IT Audit Assessment

Business Name
Email Address

Self-Knowledge

Has a list of all IT services been created?

Have all IT services been ranked by criticality?

Do you have a comprehensive information security strategy?

Is your information security solely due to an IT professional? In other words, not documented?

Do you have mechanisms in place that appropriately address known issues and identified threats?

Do you have systems in place which alert you to system problems or failures?

Can your organization respond to intrusions within minutes?

Does your business continuity plan cover essential procedures such as business impact analysis, vendor assessment, change management, testing, and maintenance?

Do you know how soon normal business functions can resume should a disruption or disaster occur?

Do you have a comprehensive crisis management plan? Do employees and other stakeholders understand the plan?

Do you have mobile strategies in place, including risk and vulnerability identification, configuration settings, intrusion detection and response, and management of stolen or lost devices?

Do you have existing policies for cloud usage? Do they coincide with other organizational policies, such as procurement, legal, and industry regulations?

Do user authentication and access protocols exist?

Do your company and its employees understand social media risks?

Do you have a process for social media usage within the organization? Do your employees know the guidelines?

Do you periodically have an impartial 3rd party audit your environment?