Professional Documents
Culture Documents
How Ready Are You For Iso 27001? Self-Assessment Questionnaire
How Ready Are You For Iso 27001? Self-Assessment Questionnaire
SELF-ASSESSMENT QUESTIONNAIRE
The following questions are designed to gather information Information provided will not be disclosed and will be
about your current information security processes, dependence destroyed immediately after use.
on Information and management of information. From this we
Please mark your answers ✓ for Yes and leave blank for No.
can offer advice and ascertain if ISO 27001 is suitable and the
best way to proceed. Please tick positive responses or give To order a copy of the ISO 27001 Standard please visit
requested information. www.bsi-training.com
Contact: County:
Company: Postcode:
Address: Tel:
Town: Email:
3. Do you store customer information on multiple 2. Does your building have a security guard?
computer databases? 3. Does your building have an alarm system?
4. Do you control staff access to such databases? 4. Have you undertaken a risk assessment covering the
5. Do you know exactly which staff members access building and contents?
the databases? 5. Have you encountered building security issues previously?
6. Do you know the physical locations where e.g. Thefts
this information is stored?
SECTION 5 – STAFF SECURITY ISSUES
7. Have you assigned an owner to this information? 1. Do you take up all staff references?
SECTION 3 – NON ELECTRONIC INFORMATION 2. Do you undertake background checks on your staff?
STORAGE AND SYSTEMS
3. Do staff have unrestricted access within the building?
1. Do you store important information in paper or
other non electronic formats?
5. Do staff sign ‘Non disclosure’ agreements? 4. Have you identified specific threats to
your information?
SECTION 6 – INFORMATION IDENTIFICATION
5. Have you taken positive action to mitigate
1. Have you identified all important information
these threats?
within your organization?
2. Have you identified the exact location of all SECTION 10 – ORGANIZATION INFORMATION
important information? 1. Number of business sites:
4. Have you a process for judging how important/ 3. Number of staff at locations:
valuable information is?
4. Why are you looking at Information Security (issues,
5. Have you assigned an owner to this information? requirements)?
3. Do all staff know and understand these policies? 6. External interfaces with network
(suppliers, VPN, feeds):
4. Are these policies reviewed and updated?
7 What access do external users have to your information?
5. Are staff trained in Information Security?
Date of information:
BSI Management Systems
PO Box 9000 Thank you for providing this information. Information Security is a
Milton Keynes
complex issue requiring careful consideration and planning. BSI will
MK14 6WT
United Kingdom review the details and provide feedback.