• Small Business Information Security Risk Assessment Checklist

    Use this checklist to assess your small business information security risks, current controls, vulnerabilities, incident readiness, and priority improvements.
  • Business Profile and Scope

  • Information Assets and Current Controls

  • Endpoint protection in place?*
  • Firewall or network protection in place?*
  • Multi-factor authentication in use?*
  • Password policy enforced?*
  • Device encryption enabled?*
  • Access limited to authorized personnel?*
  • Risk and Vulnerability Assessment

  • Rows
  • Incident History and Recovery Readiness

  • Experienced a security incident in the past 12 months?*
  • Does the business have an incident response plan?*
  • Are backups performed regularly?*
  • Policies, Training, and Third-Party Dependencies

  • Security awareness training frequency*
  • Password change or reset practice*
  • Acceptable use policy in place*
  • Remote work policy in place*
  • Vendor and third-party security review*
  • Cloud or outsourced providers handle sensitive business data*
  • Overall Assessment and Priorities

  • Overall security maturity*
  • Follow-up review requested
  • Should be Empty:
Select theme:
  • Default
  • Blue
  • Red
  • Brown
  • Green
  • Black
  • Pink
  • Dark Blue
  • Purple