Business name^*

Contact name^*

Phone number^*

Email address^*

Type of business. In a few words, what is your business?^*

Industry^*

Are you customer facing, or vendor to other businesses?^*

Who do you use for payment processing?

Do you store any personally identifiable information?^*

Do you have any regulatory information security requirements?^*

What regulatory requirements are you required to comply with? Select/list all that apply.^*

Where is your infrastructure hosted?^*

Data center/cloud vendor(s)

In general terms, what are the most important assets (physical and digital) that you need to protect?

List your essential assets. Separate them with a comma. You will also need an inventory of all other assets created offline.^*

List your essential tools. Separate them with a comma. You will also need an inventory of all other tools created offline.^*

List your essential devices. Separate them with a comma. You will also need an inventory of all other devices created offline.^*

List your essential systems. Separate them with a comma. You will also need an inventory of all other systems created offline.^*

List your essential information/acquired data. Separate them with a comma. You will also need an inventory of all other information/acquired data created offline.

What are the perceived most likely risks that your business could face? Please list all you can think of within your answer.^*

Do you have a list of your internal processes and data workflows documented? You will need this list for your internal use.^*

Do you have a prioritized list with the mission, objectives, and activities to perform when your organization finds itself incapacitated to operate in a digital manner? You will need this list for your internal use.^*

Do you have a prioritized list of resources (all items listed under the previous section) based on criticality and business value to continue operating the business? You will need this list for your internal use.^*

Do you have a risk tolerance established and clearly expressed? This is a document of how much your organization can be digitally incapacitated without losing the ability to interrupt business operations. You will need this document for your internal use.^*

Do you have a list of suppliers and third-party partners that make up your supply chain prepared? You will need this list for your internal use.^*

Do you have the documentation and/or best practices for protecting and securing your critical/essential elements identified in the Asset Assessment section? You will need this list for your internal use.^*

Do you have a list of the roles and responsibilities of everyone involved in assessing, preparing, and implementing this InfoSec Plan? You will need this list for your internal use.^*

Has a responsible party been identified for carrying out this InfoSec Plan?^*

Provide the name of the person in charge of executing this InfoSec Plan?

Have you established how you will monitor and detect breaches into each of the critical items listed in the Asset Assessment? Each item will require its own individual plan of action, including a list of steps for corrective and palliative actions to take. Please prepare those plans offline for your internal use.^*

Have you established a plan to train employees on breach preventive measures, and how to report breaches? Each employee may require its own individual training plan. Please prepare those plans offline for your internal use.^*