Security & Privacy Compliance Quiz
Does your business comply with federal, state and industry information security regulation?
How much at risk are you right now?
Find out now with this fast and simple compliance quiz or download the pdf.

Yes No    
1. Were you already aware that your business must comply with specific federal, state and industry laws to protect your customers and employees against identity theft and fraud?
2. If your business accepts credit cards, are you already PCI Compliant?

Administrative / Physical Safeguards
3. Do you have a formal Information Security Policy for your business? If so, have you done a complete review and update of your policy guidebook in the last 12 months? (Including Technical, Administrative and Physical security and/or policies and guidelines)
4. Do you have a dedicated Information Security Administrator that is trained and responsible for managing your information security policies and procedures.
5. Do you have a "Red Flags" identity theft detection/response program? (Including on-going staff training & reporting procedures)
6. Do you have an employee/staff training program for information privacy and security? (And has everyone in your business completed this training?)
7. Do you have formal employee hiring and firing policies and procedures to safeguard your business against insider security threats?
8. Have all your employees signed an Information Security and Privacy Agreement protecting you from insider theft and abuse?
9. Do you have a detailed security breach response plan? (Including reporting to proper authorities and required communications to affected customers)
10. Do you securely dispose of customer and employee information? (Including secure computer data disposal, document shredding, etc.)
11. Do you restrict physical and electronic access to customer and employee information? (Including passwords, user authentication, locked filing systems, keyed entry, etc.)

Technical Safeguards
12. Have you installed a hardware firewall to protect your Internet connection, and properly configured it by closing unnecessary and high risk data ports?
13. If you have a computer network (of any size), do you have security software installed on your server(s)? (And updated daily)
14. Is security software installed an updated on every computer that connects to your business or your computer network? (Anti-malware, desktop firewall, etc.)
15. Have you changed the manufacturer's default passwords on all your computers, servers, routers, wi-fi connection, etc.?
16. Do you change passwords regularly for all employee and system logins?
17. Do you have a computer security professional perform a manual security checkup on every computer and/or server regularly - at least quarterly or semi-annually? (To ensure there are no hidden viruses, keyloggers, rootkits, etc. that may be stealing info.)
18. Do you regularly check for an install all high priority system patches on each computer and server? (To close security holes found and used by hackers to break in and steal information)
19. Do you encrypt electronic copies of customer and employee information?
20. Do you conduct vulnerability assessments for your business on a quarterly or semi-annual basis? (Including all Internet connections, network penetration testing, website scans, and computer vulnerability testing)