Department for Business, Enterprise & Regulatory Reform  
BERR information security healthcheck. E-security health check online tool
 
 
 
 
This Health Check will give you an insight into what is needed to achieve Information Security best practice.

This Health Check will provide you with an indication of your organisation's Information Security status based on your answers to a series of questions. The Health Check is broadly based on BS 7799, the UK standard for information security which itself provides real, practical guidance toward achieving the aims of information security. Please note, however, that the Health Check is not a full risk assessment and does not fully replicate the provisions of BS 7799 and so cannot be used to claim adherence to the standard. To find out more about this standard or to purchase a copy please visit: www.bsi-global.com

The Health Check comes in two distinct forms. Below is a high-level questionnaire that is designed to offer a brief introduction to the topic. You can (if you wish) opt to use a more detailed questionnaire, designed to explore more fully your current Information Security practices.

Completion of the health check is anonymous and no information is stored about you or your responses to questions. All answers and results are cleared as soon as you exit from the health check tool so you can be assured of complete confidentiality.

 
Please answer the following Info
 
  Does your organisation have an information security policy?
Yes
Partially
No
Information Security Policy - opens a new window
 
  Are staff allocated with specific security responsibilities, e.g. locking the building, allocating passwords?
Yes
Partially
No
Information Security Infrastructure - opens a new window
 
  Do you know what your organisation's main assets are, do you have a list of them, and does this list include information?
Yes
Partially
No
Accountability - opens a new window
 
  Are specific personnel measures, such as training users or including security in their job descriptions, taken with respect to security?
Yes
Partially
No
Security in job definition and resourcing - opens a new window
 
  Does your organisation take steps to prevent unauthorised access to your premises?
Yes
Partially
No
Secure Areas - opens a new window
 
  Have you implemented operational controls and procedures to safeguard your information, e.g. use of back-ups, anti virus software, firewalls?
Yes
Partially
No
Operational procedures and responsibilities - opens a new window
 
  Do you control access to information through the effective use of user ids and passwords, e.g. making sure users don't share passwords, write their passwords on post-it notes?
Yes
Partially
No
Business requirements for Access Control - opens a new window
 
  Have steps been taken to ensure that security requirements are defined and incorporated during system development or met by packaged software solutions?
Yes
Partially
No
Security Requirements of Systems - opens a new window
 
  Do you have any business continuity plans?
Yes
Partially
No
Aspects of Business Continuity Management - opens a new window
 
  Do you ensure that you meet all your legal requirements/obligations, e.g licensing, copyright, data protection?
Yes
Partially
No
Compliance with legal requirements - opens a new window
 
   
 
 

close