Cyber Assessment Questionnaire

    Company Information

    1. Business Name:
    2. Email Address:
    3. Industry:
    4. Location of Operations :
    5. Number of Employees:

    Data Governance and Compliance

    6. What type of data does your company collect? (e.g., personal, financial, health):
    7. Do you have a designated Data Protection Officer or equivalent role?


    8. What data governance framework(s) does your organization follow? (e.g., GDPR, HIPAA, ISO 27001, Australian Privacy Act, CPS 234)
    9. Describe the process for data classification and handling sensitive information.

    Data Protection Measures

    10. What technical measures are in place to protect data? (e.g., encryption, access controls)
    11. How often do you audit these security measures?
    12. Describe your incident response plan in the event of a data breach.

    Compliance and Legal Requirements

    13. How do you ensure compliance with data protection regulations relevant to your industry and location?
    14. Has your company ever undergone a compliance audit by an external body?


    15. What was the outcome of the most recent audit, and what actions were taken as a result?

    Risk Assessment and Management

    16. How frequently does your organization conduct risk assessments for data governance?
    17. Who is involved in the risk assessment process?
    18. What are the top three risks identified in the last assessment, and what measures were taken to mitigate them?

    Training and Awareness

    19. Does your organization provide regular training on data protection and compliance to employees?


    20. How do you measure the effectiveness of the training?

    Technology and Innovation

    21. Are you using any cloud services for data storage or processing?


    22. If yes, how do you evaluate the security and compliance of these cloud services?

    Documentation and Reporting

    23. How is data governance documentation maintained and who has access to it?
    24. Describe the process for reporting a compliance issue within the company.

    Vendor Management

    25. Do you outsource any data processing or IT services to third parties?


    26. If yes, how do you assess and monitor the compliance of these third parties?

    Follow-Up Request

    27. Would you like to be contacted by ShadowLens to discuss your assessment results and work through any areas of concern?