Questionnaire

In what industry does the company operate?

--- Governmental, Military or Intelligence Online Services and Cloud (webmail, social network, eCommerce, etc) Entertainment and News (news website, gaming platform, blogging, etc) Research and Education Banking and Finance Software/Hardware Vendor Hospitability - Hotel Industry Organization / NGO Health Critical Infrastructures Telco Large-Scale Retail Trade and Retail Government Contractors and Consulting Other

 

Where are the company Head Offices located?

--- Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia, Plurinational State of Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, the Democratic Republic of the Cook Islands Costa Rica Côte d'Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands (Malvinas) Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See (Vatican City State) Honduras Hong Kong Hungary Iceland India Indonesia Iran, Islamic Republic of Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, Democratic People's Republic of Korea, Republic of Kuwait Kyrgyzstan Lao People's Democratic Republic Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macao Macedonia, the former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia, Federated States of Moldova, Republic of Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory, Occupied Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Barthélemy Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Martin (French part) Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Sint Maarten (Dutch part) Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and the South Sandwich Islands South Sudan Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan, Province of China Tajikistan Tanzania, United Republic of Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States United States Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela, Bolivarian Republic of Viet Nam Virgin Islands, British Virgin Islands, U.S. Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe

 

Has the company locations in multiple States?

Yes No

 

Does the third-party companies has access to the offices?

Yes No

 

What is the annual turnover? (million euro)

--- 0 - 2 2 - 10 10 - 50 50 - 500 More than 500

 

What best describes the global headcount of your organization?

--- 0 - 9 10 - 49 50 - 249 250 - 1000 More than 1000

 

How much personal identifiable information (PII) does your organization process?

No data Only employee data 0 - 5.000 5.000 - 25.000 25.000 - 100.000 100.000 - 1.000.000 More than 1.000.000

 

How much health-related information does your organization process?

No data Only employee data 0 - 5.000 5.000 - 25.000 25.000 - 100.000 100.000 - 1.000.000 More than 1.000.000

 

How much financial data does your organization process?

No data Only employee data 0 - 5.000 5.000 - 25.000 25.000 - 100.000 100.000 - 1.000.000 More than 1.000.000

 

Next

Are physical devices and systems within the organization inventoried?

 

Are software platforms and applications within the organization inventoried?

 

Are organizational communication and data flows mapped?

Yes Partially No

 

Are resources prioritized based on their classification, criticality, and business value?

Yes Partially No

 

Are cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) established?

 

Previous  Next

Which of the following are identified and communicated?

 

Are the policies, procedures, and processes to manage and monitor the organization’s regulatory understood and used for the management of cybersecurity risk?

 

Does the company include the IT risk inherent in the organization's operations, assets and individuals? Which of the following are identified and documented?

 

Are the organization’s priorities, constraints, risk tolerances, and assumptions established and used to support operational risk decisions?

Yes Partially No

 

Previous  Next

Is the access to assets and associated facilities limited to authorized users, processes, or devices, and to authorized activities and transactions?

 

Are the organization's personnel and partners provided cybersecurity awareness education and adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements?

 

Are information and records (data) managed consistent with the organization's risk strategy to protect the confidentiality, integrity, and availability of information?

Yes Partially No

 

Are security policies, processes and procedures constantly implemented and updated to manage the security of information systems and assets?

 

Is maintenance and repairs of industrial control and information system components performed consistent with policies and procedures?

Yes Partially No

 

Are technical security solutions managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreement?

 

Previous  Next

Is anomalous activity detected in a timely manner and the potential impact of events understood?

There is a response plan and this is performed during or after an accident:

Yes No

 

If there is a response plan:

 

Is analysis conducted to ensure adequate response and support recovery activities?

Yes Partially No

 

Are activities performed to prevent expansion of an event, mitigate its effects, and eradicate the incident?

 

There is a recovery plan and this is performed during or after an accident:

Yes No

 

If there is a recovery plan:

 

Previous  Submit