1. Does your organisation use computers? Do employees use computers in your organisation?

1.1 Has a hazard communication policy been developed and implemented?

Develop a policy for communicating risks to employees: https://standard-cyber.ppbw.pl/en/for-management-staff/

1.2 Have your employees been trained on how to properly respond to malware incidents?

Develop a procedure for responding to threats detected by antivirus: https://standard-cyber.ppbw.pl/en/for-management-staff/

1.3 Are users in your organization allowed to install software on workstations?

Develop a policy for software installation by workstation users: https://standard-cyber.ppbw.pl/en/for-management-staff/

1.4 Does your organization regularly update software including antivirus?

Develop a policy for software installation by workstation users: https://standard-cyber.ppbw.pl/en/for-management-staff/

2. Do your organisation's employees regularly participate in training in the area of security?

Ensure regular training and risk awareness for employees https://standard-cyber.ppbw.pl/en/for-management-staff/

3. Is using mobile devices allowed in your organisation?

3.1 Has a mobile device use policy been developed that includes basic safety rules?

Develop a policy for connecting mobile devices and develop a procedure for responding to unknown and untrusted media/devices: https://standard-cyber.ppbw.pl/en/for-management-staff/

4. Does your organisation use an email to communicate?

4.1 Have rules been created about how and what data can be sent?

Establish a security policy for information sent electronically: https://standard-cyber.ppbw.pl/en/for-management-staff/

4.2 Have the organization's employees been briefed on what they should do when they see a suspicious message?

Prepare a procedure for responding to suspicious messages: https://standard-cyber.ppbw.pl/en/for-management-staff/

5. Do your organisation's employees use mobile devices?

5.1 Has a mobile device security policy been defined and implemented?

Determine the security requirements for devices used for remote work; Develop a policy to determine which services are available for which types of devices; Establish a policy for disk and media encryption: https://standard-cyber.ppbw.pl/en/for-management-staff/

5.2 Are the organization's employees working remotely able to use a VPN connection?

Make sure you provide your employees with access to VPN's: https://standard-cyber.ppbw.pl/en/for-management-staff/

5.3 Have the organization's employees been briefed on how to proceed if mobile equipment is stolen or lost?

Prepare procedures to follow if a device is lost or stolen: https://standard-cyber.ppbw.pl/en/for-management-staff/

6. Has your organisation established who and when has the access to particular types of data?

Establish data access policies

7. Does your organisation have the backup policy?

Establish a backup policy

8. Do the organisation's employees know what to do with data and data carriers that are no longer used and necessary?

Establish procedures for handling used/unneeded media: https://standard-cyber.ppbw.pl/en/for-management-staff/

9. Can employees' private devices and people outside your organisation connect to the company's network?

Ensure a separate network for employees' and guests' private devices

10. Is the security level regularly tested in your organisation?