1. Does your organisation use computers? Do employees use computers in your organisation?
1.1 Has a hazard communication policy been developed and implemented?
1.2 Have your employees been trained on how to properly respond to malware incidents?
1.3 Are users in your organization allowed to install software on workstations?
1.4 Does your organization regularly update software including antivirus?
2. Do your organisation's employees regularly participate in training in the area of security?
3. Is using mobile devices allowed in your organisation?
3.1 Has a mobile device use policy been developed that includes basic safety rules?
4. Does your organisation use an email to communicate?
4.1 Have rules been created about how and what data can be sent?
4.2 Have the organization's employees been briefed on what they should do when they see a suspicious message?
5. Do your organisation's employees use mobile devices?
5.1 Has a mobile device security policy been defined and implemented?
5.2 Are the organization's employees working remotely able to use a VPN connection?
5.3 Have the organization's employees been briefed on how to proceed if mobile equipment is stolen or lost?
6. Has your organisation established who and when has the access to particular types of data?
7. Does your organisation have the backup policy?
8. Do the organisation's employees know what to do with data and data carriers that are no longer used and necessary?
9. Can employees' private devices and people outside your organisation connect to the company's network?
10. Is the security level regularly tested in your organisation?