- Do you have a Bring Your Own Device Policy (BYOD) which is implemented?
- Do you conduct internal audits regularly as prescribed by industry best practices and guidance?
- Is there a formal change management process in place?
- Do you have appointed person(s) responsible for Information Security, with defined roles and responsibilities?
- Are you covered by any cybersecurity insurance?