assessment.php e-InnoSec - ISO 27001 Readiness Assessments and Compliance in Austin Dallas Houston San Antonio Texas

ISO 27001 Assessment

Do you know your cybersecurity readiness? Take our 10 minutes assessment to know your compliance readiness.

0 Score! Get Final Report Restart Assessment

  • 0 to 150 : You got lot to do… let’s get to work!
  • 151 to 250 : You are almost there..
  • 251 to 290 : You got this!
Instructions: Use the Compliance Assessment to understand your organization's current compliance status. At the end of the assessment, use the result to best evaluate, delineate the orientation of your Organzation's compliance posture.
INFORMATION SECURITY POLICIES
ORGANZATION OF INFORMATION SECURITY
HUMAN RESOURCE SECURITY
ASSET MANAGEMENT
ACCESS CONTROL
CRYPTOGRAPHY
PHYSICAL AND ENVIRONMENTAL SECURITY
OPERATIONS SECURITY
COMMUNICATIONS SECURITY
SYSTEM ACQUISITION, DEVELOPMENT AND MAINTENANCE
SUPPLIER RELATIONSHIPS
INFORMATION SECURITY INCIDENT MANAGEMENT
INFORMATION SECURITY ASPECTS OF BUSINESS CONTINUITY MANAGEMENT
COMPLIANCE

ISO 27001 Assessment

Your Score: 0 ! You got lot to do… let’s get to work!

  • 0 to 150 : You got lot to do… let’s get to work!
  • 151 to 250 : You are almost there..
  • 251 to 290 : You got this!
e-InnoSec is a Professional Services and Consulting organization that brings expertise to the clients to supplement their business needs. We are compliance and cybersecurity professionals serving small, midsize, and startup organizations to simplify compliance, transform cybersecurity, and save costs. To learn more click here.
Try our Cybersecurity Free Courses with Securetain.
Review your assessment questionnaire in the attachment.
# Question/Requirements Rating

INFORMATION SECURITY POLICIES
1 Do you have an Information Security Program in place?

0
2 Do you have a documented and approved Information Security Policy in place?

0
3 Is the policy document reviewed at least once a year or as scheduled?

0

ORGANZATION OF INFORMATION SECURITY
4 Do you have a management framework delineated in order to initiate and control successful implementation and operation of information security within your organization?

0
5 Are all information security roles and responsibilities defined and communicated with the organization?

0
6 Are your segregation of duties and access controls role based?

0
7 Are all contact lists with authorities and special interest groups maintained?

0
8 Are access to various systems maintained?

0
9 Do you have a policy for and supporting security measures in place to protect all mobile devices?

0
10 Do you have a policy for supporting security measures in place to protect teleworking sites (remote users, servers)?

0

HUMAN RESOURCE SECURITY
11 Do you have an employee hiring and termination process in place which also includes background checks prior to hiring?

0
12 Do you screen all your candidates for employment and have them sign NDAs?

0
13 Are all employees and relevant contractors receive information security awareness and education training?

0
14 Are access rights of employees who are terminated or change employment terminated or modified?

0

ASSET MANAGEMENT
15 Do you have an Asset Management policy that addresses asset inventory and ownership, acceptable use and return of assets? Is it approved and documented?

0
16 Do you have a policy for data classification labelling and handling? Has it been approved and documented?

0
17 Do you have documented procedures for storing, disposing of and retaining information and assets address regulatory requirements?

0

ACCESS CONTROL
18 Do you have a documented Access Control policy that details user provisioning, termination and access review process?

0
19 Is there a formal user registration and de-registration process?Do you have it documented and implemented?

0
20 Is there a formal user access provisioning process to assign orrevoke access rights for all user types to all systems and services?

0
21 Are all allocations and use of privileged access rights restricted and controlled?

0
22 Is there a process in place for allocation of secret authentication information?

0
23 Do all asset owners review user access rights on a regular basis?

0
24 Do you have authentication mechanisms such as multi-factor authentication implemented?

0
25 Are your user credentials and password controls implemented and enforced across all systems?

0

CRYPTOGRAPHY
26 Do you have a documented policy in place for the effective use of cryptographic controls to protect the confidentiality, availability and integrity of information?

0
27 Do you have a policy that details the use, protection and lifetime of cryptographic keys?

0

PHYSICAL AND ENVIRONMENTAL SECURITY
28 Does your organization have an approved documented Physical Security policy and implemented program?

0
29 Do you have defined security perimeters for areas that contain either sensitive or critical information and information processing facilities?

0
30 Are your secure areas protected by appropriate entry controls to allow access to only authorized personnel?

0
31 Are you office spaces, rooms, delivery loading areas and facility physically secured?

0
32 Are all your equipment, supporting utilities, cabling and other assets protected from loss, damage, theft or compromise of assets and interruption of their operations?

0
33 Do you have a clear desk and screen policy?

0

OPERATIONS SECURITY
34 Do you have a documented Operational Security policy and supporting procedures that addresses operational responsibilities and change management?

0
35 Are your development, testing, and operational environments separate to reduce the risks of unauthorized access or changes to the operational environment?

0
36 Are all your end user's computing devices updated with the latest anti-virus/anti-malware signature?

0
37 Do you appropriately classify data that is required to be backed up and protect the data according to its assigned classification?

0
38 Are all your logs(System administrator and system operator) protected and maintained including the clocks of all relevant information processing systems

0
39 Are procedures and controls implemented for software installations on operations systems?

0
40 Do you have a vulnerability management system in place?

0
41 Do you have rules in place that governs the installation the installation of software by your employees?

0
42 To enrich your information systems audits, do you maintain all relevant reports and audit histories?

0

COMMUNICATIONS SECURITY
43 Does your organization have a Network Security policy and supporting procedures?

0
44 Do those policies and procedure detail segregation and secure transfer of business information?

0

SYSTEM ACQUISITION, DEVELOPMENT AND MAINTENANCE
45 Does your organization have a policy or procedure covering the acquisition, development and maintenance of information systems?

0
46 Are you development, testing and production environments segregated?

0
47 If you outsource development, do you monitor and supervise the activity of the outsourced system?

0
48 Do you encrypt, mask or restrict the usage of production data considered sensitive within your testing environments?

0

SUPPLIER RELATIONSHIPS
49 Do you have sub-vendors or Vendors?

0
50 If yes, do you have a policy that details your sub-service vendor management/subcontracting process?

0
51 As part of supplier service management do you monitor changes and review your supplier services periodically?

0

INFORMATION SECURITY INCIDENT MANAGEMENT
52 Does your organization have an Information Security Incident Management program?

0
53 Are there supporting procedures for assessing, responding and reporting an incident?

0
54 Do you maintain an extensive audit history to help organizations collect and preserve security event related information as evidence?

0

INFORMATION SECURITY ASPECTS OF BUSINESS CONTINUITY MANAGEMENT
55 Does your organization detail a policy for business continuity planning and disaster recovery?

0
56 For all information processing facilities, does your organization have sufficient redundancies in place to ensure basic availability of information systems?

0

COMPLIANCE
57 Has your company identified, detailed and kept up to date with all legislative statutory, regulatory, contractual requirements, Intellectual property rights, privacy and protection or personally identifiable information?

0
58 Does your company have an information security team that periodically reviews information security policies and standards?

0

Get your free report!

For security reasons, complete the form below. You will receive your score to the email ID mentioned below.