Do all user accounts use multi-factor authentication (MFA)?
Yes
Partial
No
Are privileged/admin accounts separate from standard user accounts?
Yes
Partial
No
Do you have a formal process for revoking access when staff leave?
Yes
Partial
No
Are all endpoints (laptops, desktops, mobiles) running up-to-date EDR/antivirus?
Yes
Partial
No
Are OS and application patches applied within 14 days of release?
Yes
Partial
No
Are personal/unmanaged devices blocked from accessing company systems?
Yes
Partial
No
Is your firewall actively managed and reviewed at least quarterly?
Yes
Partial
No
Is your Wi-Fi network segmented (guest network separate from corporate)?
Yes
Partial
No
Do remote workers connect via a managed VPN or zero-trust solution?
Yes
Partial
No
Are backups taken daily and stored offline or in an immutable cloud location?
Yes
Partial
No
Have you tested restoring from backup in the last 6 months?
Yes
Partial
No
Is sensitive data encrypted at rest and in transit?
Yes
Partial
No
Have all staff completed security awareness training in the last 12 months?
Yes
Partial
No
Do you have a documented incident response plan?
Yes
Partial
No
Have you completed or are you working towards Cyber Essentials certification?
Yes
Partial
No