Professional Documents
Culture Documents
General Information:
Employee(s) Information:
Number of Employees:
Departments and Roles:
Any recent changes in staff or significant turnover?
Access Controls:
User Accounts:
o How are user accounts created and terminated?
o Is there a regular review of user access permissions?
Administrator Accounts:
o How are administrator privileges granted?
o Are there restrictions on the use of administrator accounts?
Physical Security:
Data Protection:
Data Encryption:
o Is sensitive data encrypted, both in transit and at rest?
o What encryption standards are employed?
Data Backup:
o How often are data backups performed?
o Where are backup copies stored?
Network Security:
How is the company’s network secured against unauthorized access?
Are firewalls, intrusion detection/prevention systems in place?
Endpoint Security:
Security Policies:
Employee Training:
Third-Party Access:
Employee Concerns:
Is the company compliant with relevant data protection laws and regulations?
How is legal counsel involved in ensuring compliance?
This questionnaire is a starting point and can be customized based on the specific
needs and nature of the business. It’s essential to conduct the audit professionally,
respecting privacy and legal considerations throughout the process.