The purpose of this scorecard is to determine the overall health of your organization’s technology infrastructure. Read through each section and score each question using the following scale. This Statement is Completely True = 2 points This Statement is True but Requires Improvement = 1 point This Statement is Not True = 0 points Company InformationName* First Last Company* Email* InfrastructureMy organization maintains an inventory of all IT devices and have have implemented a sustainable hardware refresh cycle to ensure all devices remain vendor supported.*TrueNeeds ImprovementNot TrueMy IT team works proactively to monitor our server infrastructure for failures and performance issues so that 'business affecting' incidents can be prevented.*TrueNeeds ImprovementNot TrueMy organization has a properly segmented corporate network and our IT team proactively monitors the network for quality of service issues.*TrueNeeds ImprovementNot TrueMy IT team has a patching policy to ensure regular security patches and updates are installed across my technology infrastructure.*TrueNeeds ImprovementNot TrueMy organization receives regular response and resolution time reports from our IT team and the results are meeting my organization's expectations.*TrueNeeds ImprovementNot TrueCybersecurityI am confident that my organization has the proper cybersecurity solutions deployed to protect employees and corporate data from attacks such as phishing and ransomware.*TrueNeeds ImprovementNot TrueMy organisation engages with all employees delivering awareness and security training to identify ransomware, phishing and social engineering attacks coming from email, instant messaging and web sites.*TrueNeeds ImprovementNot TrueThe level of cybersecurity insurance carried by my organisation is adequate to protect the organization, clients & stakeholders from financial loss.*TrueNeeds ImprovementNot TrueAll organization IT systems and devices that contain Personally Identifiable Information (PII) or sensitive company information (IP) are encrypted to protect against loss or theft.*TrueNeeds ImprovementNot TrueMy organization uses Single Sign On and Multi-Factor Authentication across all devices and critical line of business applications.*TrueNeeds ImprovementNot TrueBusiness StrategyMy organization views technology as an investment, not a cost, and we implement best practices when recommended by our IT team.*TrueNeeds ImprovementNot TrueOur IT team perform a regular Technology Business Review alignment processes to identify areas of our technology infrastructure that do not meet best practices or align with our goals.*TrueNeeds ImprovementNot TrueWe meet regularly with our IT team to asses risk, discuss strategy and perform IT budget planning for our organization.*TrueNeeds ImprovementNot TrueWe have a clear process for making IT related decisions in our organization, a project plan is agreed upon before implementation and communication within our organization is clear and consistent.*TrueNeeds ImprovementNot TrueMy IT team regularly communicate how advances in technology, which increase security, employee productivity and give our organization an edge over competitors, to the management team.*TrueNeeds ImprovementNot TrueDisaster PlanningWe regularly review our Back Up and Disaster Recovery strategy with our IT team and we adhere to a documented process for backup frequency, retention and storage locations.*TrueNeeds ImprovementNot TrueOur IT team performs regular recovery testing and we have clear availability objectives for restoring critical systems and data.*TrueNeeds ImprovementNot TrueWe understand how our technology infrastructure supports our key business processes and we have calculated our costs of technology infrastructure downtime.*TrueNeeds ImprovementNot TrueWe have a well-defined disaster response team with clearly defined roles, responsibilities and communication protocols.*TrueNeeds ImprovementNot TrueWe are confident that our organization has the proper systems, plans and personnel in place to meet our organization’s expectations for disaster and data recovery.*TrueNeeds ImprovementNot TrueSoftware & ComplianceOur organization’s software licensing is current and we are confident that we would pass an audit.*TrueNeeds ImprovementNot TrueOur server, workstation & mobile device operating systems are not "End of Life" and are actively supported by the software manufacturer.*TrueNeeds ImprovementNot TrueOur critical line of business applications maintain active support contracts and my IT team work directly with the relevant vendors to support those applications.*TrueNeeds ImprovementNot TrueOur organization has an approved application list and my IT team monitors for, evaluates and removes unauthorised applications.*TrueNeeds ImprovementNot TrueWe know that our organization is meeting relevant regulatory compliance standards such as GDPR, PCI DSS, or FCA rules.*TrueNeeds ImprovementNot TrueCommentsThis field is for validation purposes and should be left unchanged.