Contact Us Please enable JavaScript in your browser to complete this form.Please enable JavaScript in your browser to complete this form.Company contact nameFirstLastCompany contact emailCompany nameIndustry / sectorApproximate number of employeesDo you have a documented information security policy?Yes, documented and approvedPartially documentedIn progressNo findings, of name Do you maintain an asset inventory for systems and data?Yes, complete and up to datePartial / not regularly updatedIn progressNoDo you have a formal risk assessment process (performed at least annually)?Yes, at least annuallyYes, but not on a regular scheduleIn progressNoAre access controls implemented (least privilege, role-based access, and periodic access reviews)?Yes, implemented and reviewed regularlyImplemented but reviews are inconsistentPartially implementedNoDo you use multi-factor authentication (MFA) for critical systems and remote access?Yes, enforced for critical systems and remote accessYes, but not enforced everywhereIn progressNoDo you have documented incident response procedures and run tabletop exercises?Yes, documented and testedDocumented but not testedIn progressNoIs security awareness training provided to employees (at least annually)?Yes, at least annuallyProvided but not consistentlyPlanned / in progressNoDo you have a vendor / third-party risk management process?Yes, documented and performed for key vendorsInformal / ad hoc reviewsIn progressNoDo you perform vulnerability scanning and patch management on a defined schedule?Yes, defined schedule and trackedSome scanning/patching but not consistentlyIn progressNoDo you have data protection controls (data classification, encryption, backups, and retention)?Yes, implemented and documentedPartially implementedIn progressNoWhat security compliance standards or frameworks are you targeting (e.g., ISO 27001, SOC 2, HIPAA, PCI DSS)?Please describe any known gaps, audit findings, or priorities for this readiness assessmentSubmit
