1. Governance & Risk Awareness

• Do you have a documented cybersecurity policy or framework (e.g., NIST, ISO 27001)?

• Have you completed a risk assessment in the past 12 months?

• Are roles and responsibilities for security clearly defined?

• Do employees receive ongoing cybersecurity awareness training?

2. Data Protection & Access Control

• Is all sensitive data encrypted in transit and at rest?

• Is multi-factor authentication (MFA) enforced?

• Are user accounts reviewed and revoked regularly?

• Are backup and recovery processes tested?

3. Threat Detection & Response

• Is endpoint protection up to date and actively monitored?

• Do you have a tested incident response plan?

• Are system logs monitored regularly?

• Is a business continuity plan documented?

4. Compliance & Vendor Risk

• Do you adhere to industry regulations (HIPAA, PCI, GDPR, CMMC)?

• Have vendor security practices been assessed?

• Are compliance and security audit records maintained?

5. Continuous Improvement

• Are penetration tests or vulnerability scans conducted regularly?

• Are policies updated post-incident or assessment?

• Do you track key cybersecurity performance metrics?

Schedule your complimentary Cyber Preparedness Assessment today.

DTP Advisors | www.dtpadvisors.com | sales@dtpadvisors.com

Questionnaire