FTC Safeguard Assessment
This assessment will take approximately 20 minutes to complete. You may save and continue later. Please complete the fields below and provide as many details as possible. Upon completion of the assessment, you'll receive a detailed analysis of your organization's compliance status related to FTC Safeguard Rules.
PRIVACY
This form uses a 256-bit SSL connection and is PCI, GDPR and CCPA compliant. All submissions are encrypted with RSA 2048 and automatically deleted. A licensed insurance agency will prepare your insurance quote. All quotes are subject to state availability and suitability.
How would you like to complete your assessment?
I'll complete myself online.
I'd like to schedule a workshop.
Organization Information
Please tell us a little about your organization. The better we understand your organization the more customization we can provide you in order to maximize security while reducing expenses.
Schedule a meeting with Matt McGonigle below. After scheduling you may close this window.
Organization Full Legal Name
*
Organization DBA/Trade Name
Main Contact Full Name
*
First Name
Last Name
Main Contact Title
*
Main Contact Phone #
*
Main Contact Email Address
*
Organization Shipping Address
Organization Website
Organization Background
In order to determine the proper cyber security controls and the potential cost of a breach it is important for us to know to a little more about your organization.
What year was the Organization established?
What is the Organization's Primary Industry(s)?
How many customers/members/users does the Organization have currently?
Total Number of Locations
Total Number of Locations Outside of the United States
Organization's Approximate Annual Revenue
Start Up - $1mm
$1mm - $2.0mm
$2.0mm - $5.0mm
$5.0mm - $10mm
$10mm - $25mm
$25mm - $50mm
$50mm - $100mm
$100mm - $500mm
$500mm - $1b
Over $1b
Organization's Approximate Annual Operations Cost
This information is necessary in order to prepare your organization with an estimate of the cost of a serious incident or breach.
Please use this section to provide us with any other relevant information or general notes related to the Organization:
Organization IT Environment
The following questions are required to understand the current IT Environment of your organization. Please answer each question and provide additional information as needed.
Total Number of Workstations
Total Number of Laptops
Total Number of Servers (Physical)
Total Number of Servers (Virtual)
Total Number of Endpoints
Approximate Number of Users Accessing Networks
Total Number of IT Assets
Please use this section to provide us with any other relevant information or notes related to the IT Environment:
Organization Staff + Asset / Device Management
The following questions are required to understand the risk management in place for both your staff and digital assets + devices in use by your organization. Please answer each question and provide additional information as needed.
Total Number of Full Time Employees
*
Total Number of Part Time Employees
Total Number of Outside Vendors and Contractors
*Vendors or Contractors with access to your environment.
Total Number of Internal IT Staff (All Departments)
*
Total Number of Cyber Security Staff
*
Are your employees subject to ongoing Identity Screening + Monitoring?
Yes
Yes. But, only one time at initial hiring.
No
Which provider are you using for employee Identity Screening + Monitoring?
Do you have a written Employee Policy in place for employees to notify your organization of Identity Breaches?
Yes
No
Unsure
Please upload a copy of your Employee Identity Breach Notification Policy.
Browse Files
Drag and drop files here
Choose a file
Cancel
of
Please tell us if any of the following Corporate Devices are issued to employees?
Cell Phone
Desktop (for remote access)
Laptop
Tablet
NONE
Other
Total Number of Mobile Devices
Are your employees permitted to use their own Personal Devices?
Yes
No
Is your organization using any Web / Cloud Services?
Yes
No
Total Number of Virtual Machines
Virtual Machines, such as, but not limited to: Linux and Windows, running on platforms such as AWS EC2, Azure VMs, or Google Compute Engine
Total Number of Container Hosts
Container Hosts, such as, but not limited to: those running Linux or Windows containers, on platforms such as Amazon ECS or EKS, Azure Kubernetes Service, or Google Kubernetes Engine.
Total Number of Serverless Functions
Serverless Functions, such as, but not limited to: AWS Lambda, Azure Functions, or Google Cloud Functions.
Total Number of VM Machine Images
VM Machine Images, such as, but not limited to: Amazon Machine Images (AMIs), Azure machine images, or Google machine images, to be scanned.
Total Number of Container Images in Registry
Container Images in Registry in services such as Amazon Elastic Container Registry (ECR), Azure Container Registry (ACR), Google Cloud Container Registry (GCR), and others to be supported and scanned.
Are you using any Cloud Security Posture Management tools that covers all cloud risks: spanning misconfigurations, vulnerabilities, identity risks, data security, API / PII / crown jewel asset exposure, and advanced threats?
Yes
No
Unsure
Which of the following Cloud Security Posture Management tools are you currently using?
Please Select
Lacework
Prisma Cloud
Orca Security
Rapid7
Tenable
Wiz
Other
Which other Cloud Security tool are you using?
Please tell us more about the Web / Cloud Services that you currently using and/or any related details:
Cyber Security Questionnaire
The following questions are required to diagnosis the current cyber security environment of your organization. Please answer each question and provide additional information as needed.
Do you have Single Sign On (SSO) enabled and configured for all 3rd party applications?
*
Yes
No
Unsure
Do you have At-Rest Encryption enabled for all endpoints and devices?
*
Yes
No
Unsure
Do you currently have Segregation of Duties + Business Controls in place for all outgoing payments / funds transfers?
*
Yes
No
Unsure
Do you have a formal Patch Management Program in place which is informed by critical security and vulnerability data within 30 days?
*
Yes
No
Unsure
Do you have Endpoint Detection & Response (EDR)?
*
Yes
No
Unsure
Which of the following EDR solutions are you currently using?
Please Select
Cortex XDR by Palo Alto
Crowd Strike Falcon EDR
Microsoft Defender for Endpoint
Rapid7
Sentinel One
Other
What other EDR solution are you using?
Do you have Managed Detection & Response (MDR) in place for all sources of active detection?
*
Yes
No
Unsure
Which of the following MDR solutions are you currently using?
Please Select
Binary Defense
CrowdStrike
Deepwatch
Expel
Mandiant
Ontinue
Palo Alto
Patriot
Rapid7
Red Canary
Other
What other MDR solution are you using?
Do you have a Vulnerability Assessment and Management solution to discover and assess assets in your environment, including dynamic cloud or remote workforce assets?
Yes
No
Which Vulnerability Assessment and Management solution are you currently using?
Please Select
Tenable
Other
Which other Vulnerability Assessment and Management solution are you using?
Do you have Advanced Email Protection for O365/G-Suite as well as your cloud-based collaboration platforms including: pre and post delivery protection, URL and attachment sandboxing, anti-malware scanning, data loss prevention, and encryption?
*
Yes
No
Unsure
Which of the following Advanced Email Protection solutions are you currently using?
Please Select
Abnormal Security
Avanan
IronScales
Microsoft M365 P2 Email Security
Proofpoint
Other
What other Advanced Email Protection solution are you using?
Do you have Multi-factor Authentication (MFA) implemented for all users?
*
Yes
No
Unsure
Do you have Multi-factor Authentication (MFA) implemented for all remote access and 3rd party applications?
*
Yes
No
Unsure
What MFA solution are you currently using?
Please Select
CrowdStrike Falcon Identity
CyberReason
Delinea
Duo
Entra ID
Microsoft
Okta
Silverfort
Yubikey
Other
What other MFA solution are you using?
Do you have Zero Trust Segmentation implemented for all endpoints?
*
Yes
No
Unsure
Which Zero Trust Segmentation solution to you currently have implemented?
Please Select
Akamai Guardicore Segmentation
Illumio
Other
What other Zero Trust Segmentation solution are you currently using?
Do you have an Immutable Backup Strategy (REQUIRES: 3+ backup sources covering all systems / data and 1+ offline / inaccessible from the network where the systems/data reside)?
*
Yes
Yes, we have a Backup Strategy. But, it does NOT meet these requirements.
No
Unsure
Which Immutable Backup Strategy are you currently using?
Please Select
Acronis
Datto
Unitrends
Other
Which other Immutable Backup Strategy are you using?
Do you have a Log Resilience/Centralization Platform (such as a SIEM)?
*
Yes
No
Unsure
Which of the following SIEMs are you currently using?
Please Select
Elastic
InsightIDR
Logpoint
LogRhythm
Microsoft Sentinel
Qradar
Red Canary
Splunk
Sumologic
Other
What other SIEM are you using?
Please use this section to provide us with any other relevant information or notes related to your current Cyber Security Controls + Environment:
Technologies + Development
The following questions are related to specific technology needs and development. Please answer each question and provide additional information as needed.
Do you have Operational Technologies?
Yes
No
Do you develop Applications or Custom Code for yourself or customers?
Yes
No
Do you develop Web Applications or APIs, or utilize APIs for any of your own Web Applications?
Yes
No
Do you host your own Custom Email or any similar Custom Applications?
Yes
No
Cyber Security Program
The following questions are required in order to better understand your written policies + procedures and response plans. Please answer each question and provide additional information as needed.
Do you have a Written Cyber Security Program in place which aligns with regulatory requirements and/or industry standards (NIST, CIS, etc)?
*
Yes
No
Unsure
Please upload a copy of your current Cyber Security Program.
Browse Files
Drag and drop files here
Choose a file
Cancel
of
Do you have an Incident Response Plan in place currently?
Yes
No
Unsure
Is your Incident Response Plan approved by your insurance carrier?
Yes
No
Unsure
Please use this section to provide us with any other relevant information or notes related to your current Cyber Security Program and planning:
Cyber Liability Insurance
The following questions are required to establish and understanding of your current cyber insurance in force (or desired coverage). Please provide as many details as known related to the coverage.
Does your organization currently have Cyber Liability Insurance?
Yes
No
Unsure
Who is your current Insurance Carrier?
What type of insurance policy is in force?
Please Select
Stand Alone Cyber Liability Insurance
Cyber Liability Rider (included with BOP)
Cyber Liability Rider (included with General Liability)
Other
What is the existing coverage limit Per Incident?
What is the existing coverage limit Policy Maximum?
When is the Renewal Date for this policy?
-
Month
-
Day
Year
Date
Please list the dates and provide details (ransomware, business email compromise, data loss, etc) of any incidents or cyber insurance claims which occurred in the last 5 years:
Is Cyber Liability Insurance desired?
Yes
No
What is the amount of cover desired/required?
When would you like coverage to begin?
-
Month
-
Day
Year
Date
Please use this section to provide us with any other relevant information or notes related to your current Cyber Insurance or desired / required coverage:
Submitter Name
*
First Name
Last Name
Submitter Email
*
example@example.com
Date Submitted
*
-
Month
-
Day
Year
Date
Hour Minutes
AM
PM
AM/PM Option
Save
Submit
Should be Empty: