Many people depend on your ability to maintain your IT security. Your staff depend on it for the sake of their job security. Your clients depend on it for their personal protection and the successful completion of your mutual ventures. Even your city depends on your security, so you can continue to provide value to your community.

Your firm’s IT security is a critical factor in the success of your organization. It impacts your compliance, your ability to maintain operations, the trust of your clients, the reputation of your office and the well-being of your staff.

Because of the high stakes involved in maintaining a secure IT environment, and regulatory compliance requirements, we perform Security Risk Assessments all the time to evaluate a firm’s IT protection against the multitude of threats coming at them every day. (Click here for our recap of 2016’s Biggest Cyber Security Stories.)

A full-scale Security Risk Assessment cannot be replaced by this Mini-Assessment. However, this mini-assessment will help you get started. The full Security Risk Assessment with complianceKIT includes a deeper dive along with our expertise, consulting, guidance and workplan to address any shortfalls.

Go through these first 15 questions of our full 55-question Security Risk Assessment.

These questions will allow you to determine whether or not you’re experiencing any level of risk, whether or not you need to invest in the full assessment and to learn next steps for resolving any security issues.

Mini Security Risk Assessment:

  1. Have you completed a Security Risk Assessment?
    • Yes
    • No
    • Not Sure
  2. Have you implemented a Risk Management program?
    • Yes
    • No
    • Not Sure
  3. Do you currently have a Sanction Policy in place?
    • Yes
    • No
    • Not Sure
  4. Have you appointed a designated Security Officer?
    • Yes
    • No
    • Not Sure
  5. Have you developed formal, written Information Security Polices to protect PII and Sensitive Data?
    • Yes
    • No
    • Not Sure
  6. Have you worked directly with your vendors to sign Service Provider Agreements?
    • Yes
    • No
    • Not Sure
  7. Have your third parties or vendors provided proof that they are protecting data?
    • Yes
    • No
    • Not Sure
  8. Does your organization have documented disaster recovery procedures in place?
    • Yes
    • No
    • Not Sure
  9. Have you put in place documented data backup procedures?
    • Yes
    • No
    • Not Sure
  10. Do you have redundancy in place for all critical systems?
    • Yes
    • No
    • Not Sure
  11. Are there redundant data circuits in place in case of circuit failure?
    • Yes
    • No
    • Not Sure
  12. Do all critical systems have hardware support contracts in place?
    • Yes
    • No
    • Not Sure
  13. Does your organization have emergency operations procedures in place in the event of an emergency?
    • Yes
    • No
    • Not Sure
  14. Is there a procedure in place to ensure proper access to PII and Sensitive Data?
    • Yes
    • No
    • Not Sure
  15. Do you have a documented and adhered to procedure for terminating an employee’s access including physical network and data access?
    • Yes
    • No
    • Not Sure

If you answered “No” or “Not Sure” to 5 or more questions: You need to visit our Compliance Kit information page and sign up now for your full Security Risk Assessment. Our consultants will guide you through more comprehensive questions with detailed responses. We will help answer your questions and address next steps to take under each category of IT security.

If you answered “Yes” to 10 or more questions: Your IT security may be in pretty good shape. Again, though, this mini-assessment only includes 15 out of 55 questions of the full-scale assessment. And it’s critical to run Security Risk Assessments on an ongoing basis, as it is extremely easy to fall behind in proper security protections. Most importantly, our consultants can provide practical guidance and processes to make overcoming any shortfalls a breeze.

For more information, you can also check out our Data Security Checklist and our list of best practices for not becoming a hacker’s target. If you work in a field with HIPAA requirements, you can find more specific information about HIPAA-specific Compliance Kit here.