Pharmaceutical Supplier Cybersecurity Assessment Tool

Supplier In Pharmaceutical Manufacturing Cybersecurity Assessment Tool
This tool helps assess your organization’s cybersecurity practices and provides a general overview of your cybersecurity posture.

FAQs
- What do I get? A customized Plan of Action (POA) within 1 business day.
- How much does it cost? It’s free.
- How long will it take? The assessment has 11 questions and takes about 15 minutes. The results will be emailed within 1 business day.
- How do I start? Read the instructions below and click "I acknowledge" to begin.
1. Purpose:
This tool identifies key areas for improvement in your cybersecurity practices, without revealing specific vulnerabilities.

2. Confidentiality:
Do not share proprietary or confidential information. The questions are non-invasive.

3. Answering Questions:
Choose from multiple-choice responses. If a question feels sensitive, select "I prefer not to answer."

4. Results Usage:
The POA will highlight cybersecurity strengths and areas needing attention. Use the results as a guide for further analysis.

5. Disclaimer:
This tool provides general guidance, not legal or cybersecurity advice. It should not be the sole basis for decisions.
I Acknowledge and understand that this assessment is for informational purposes only.*

I acknowledge

Name*

First NameLast Name
Title*
Company or Organization*
Number of Employees*
Company Address*

Street Address

Street Address Line 2

CityState / Province

Postal / Zip Code
Email*
example@example.com

Q1: How would you describe the cybersecurity culture within your organization?*

Cybersecurity is a top priority, with strong awareness and active participation from all employees.Cybersecurity is important, but awareness and participation vary across the organization.Cybersecurity is recognized as necessary, but efforts are primarily driven by IT or security teams.Cybersecurity is considered a low priority, with minimal awareness or involvement from employees.Prefer not to answer.

Q2: Which cybersecurity framework is most applicable to your company or organization?*

Not SureCMMC Level 1 or 2NIST Cybersecurity Framework (CSF)Health Industry Cybersecurity Practices (HICP)Prefer not to answer

Q3: Has your organization conducted a risk analysis or gap assessment against the applicable cybersecurity framework to identify potential cybersecurity threats, vulnerabilities, and areas for improvement?*

Yes, we have conducted both a risk analysis and a gap assessment against the applicable cybersecurity framework within the past year.We have conducted either a risk analysis or a gap assessment, but not both, or it was done more than a year ago.No, we have not conducted a risk analysis or gap assessment against the applicable cybersecurity framework.Prefer not to answer

Q4: Are cybersecurity roles, responsibilities, and authorities clearly defined within your organization?*

Yes, we have clearly defined roles, responsibilities, and authorities for cybersecurity, documented and communicated across the organization.We have defined roles and responsibilities, but they are not formally documented or consistently communicated.No, we do not have clearly defined cybersecurity roles, responsibilities, and authorities in place.Prefer not to answer

Q5: How does your company stay informed about the latest cybersecurity threats and best practices?*

We actively monitor cybersecurity threats and best practices, with dedicated personnel or teams who provide frequent updates and training across the organization.We occasionally review cybersecurity updates and engage in training or consultations as needed, but we do not have a consistent process for staying informed.We rarely stay informed about cybersecurity threats and best practices, and there is no structured process in place to track updates or developments.Prefer not to answer

Q6: How would you describe the status of your company's cybersecurity documentation? Documentation examples include System Security Plan, Cyber Awareness Training Plan, Control Mapping, Incident Response Plan, Risk Assessment Report.*

We have comprehensive and up-to-date cybersecurity documentation that covers all required areas, and it is regularly reviewed and updated.We have some cybersecurity documentation in place, but it is incomplete, outdated, or not consistently reviewed and updated.We do not have formal cybersecurity documentation, or it is minimal and lacks coverage of key areas.Prefer not to answer

Q7: How often does your company conduct cybersecurity training for employees?*

We conduct cybersecurity training for employees at least annually, with regular updates and refreshers throughout the year.We conduct cybersecurity training occasionally, but it is not on a regular schedule or lacks consistent updates.We rarely or never conduct formal cybersecurity training for employees.Prefer not to answer

Q8: What measures does your company have in place for responding to a cybersecurity incident?*

We have a documented and tested incident response plan that is regularly updated and communicated to all relevant personnel.We have an incident response plan, but it is not regularly tested or updated, and awareness of the plan is limited to certain teams.We do not have a formal incident response plan in place or rely on ad-hoc measures when incidents occur.Prefer not to answer
Q9: If your company were to focus on implementing or upgrading your technical cybersecurity solutions, which area would you prioritize?*

Data Protection and Encryption: Safeguarding sensitive data through encryption and secure storage.Access Control and Identity Management: Implementing or enhancing access controls and identity verification systems.Threat Detection and Response: Improving monitoring, detection, and response to cybersecurity threats.Governance, Risk Management, and Compliance (GRC): Enhancing cybersecurity policies, compliance, risk management, and overall governancePrefer not to answer

Q10: What cybersecurity incident is most concerning to your company? (select one option)*

PhishingRansomwareInsider threatsMalware and virusesData breachesAll of the abovePrefer not to answer

Q11: What additional support or resources would be most beneficial to help your company improve its cybersecurity posture?*

Access to comprehensive cybersecurity training programs for employees.Customized consulting services to develop and implement a tailored cybersecurity strategy.Advanced tools and software for threat detection and incident response.Cybersecurity audits and assessments to identify and address vulnerabilities.Detailed guidelines and templates for creating and maintaining cybersecurity documentation.Other

Before we finish up, please take a final moment to provide some quick feedback on your experience, including whether you found this assessment helpful and any changes you would like to see.
How helpful did you find this assessment tool for understanding and improving your company's cybersecurity posture?

1

2

3

4

5

1 is Not helpful, 5 is Most Helpful
Please provide any additional feedback you have about this assessment tool. This can include suggestions for improvement, corrections on any content you found inaccurate, or any other helpful comments to enhance the effectiveness of this tool.

Assessment Results

This virtual assessment provides an overview of your current cybersecurity posture for informational purposes only and is not a definitive evaluation.

Developing a Plan of Action is essential, whether you're pursuing CMMC, NIST CSF, or HICP. The provided Plan of Action serves as a starting point to improve your cybersecurity, helping you prioritize actions and enhance defenses.

We recommend reviewing these findings thoroughly and adjusting them based on any additional context not covered in this assessment.

Click "Submit" below to receive your customized Plan of Action within 1 business day to the email address provided: {email}
Should be Empty:

Supplier In Pharmaceutical Manufacturing Cybersecurity Assessment Tool