Digital Assurance Questionnaire

This includes securing any routers or devices which are connected or using the network. Appropriate software and internet firewalls have been set up to stop unwanted connections and to ensure device security.

Employees should be informed of their security obligations and responsibilities immediately after employment.

This includes up-to-date antivirus software on all devices and active applications that limit access across your network to certain users.

An up-to-date asset information and asset register is in use. All devices that have access to information are encrypted and password protected.

An annual risk assessment should identify which actions will be taken for each risk and an action plan should be in place to implement any actions identified in the risk assessment.

Compliance with the UK GDPR is required. If you process personal data of subjects outside the UK it must meet the other countries' regulations and legislation. Policies and procedures should be in place and in use to mitigate risks to personal data.

Employees should be informed of their security obligations and responsibilities immediately after employment.

Security policies should be distributed to all employees and form part of their contractual obligations. Your suppliers should meet a set of security requirements you have defined around handling personal data.

Monitoring should help identify suspicious activity on your systems. It is required to track and monitor business systems and processes according to your information safety policies to ensure compliance.

These procedures should ensure that any incidents (loss of data, phishing attacks etc.) are dealt with successfully or to the best of your ability.