Cyber Assessment Questionnaire Company Information 1. Business Name: 2. Email Address: 3. Industry: 4. Location of Operations : 5. Number of Employees: Data Governance and Compliance 6. What type of data does your company collect? (e.g., personal, financial, health): 7. Do you have a designated Data Protection Officer or equivalent role? Yes No 8. What data governance framework(s) does your organization follow? (e.g., GDPR, HIPAA, ISO 27001, Australian Privacy Act, CPS 234) 9. Describe the process for data classification and handling sensitive information. Data Protection Measures 10. What technical measures are in place to protect data? (e.g., encryption, access controls) 11. How often do you audit these security measures? 12. Describe your incident response plan in the event of a data breach. Compliance and Legal Requirements 13. How do you ensure compliance with data protection regulations relevant to your industry and location? 14. Has your company ever undergone a compliance audit by an external body? Yes No 15. What was the outcome of the most recent audit, and what actions were taken as a result? Risk Assessment and Management 16. How frequently does your organization conduct risk assessments for data governance? 17. Who is involved in the risk assessment process? 18. What are the top three risks identified in the last assessment, and what measures were taken to mitigate them? Training and Awareness 19. Does your organization provide regular training on data protection and compliance to employees? Yes No 20. How do you measure the effectiveness of the training? Technology and Innovation 21. Are you using any cloud services for data storage or processing? Yes No 22. If yes, how do you evaluate the security and compliance of these cloud services? Documentation and Reporting 23. How is data governance documentation maintained and who has access to it? 24. Describe the process for reporting a compliance issue within the company. Vendor Management 25. Do you outsource any data processing or IT services to third parties? Yes No 26. If yes, how do you assess and monitor the compliance of these third parties? Follow-Up Request 27. Would you like to be contacted by ShadowLens to discuss your assessment results and work through any areas of concern? Yes, please contact me. No, thank you. Δ