This web page contains a live and functional spreadsheet created with
SpreadsheetConverter
. Please enable JavaScript in your web browser for the live calculations to work properly.
""
Name:
Email:
Security Risk Assessments
Have you ever completed a Security Risk Assessment
Unanswered
Yes
No
If Yes, when was the last time one was performed
Unanswered
N/A
Less than 6 months ago
7 to 12 months ago
Greater than 12 months ago
If Yes, how many medium to high risk areas are still on the list to be accomplished?
Unanswered
N/A
None
1 - 3
4 - 8
Greater than 8
Appropriate Employee IT Usage
Do you have anything in place to train your employees on security awareness?
Unanswered
Yes
No
If Yes, are they trained when they are first hired?
Unanswered
N/A
Yes
No
If Yes, how often are they trained again?
Unanswered
N/A
Monthly
Semi-annually
annually or longer
Upon Incident
Do you keep records or each employee training and attendance
Unanswered
N/A
Yes
No
Documented IT Usage Policies
Do you have security policies written which outline how to protect PI and how
to govern the use of technology?
Unanswered
Yes
No
Some
Were all employees trained in the past year?
Unanswered
N/A
Yes
No
Some
If Yes, do you train every new employee within the first 30 days?
Unanswered
N/A
Yes
No
Massachusetts State Law Compliance
As all businesses in Massachusetts require a WISP…
Are you legaly compliant to MA CMR.17 by having a Written Information Security Program (WISP)?
Unanswered
Yes
No
If Yes, when was the last time you updated your WISP?
Unanswered
N/A
Less than 12 months ago
Greater than 12 months ago
If Yes, when was the last time you trained your employees on your WISP?
Unanswered
N/A
Less than 6 months ago
7 to 12 months ago
Greater than 12 months ago
Clients, Partners and Vendors
Have you ever had to fill out a security questionaire from a client or were you audited by a client?
Unanswered
Yes
No
Have you signed a BAA with any of your clients?
Unanswered
Yes
No
Do you have BAA setup with your suppliers or service organizations?
Unanswered
None
Some
All
Business Insurance
Do you have cyber risk insurance?
Unanswered
Yes
No
Not Sure
Is your Cyber Risk Insurance value commensurate with your risk?
Unanswered
N/A
Yes
No
Not Sure
Do you have any language in agreements with clients that states how you will handle their PI, IP or confidental information?
Unanswered
Yes
No
Some
Do you know the details of what your cyber risk insurance does and does not cover?
Unanswered
Yes
No
Submit
IT Policy Assessment Score
""
Scoring Summary:
Below 60
Knowledge is power, there are several areas that put your company at high risk. We strongly recommend that this become a high priority area immediately. Ownership and the board should be made aware that there is high business exposure and immediate action should take place. NENS has an expertise in performing security risk assements and working with executive leadership to identify, priortize and eliminate exposures. Contact us at solutions@nens.com today and increase your protection today.
60-75
The good news, you have started and while some areas have been addressed, there are still critical areas that are exposed. Prioritize and address those areas to minimize your risk exposure. NENS has an expertise in performing security risk assements and working with executive leadership to identify, priortize and eliminate exposures. Contact us at solutions@nens.com today and increase your protection today.
76 - 85
Nice start, you are on your way. It appears that cyber security is a continual focus in your operation, but you have a few areas that need focus. Prioritize and address those areas to minimize your risk exposure.
85+