- Endpoint protection in place?*
- Firewall or network protection in place?*
- Multi-factor authentication in use?*
- Password policy enforced?*
- Device encryption enabled?*
- Access limited to authorized personnel?*
- Experienced a security incident in the past 12 months?*
- Does the business have an incident response plan?*
- Are backups performed regularly?*
- Security awareness training frequency*
- Password change or reset practice*
- Acceptable use policy in place*
- Remote work policy in place*
- Vendor and third-party security review*
- Cloud or outsourced providers handle sensitive business data*
- Overall security maturity*
- Follow-up review requested
- Should be Empty: