• What corporate data privacy and security policies and procedures are in place? • Do we have a social media policy? • Do we use social media as a business tool? • What does our website privacy policy say and is it consistent with actual business practice? • When were the privacy policies and procedures, including the website policy and social media policy, last updated? • Do we have a technology use policy? What does it say and when was it last updated? • What business operations are tied directly to computer networks? • What business records are accessible via the network? • How, in layperson language with no technospeak, is our data secure? • Who in the business is responsible for the security and integrity of our system and data? • Who would want to target us? • Is a data breach likely to come from within or outside the business? • Are we confident that our security is current and up to date? • Do we have a person responsible for data privacy and security? Do we need one? • What outside professionals do we use for data privacy and security consultation? • How do we authorize and control access to our data? • Is the level of access appropriate for the job title and responsibility? • How is access terminated? • How do we learn of a breach or unauthorized access to our network? • How do we prevent unauthorized users from accessing our system and data?
159
Made with FlippingBook - Online Brochure Maker