Does your organization have written security policies and procedures?
Yes	No	Not Sure
Does your organization utilize a firewall product, which includes automatic updates against security vulnerabilities?
Yes	We utilized our ISP's firewall	Not Sure
Does your organization have a virus detection/protection program on your email server?
Yes	Individual desktops are scanned when viruses are suspected	ISP has virus protection
Does your organization utilize a spam filtering software on your email server?
Yes	No, we delete them as they come in	ISP has spam filtering
If your organization has a firewall, does someone at your company review the security logs on your server?
At least Daily	Weekly/Monthly	Whenever they get a chance
Does your organization have a policy on passwords?
Employees choose their own	Corporate Policy	Do not use passwords
Does your organization restrict access to certain web sites, such as Hotmail, Yahoo, online casino's, etc. ?
Yes	No	Not sure
Does your organization perform regular backups that are verified?
Yes - Daily	Yes - Weekly/Monthly	No
Does your organization have a written disaster recovery plan in the event of any of the following items, network security breach, damage to physical buildings such as fire, etc?
Yes	No	Not Sure
Does your organization have a privacy statement published on your web site that reflects your privacy policy and procedures?
Yes	Privacy statement but not a written policy	No