| id: | q | question | opt1 | opt2 | opt3 | answer |
| 1: | q1 | Does your organization have written security policies and procedures? | Yes | No | Not Sure | Yes |
| 2: | q2 | Does your organization utilize a firewall product, which includes automatic updates against security vulnerabilities? | Yes | We utilized our ISP's firewall | Not Sure | Yes |
| 3: | q3 | Does your organization have a virus detection/protection program on your email server? | Yes | Individual desktops are scanned when viruses are suspected | ISP has virus protection | Yes |
| 4: | q4 | Does your organization utilize a spam filtering software on your email server? | Yes | No, we delete them as they come in | ISP has spam filtering | Yes |
| 5: | q5 | If your organization has a firewall, does someone at your company review the security logs on your server? | At least Daily | Weekly/Monthly | Whenever they get a chance | At least Daily |
| 6: | q6 | Does your organization have a policy on passwords? | Employees choose their own | Corporate Policy | Do not use passwords | Corporate Policy |
| 7: | q7 | Does your organization restrict access to certain web sites, such as Hotmail, Yahoo, online casino's, etc. ? | Yes | No | Not sure | Yes |
| 9: | q9 | Does your organization perform regular backups that are verified? | Yes - Daily | Yes - Weekly/Monthly | No | Yes - Daily |
| 10: | q10 | Does your organization have a written disaster recovery plan in the event of any of the following items, network security breach, damage to physical buildings such as fire, etc? | Yes | No | Not Sure | Yes |
| 11: | q11 | Does your organization have a privacy statement published on your web site that reflects your privacy policy and procedures? | Yes | Privacy statement but not a written policy | No | Yes |