Cyber Security Checklist
Inspection
Department
*
Inspection to review
-
Month
-
Day
Year
Date
Name
*
Position
*
Company Name
Phone Number
*
Please enter a valid phone number.
Email
*
example@example.com
PEOPLE
Does your staff wear ID badges?
Yes
No
N/A
Is a current picture part of the ID badge?
Yes
No
N/A
Are authorised access levels and type (employee, contractor, visitor) identified on the badge?
Yes
No
N/A
Do you check the credentials of external contractors?
Yes
No
N/A
Do you have policies addressing background checks for employees and contractors?
Yes
No
N/A
Do you have a process for effectively cutting off access to facilities and information systems when an employee/contractor terminates employment?
Yes
No
N/A
Score %
PHYSICAL SECURITY
Do you have policies and procedures that address allowing authorised and limit in gun authorised physical access to electronic information systems and the facilities in which they are housed?
Yes
No
N/A
Does your policies and procedures specify the methods used to control physical access to your secure areas, such as door locks, access control systems, security officers, or video monitoring?
Yes
No
N/A
Is the access to your computing area controlled (single point, reception or security desk, sign-in/sign-out log, temporary/visitor badges)?
Yes
No
N/A
Are visitors escorted into and out of controlled areas?
Yes
No
N/A
Are your PCs inaccessible to unauthorised users (e.g. located away from public areas)?
Yes
No
N/A
Is your computing area and equipment physically secured?
Yes
No
N/A
Are there procedures in place to prevent computers from being left in a loggedon state,however briefly?
Yes
No
N/A
Are screens automatically locked after 10 minutes idle?
Yes
No
N/A
Are modems set to Auto-Answer OFF (not to accept incoming calls)?
Yes
No
N/A
Do you have procedures for protecting data during equipment repairs?
Yes
No
N/A
Do you have policies covering laptop security (e.g. cable lock or secure storage)?
Yes
No
N/A
Do you have an emergency evacuation plan and is it current?
Yes
No
N/A
Does your plan identify areas and facilities that needs to be sealed off immediately incase of an emergency?
Yes
No
N/A
Are key personnel aware of which areas and facilities need to be sealed off and how?
Yes
No
N/A
Score %
ACCOUNT AND PASSWORD MANAGEMENT
Do you have policies and standards covering electronic authentication, authorization, and access control of personnel and resources to your information systems, applications and data?
Yes
No
N/A
Do you ensure that only authorised personnel have access to your computers?
Yes
No
N/A
Do you require and enforce appropriate passwords?
Yes
No
N/A
Are your passwords secure (not easy to guess, regularly changed, no use of temporary or default passwords)?
Yes
No
N/A
Are your computers set up so others cannot view staff entering passwords?
Yes
No
N/A
Score %
CONFIDENTIALITY OF SENSITIVE DATA
Do you classify your data, identifying sensitive data versus non sensitive?
Yes
No
N/A
Are you exercising responsibilities to protect sensitive data under your control?
Yes
No
N/A
Is the most valuable or sensitive data encrypted?
Yes
No
N/A
Do you have a policy for identifying the retention of information (both hard and softcopies)?
Yes
No
N/A
Do you have procedures in place to deal with credit card information?
Yes
No
N/A
Do you have procedures covering the management of personal private information?
Yes
No
N/A
Is there a process for creating retrievable back up and archival copies of critical information?
Yes
No
N/A
Do you have procedures for disposing of waste material?
Yes
No
N/A
Is waste paper binned or shredded?
Yes
No
N/A
Is your shred bin locked at all times?
Yes
No
N/A
Do your policies for disposing of old computer equipment protect against loss of data(e.g. by reading old disks and hard drives)?
Yes
No
N/A
Do your disposal procedures identify appropriate technologies and methods for making hardware and electronic media unusable and inaccessible (such as shredding CDs and DVDs, electronically wiping drives, burning tapes) etc.)?
Yes
No
N/A
Score %
DISASTER RECOVERY
Do you have a current business continuity plan?
Yes
No
N/A
Is there a process for creating retrievable back up and archival copies of critical information?
Yes
No
N/A
Do you have an emergency/incident management communications plan?
Yes
No
N/A
Do you have a procedure for notifying authorities in the case of a disaster or security incident?
Yes
No
N/A
Does your procedure identify who should be contacted, including contact information?
Yes
No
N/A
Is the contact information sorted and identified by incident type?
Yes
No
N/A
Does your procedure identify who should make the contacts?
Yes
No
N/A
Have you identified who will speak to the press/public in the case of an emergency or an incident?
Yes
No
N/A
Does your communications plan cover internal communications with your employees and their families?
Yes
No
N/A
Can emergency procedures be appropriately implemented, as needed, by those responsible?
Yes
No
N/A
Score %
SECURITY AWARENESS
Are you providing information about computer security to your staff?
Yes
No
N/A
Do you provide training on a regular recurring basis?
Yes
No
N/A
Are employees taught to be alert to possible security breaches?
Yes
No
N/A
Are employees taught to be alert to possible security breaches?
Yes
No
N/A
Are your employees taught about keeping their passwords secure?
Yes
No
N/A
Are your employees able to identify and protect classified data, including paper documents, removable media, and electronic documents?
Yes
No
N/A
Does your awareness and education plan teach proper methods for managing credit card data (PCI standards) and personal private information (Social security numbers, names, addresses, phone numbers, etc.)?
Yes
No
N/A
Score %
COMPLIANCE
Do you review and revise your security documents, such as: policies, standards, procedures, and guidelines, on a regular basis?
Yes
No
N/A
Do you audit your processes and procedures for compliance with established policies and standards?
Yes
No
N/A
Do you test your disaster plans on a regular basis?
Yes
No
N/A
Does management regularly review lists of individuals with physical access to sensitive facilities or electronic access to information systems?
Yes
No
N/A
Score %
Any other relevant Information you would like to share?
Inspection score
Inspection score %
Name
*
Signature
Continue
Continue
Should be Empty: