| 1 |
A written policy in place to manage cyber security risks |
| 2 |
A written policy in place to report cyber security incidents |
| 3 |
A Business Continuity Plan (BCP) with processes to manage cyber security threats, vulnerabilities and risks |
| 4 |
Employees with responsibility for overseeing cyber security risks and threats |
| 5 |
Members of senior management with responsibility for overseeing cyber security risks and threats |
| 6 |
A consultant or contractor to manage cyber security risks and threats |
| 7 |
Monthly or more frequent patching or updating of operating systems for security reasons |
| 8 |
Monthly or more frequent patching or updating of software for security reasons |
| 9 |
Insurance policy to protect against cyber security risks and threats |
| 10 |
Other risk management arrangement for cyber security |
| 11 |
Business does not have any risk management arrangements for cyber security |
