Small Business It Risk Assessment

ADVERTISEMENT

Small Business IT Risk Assessment
Company name:
Completed by:
Date:
Where Do I Begin?
A risk assessment is an important step in protecting your customers, employees, and your business, and well as
complying with the law. This Information Technology Risk Assessment survey helps identity all of the information
assets you handle, the controls in place, and areas of high risk or threats. Steps for completing this risk
assessment:
Step 1:
Complete the questionnaire below. Use additional paper as needed to add notes or new survey questions.
Step 2:
Based on your responses apply a risk rating for each of the applicable categories.
Rate your risk on a scale of 1-5, with 1 being the least secure, and 5 the most secure.
Step 3:
List specific areas of high risk or threats, along with any new control that may be needed
Step 4:
Present your findings to management and the board, and implement new controls as needed.
Step 5:
Update your risk assessment at least once a year, comparing your results to previous versions
I. Company Information
Business primary address:
Phone:
Date company was formed:
Number of employees (FTE):
☐Corporation ☐Partnership ☐Individual ☐Other___________________
Type of business (check one):
Nature of business:
Website url(s):
☐Yes ☐No
Do you conduct business outside the US?
If yes, identify countries:
II. Management Supervision
Management and board supervision are essential for an effective information security program, and often mandated by
state and federal regulations.
☐Yes ☐No ☐N/A
Do you have a written information security plan?
☐Yes ☐No ☐N/A
Are you aware of, and in compliance with, any laws mandating information security?
☐Yes ☐No ☐N/A
Are adequate data protection procedures in place and monitored by management?
☐Yes ☐No ☐N/A
Do you use third party vendors for managing your network?
☐Yes ☐No ☐N/A
Do third party vendor contracts provide adequate controls?
☐Yes ☐No ☐N/A
Are third party contracts monitored at least annually?
☐Yes ☐No ☐N/A
Are sufficient procedures in place for incident reporting?
☐Yes ☐No ☐N/A
Do you have a business continuity plan and/or disaster recovery plan?
☐Yes ☐No ☐N/A
Do you deliver up-to-date security training to management and staff?
☐Yes ☐No ☐N/A
Is the Board actively involved with your information security plans and procedures?
Page | 1

ADVERTISEMENT

00 votes

Related Articles

Top 20 Happy Easter Cards And Gift Tags To Download For Free
Top Ten Easter Arts And Crafts Activities For Your Kids
Free Easter Coloring Pages And Easter Printables For Your Kids

Related forms

It Risk Assessment Matrix It Risk Assessment Matrix Business
Business Risk Assessment Table Business Risk Assessment Table Business
Business Risk Assessment Matrix Template Business Risk Assessment Matrix Template Business
Risk Assessment - Risk Control Form Risk Assessment - Risk Control Form Business
Risk Assessment And Release Form Risk Assessment And Release Form Business
Risk Assessment Form Risk Assessment Form Business
Risk Assessment Provider - Customer Satisfaction Feedback Form Risk Assessment Provider - Customer Satisfaction Feedback Form Business
Risk Assessment Workshet And Management Plan Template Risk Assessment Workshet And Management Plan Template Business
Risk Assessment Questionnaire Risk Assessment Questionnaire Business
Risk Assessment Statement Risk Assessment Statement Business

Related Categories

Parent category: Business
Download
Go
Page of 8