Cyber Resilience Assessment 1. Do you have a documented and tested Incident Response Plan? Yes – Documented and tested Partially – Exists but not tested No – Not in place 2. Do you have systems in place to detect and alert on threats in real time? Yes – Automated and monitored 24/7 Partially – Limited visibility No – Largely reactive 3. Do you enforce least privilege access and MFA across all users? Yes – Fully enforced Partially – Applied to some systems No – Not consistently implemented 4. Are your critical data and systems regularly backed up and tested? Yes – Encrypted and tested quarterly Partially – Backups exist but untested No – Inconsistent or no backups 5. Do you conduct regular employee security awareness training? Yes – Quarterly and role-based Partially – Once a year No – No training program 6. Do you monitor cybersecurity risks from third-party vendors? Yes – Integrated into reviews Partially – Only for key vendors No – No formal program 7. Do you have breach notification playbooks and legal counsel in place? Yes – Defined roles and timelines Partially – Legal contacts known No – No clear process Submit
