procedure in place for safely getting rid of them. *

YES

NO

NA

Computer and network security

Home and mobile working procedures

Please select all statements that apply to your organization:

1. Your business makes sure that using mobile computing devices and working remotely is secure. *

YES

NO

NA

Computer and network security

Secure configuration

Please select all statements that apply to your organization:

1. Your business configures hardware, both new and old, to minimize vulnerabilities and offer only the features and services that are necessary. *

YES

NO

NA

Computer and network security

Removable media

Please select all statements that apply to your organization:

1. To avoid unauthorised disclosure, modification, removal, or destruction of personal data stored on removable media, your business has implemented controls to manage its use. *

YES

NO

NA

Computer and network security

User access controls

Please select all statements that apply to your organization:

1. Your company creates user accounts for authorized users and effectively maintains them to give the least amount of access to data possible. *

YES

NO

NA

Computer and network security

System password security

Please select all statements that apply to your organization:

1. Your business has appropriate information system "rules" and password security procedures in place, as well as a process in place to identify any unauthorized access or unusual use. *

YES

NO

NA

Computer and network security

Malware protection

Please select all statements that apply to your organization:

1. Effective anti-malware defenses have been put in place by your business in order to guard against malware infection on computers. *

YES

NO

NA

Computer and network security

Backup and restoration

Please select all statements that apply to your organization:

1. Regular electronic data backups enable your business to restore data in the case of an emergency. *

YES

NO

NA

Computer and network security

Monitoring

Please select all statements that apply to your organization:

1. To detect and assist in preventing data breaches, your business maintains logs and keeps an eye on user and system activities. *

YES

NO

NA

Computer and network security

Patch management

Please select all statements that apply to your organization:

1. To stop the exploitation of technical vulnerabilities, your business updates its software and installs the most recent security patches. *

YES

NO

NA

Computer and network security

Boundary firewalls

Please select all statements that apply to your organization:

1. To stop the exploitation of technical vulnerabilities, your business updates its software and installs the most recent security patches. *

YES

NO

NA

Personal data breach management

Incident management

Please select all statements that apply to your organization:

1. Your business has efficient procedures in place to find, report, manage, and manage any breaches involving personal data. You've put in place the necessary training to guarantee that employees understand how to spot and respond to a breach involving personal data. *

YES

NO

NA

2. If a breach occurs, your business has a process in place for notifying the affected individuals and the Supervisory Authority. *

YES

NO

NA

3. Your business has policies in place to efficiently look into the breach's cause(s) and implement measures to mitigate future risks. *

YES

NO

NA

Information Security Assessment