Section 01 · Organization

Tell us about
your organization

This information ensures your assessment is accurate for your industry, size, and context. All responses are confidential and used solely to generate your risk snapshot.

Engines Active

6

Questions Total

24

Est. Time

~12 min

Classification

Confidential

Company Name Please enter your company name.

Industry Please select your industry.

Number of Employees Please select employee count.

Location (City, State)

Primary Systems Used

Encrypted · Confidential

Section 02 · Identity & Access

How do you control
who gets in?

These questions are about how your organization manages logins, passwords, and who can access your systems. Choose the answer that reflects your current reality — not your ideal state.

Do you use multi-factor authentication (MFA)?

Yes — on all systems

Partial — some systems

No

Please select an option.

Are shared accounts or logins used by multiple staff?

Yes

No — individual accounts

Please select an option.

When an employee leaves, how is their access removed?

Who is responsible for managing logins and access?

Section 03 · Network & Exposure

How is your network
protected?

These questions are about how your systems connect to the internet and how remote access is managed. If you are not sure of an answer, that is important information — select the option that best reflects your actual knowledge.

Do you have a firewall in place?

Yes — actively managed

Yes — not actively monitored

No

Not sure

Please select an option.

When staff work remotely, is access secured with MFA?

Yes

No — password only

No remote access

Please select an option.

Do you know which systems are visible from the internet?

Yes — inventoried

Partially

Not sure

Please select an option.

Who monitors or manages your network?

Section 04 · Human Risk

How do your people
engage with security?

Most security incidents start with a person — a phishing email, a personal device, a misplaced password. These questions are about training, awareness, and how your team is equipped to recognize and respond to risk.

Have employees received cybersecurity awareness training?

Yes — formal program

Yes — basic / one-time

No

Please select an option.

Do employees use personal devices (phones, laptops) for work?

Yes — with a policy

Yes — no policy

No — org devices only

Please select an option.

How do employees report suspicious emails or activity?

Section 05 · Supply Chain

Who else touches
your data?

Third-party vendors — software platforms, billing services, IT providers — often have access to your most sensitive data. These questions are about how those relationships are managed and what protections are in place.

Do any third-party vendors or platforms access your systems or data?

Yes

No

Not sure

Please select an option.

Do you review vendor security before granting them access?

Yes — formal review

Informally

No

Please select an option.

Do your vendor contracts require them to notify you if they're breached?

Yes — in contracts

Not formally required

No

Not sure

Please select an option.

Section 06 · Data Protection

How is your data
protected?

These questions are about the sensitive information your organization stores — and how it is secured, backed up, and governed. The type of data you hold determines the consequences of a breach.

What type of sensitive data does your organization store?

Is sensitive data encrypted (protected so only authorized users can read it)?

Yes — verified

We think so

No

Not sure

Please select an option.

Do you have backups of your critical data?

Yes — automated

Yes — manual / irregular

No

Please select an option.

Have those backups ever been tested to confirm they actually restore?

Yes — tested recently

Yes — long ago

Never tested

Please select an option.

Section 07 · Incident Response

What happens when
something goes wrong?

This is the final section. These questions are about your organization's readiness to respond to a security incident. An honest answer here is the most important input in your assessment.

Does your organization have a documented incident response plan?

Yes — documented

Draft / informal

No

Please select an option.

Who leads the response if a breach or cyberattack occurs?

Has your response plan ever been tested or practiced?

Yes — recently

Yes — over a year ago

Never tested

Please select an option.

Is there anything specific you're already concerned about? (Optional)

Your email address (to receive your Risk Snapshot) Please enter a valid email address.

Tell us aboutyour organization

How do you controlwho gets in?

How is your networkprotected?

How do your peopleengage with security?

Who else touchesyour data?

How is your dataprotected?

What happens whensomething goes wrong?

AssessmentReceived

Tell us about
your organization

How do you control
who gets in?

How is your network
protected?

How do your people
engage with security?

Who else touches
your data?

How is your data
protected?

What happens when
something goes wrong?

Assessment
Received